The trail we leave on the Internet is a constant security concern for most of us, and for good reason; we are surrounded by data breaches and password hacks. We’re told to create long, complex passwords and use two-step authentication to prevent from having our accounts compromised. We delete our emails and texts to prevent sensitive information from getting out. None of this is of any use, though, if the company uses shady tactics when it comes to keeping our private information safe.
Russell Knaggs, an inmate at Lowdham Grange prison in the UK, was caught organizing a plan to import Cocaine into the UK. He was caught and charged and is going to serve another 20 years in prison. The plan involved two of his contacts writing messages to each other in a single Yahoo! Account. They would type up a message, save it as a draft, and leave it for the person on the other end to read it, delete it, and type up a new message for the first party. In theory this might seem like a good way to avoid sending emails that law enforcement would be able to read. In the end, it didn’t work out.
After correctional officers found his plan detailed on a piece of paper in his cell, the case was opened against him and that’s when everything started going down-hill. Knaggs’s lawyers claim that Yahoo! handed over 6 months of deleted communications. This is of some concern as the company’s Law Enforcement Guide states very clearly that they are not at all capable of recovering deleted emails.
“If a user deletes a communication from his or her account, the communication becomes inaccessible to the proprietary tools Yahoo uses to gather communications data in response to preservation requests and search warrants.” – Michele Lai, a custodian of records and the operations manager of the US Law Enforcement Response Team for Yahoo
Yahoo then countered that the emails they handed over were recoverable due to their auto-save feature that keeps saved emails even after the user deletes them from their inbox.
Last year, Discovery Orders were filed in the US in an attempt to get more information on how Yahoo was able to recover the deleted emails that were used in the case. A custodian of records and operations manager of the US Law Enforcement Response Team for Yahoo responded, stating that Yahoo received two law enforcement requests involving the Knaggs case. A preservation request in 2009 and a search warrant in 2010. Four snapshots were taken regarding the preservation request.
According to Joesph Cox in the Motherboard article:
A snapshot is a copy of an email account’s contents at the time. It is not retroactive, so a snapshot can’t reveal properly deleted emails, and it’s not proactive either, so it can’t obtain any new emails that are written after the request.
Because of evidence pointing to the fact that Knaggs’s assosciated did properly delete their emails, Knaggs’s defense is arguing that Yahoo had some type of bulk data collection or continuous monitoring of the account that allowed law enforcement to obtain them. Yahoo, of course is denying this with their claim that the email drafts are saved even after the final copy has been made and the email has been deleted. Not only that, but every updated revision of the draft is saved as well.
Knaggs’s legal team is expected to formally reply to Yahoo’s latest filing shortly, and in the meantime, the case has been transferred from UK’s Serious Organised Crime Agency to the National Crime Agency where the claims against the way the case was conducted are being publicly and vehemently denied.
Even if Yahoo is telling the truth and every recovered email was simply saved via their auto-save feature, not from active monitoring or bulk data collection, the idea that one’s email drafts stay on Yahoo’s server for until Yahoo wants to remove them is fairly concerning. The scariest part is that Yahoo’s auto-save is not an unknown or hidden feature, but it’s one that nearly every Yahoo user takes advantage of and doesn’t even think twice that it could come back around to bite them.