Wikipedia:Reference desk/Archives/Computing/2015 August 19
Computing desk | ||
---|---|---|
< August 18 | << Jul | August | Sep >> | August 20 > |
Welcome to the Wikipedia Computing Reference Desk Archives |
---|
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
August 19
[edit]Can you really delete emails permanently?
[edit]This question is prompted by all this business with Hillary Clinton and her email controversy. But, I can't seem to get a straight answer. It is or it is not possible for a person to completely delete and destroy all contents of one's old emails? Can someone please explain, without too much computer and technical jargon? Thanks. Joseph A. Spadaro (talk) 03:49, 19 August 2015 (UTC)
- The most common answer that I got was a paraphrase of this statement: "Yes, it is theoretically possible; but, as a practical matter, it is extremely hard (virtually impossible) to achieve this." Joseph A. Spadaro (talk) 03:53, 19 August 2015 (UTC)
- It really depends what kind of email you are talking about. Where i work for example, we have a service, precisely for 'compliance purposes' which performs Electronic message journaling. This journal (essentially a copy of every email sent and received by everyone) is written to Content-addressable storage which once written, can't be deleted, not even by administrators. It would take the coordinated effort of several departments to physically obtaining the actual disks where the data is stored physically destroy them to delete such email. Not impossible and certainly not inconceivable if the whole company "depended on it", but not plausible if one or a few people's heads were on the line. Vespine (talk) 04:41, 19 August 2015 (UTC)
- You state: "It really depends what kind of email you are talking about." There are several different types of email? I am talking about "regular" email; the stuff we use gmail.com and yahoo.com, etc., for. Joseph A. Spadaro (talk) 04:57, 19 August 2015 (UTC)
- Gmail and Yahoo mail are web-based email providers - which means that emails are stored on their servers, rather than on your local computer. Whether 'deleting' an email on them actually results in it being deleted permanently, rather than merely being removed from a list of 'live' emails I don't know - they presumably remove deleted emails from their servers eventually, but they may still be retained on a backup somewhere. AndyTheGrump (talk) 05:07, 19 August 2015 (UTC)
- (ec) Well, if you use a service to handle your email (be it an employer or gmail) - then that service will have to hold your email until you're ready to read it. Since their system disk drives are probably backed-up periodically, your emails may well end up being stored forever on media that is inaccessible to you. However, if you were to run your own mail server (a tough thing to manage without having your own fixed IP address) - then you should be able to delete mail and have it be gone forever. Of course the person who sent (or received) your message could still be stuck on their server someplace...so there really aren't any assurances here. SteveBaker (talk) 05:10, 19 August 2015 (UTC)
- I think the final answer here has to be that once you send information over the web, you can never be entirely sure that it hasn't been copied somewhere (e.g. by NSA, GCHQ and/or your local 'intelligence' equivalent, as well as by the various service providers etc), and that even if you apparently confine it to a local network, unless this is physically isolated (e.g. no connection to the internet, no USB ports for thumb drives etc, and extreme physical security so someone can't swap out a hard disk or add an illicit connection) you can never be entirely secure. It probably depends on how much security you are after though - arguably, if you want real security, you shouldn't be using email at all. There are differing opinions as to how easy it is to permanently remove data from a hard disk, but the consensus seems to be that physically destroying it (e.g. smash with a sledgehammer, then incinerate) is the only way to be 100% sure. Hilary Clinton clearly didn't do that - she has now handed over a server, together with thumb drives. Which isn't to say that the data couldn't have been copied elsewhere, since the server was presumably connected to the internet... AndyTheGrump (talk) 05:41, 19 August 2015 (UTC)
- Physical destruction if carried out properly is likely a resonable way to ensure data on the hard disk can't be recovered but as we've discussed several times on the RD, there is zero evidence that it's really necessary except for ultra paranoid levels (like thats demanded by intelligence agencies).
Opinions are one thing, evidence matters more. While we can't be sure what intelligence agencies are capable of, there's no evidence so far that anyone has publicly demonstrated the capability of recovering data from a singly overwritten hard disk. Even from a theoretical stand point, most people who argue it's possibly appear to be relying on a nearly 20 year old paper (written from a theoretical standpoint) which they've often misunderstood, which even the author of has said probably is irrelevant to modern hard disks.
(Now properly overwriting the disk can be easy to screw up. In particular, reallocated sectors are tricky. But even if you're unlucky enough to have reallocated sectors, they won't have much data, I'm not sure whether even complicated criminal investigations bother to try and recover from them. Probably your best bet is to use Secure Erase, and make sure it finishes.)
However this isn't particularly relevant to Clinton because she didn't AFAIK even try to erase the hard disk, instead simply set the server to "delete" emails after 60 days. Even if she had also erased all empty and slack space, which I'm pretty sure she didn't, it's still possible that there is data in in some allocated part of the disk, e.g. the page or swap file, automatic backups. And that presumes the mail server actually deleted the emails, I know some e-mail clients only dereference emails when deleted, and don't actually remove them from the database/file until after they reach a certain percentage. I presume some email servers do likewise.
Note however, recovering a small number of emails may not be particularly interesting. It's not like she denies it was an email server. Unless you believe a large percentage of the emails she didn't hand over, should have been handed over, just finding a few would probably just be boring.
- Physical destruction if carried out properly is likely a resonable way to ensure data on the hard disk can't be recovered but as we've discussed several times on the RD, there is zero evidence that it's really necessary except for ultra paranoid levels (like thats demanded by intelligence agencies).
- I think the final answer here has to be that once you send information over the web, you can never be entirely sure that it hasn't been copied somewhere (e.g. by NSA, GCHQ and/or your local 'intelligence' equivalent, as well as by the various service providers etc), and that even if you apparently confine it to a local network, unless this is physically isolated (e.g. no connection to the internet, no USB ports for thumb drives etc, and extreme physical security so someone can't swap out a hard disk or add an illicit connection) you can never be entirely secure. It probably depends on how much security you are after though - arguably, if you want real security, you shouldn't be using email at all. There are differing opinions as to how easy it is to permanently remove data from a hard disk, but the consensus seems to be that physically destroying it (e.g. smash with a sledgehammer, then incinerate) is the only way to be 100% sure. Hilary Clinton clearly didn't do that - she has now handed over a server, together with thumb drives. Which isn't to say that the data couldn't have been copied elsewhere, since the server was presumably connected to the internet... AndyTheGrump (talk) 05:41, 19 August 2015 (UTC)
- As I understand it, government information that is actually confidential is not sent via email on the internet. State Department and other branches of the United States Government have strict technology policies, and they use mechanisms that are altogether unfamiliar to ordinary internet-denizens with consumer-grade personal computing devices. At least a few of our regular contributors have worked with, or near, SCIFs... some have even used the Boeing cell phone... worked on military IP networks other-than-The-Internet... I've even had the opportunity to see a Secure Telex inside a United States Embassy! For example, since 2010, State Department has been using ProjNet-C, a private internet managed for the Bureau of Overseas Buildings, and overseen by the United States Army Corps of Engineers.
- All of those technologies specifically exist to provide control and accountability for sensitive information - and not just for spooky spy secrets! If you're an overseas American citizen and you go to the Embassy to get help transferring a medical prescription into your host country, or if you want to pay your American taxes, the embassy (i.e. the State Department) can help get your information back to America - securely - which means they won't be emailing it in the clear! State Department does not want to rely on a consumer-grade EULA to protect information of national interest. Those policies apply, irrespective of the confidential or "Secret" classification of any material. These secure communications are designed to work, even if you're at a United States Embassy or Consulate in an untrustworthy country. Heck, these are the reasons that the Government invented the secure, redundant technologies we call Internet today.
- Now, the controversy is whether a political appointee flagrantly disregarded rules that apply to all the ordinary civil servants... but if that is true, it's still not clear to me whether these actions leaked any actual "classified" or "confidential" information; and it's surely not clear to me that any law was violated. Nimur (talk) 14:05, 19 August 2015 (UTC)
- So, even if it were indeed possible to "erase" an email (permanently), that very same email would still reside on the "server" (or whatever it's called) at the other end, correct? In other words, let's say that Hillary Clinton sent an email to me. It would get deleted on her end. But, on my end, it would still be there, sitting in my computer, for all to see. Correct? Joseph A. Spadaro (talk) 18:09, 20 August 2015 (UTC)
- Correct; and for that reason (among many others), it is very unlikely that the Secretary of State would ever under any circumstances use email as the communication medium for material that is considered "Secret" by the United States Government. Such information is never supposed to exist or be transferred onto technology platforms that use email. Secretary of State and similar political appointees may (rather, almost certainly) have the appropriate clearance to view and see Secret information; but they (very probably) rarely work with Secret information, and probably actually works with "unclassified information" and public information (or, "sensitive but unclassified information") during most day-to-day work. So - whatever our Secretary of State is getting and sending in the format of email is probably not classified information, even if its contents contain sensitive diplomatic or administrative information. Nimur (talk) 18:29, 20 August 2015 (UTC)
- So, even if it were indeed possible to "erase" an email (permanently), that very same email would still reside on the "server" (or whatever it's called) at the other end, correct? In other words, let's say that Hillary Clinton sent an email to me. It would get deleted on her end. But, on my end, it would still be there, sitting in my computer, for all to see. Correct? Joseph A. Spadaro (talk) 18:09, 20 August 2015 (UTC)
- The more I think about it, the more I get confused. So, if I am correct, she said that she exclusively used her private email (and never her government email) for the entire tenure as Secretary of State, is that correct? If that is correct: in her entire tenure, she never once had an email that was secret, classified, sensitive, required higher-level security, whatever? Not a one? In her entire tenure as Secretary of State? How can that possibly be? Isn't that exactly the type of stuff that a S-of-S would be dealing with on a regular basis (or, at least, one single time in four years)? Not to mention: isn't there the whole other problem of a government agent being required to "save" their official paperwork, records, governmental work, etc. (e.g., for official government archives, FOIA requests, etc.)? Joseph A. Spadaro (talk) 20:59, 20 August 2015 (UTC)
- "she never once had an email that was secret, classified, sensitive, required higher-level security, whatever?" She shouldn't have done if security was being taken seriously, for all the reasons already mentioned - there is no point in 'classifying' things if you then use an unsecured means of passing them around. Anyway, speculating about what Hilary Clinton did or didn't do is outside the remit of this noticeboard. We have answered the original question as best we can - emails are insecure, and actually ensuring that there isn't a copy knocking around somewhere after they have been 'deleted' is likely to be difficult. Discussions of the particulars of the Clinton case should be left to our article, and to external sources - read with a sceptical eye, as there is clearly a lot of spin being put on the issue by different factions. AndyTheGrump (talk) 21:27, 20 August 2015 (UTC)
- @AndyTheGrump: I appreciate your helpful replies. Thanks. But, why do you say (essentially) that questions about Hillary Clinton are not allowed on this Reference Desk? Thanks. Joseph A. Spadaro (talk) 02:46, 21 August 2015 (UTC)
- The scope of this web page, the Wikipedia Computing reference desk, is to help provide reliable encyclopedic reference material related to the topic of computing. Questions for encyclopedic information on other topics may belong elsewhere on Wikipedia. General discussion of current events belongs on a general-purpose internet discussion forum, but not on Wikipedia. Nimur (talk) 14:17, 21 August 2015 (UTC)
- That is (quite obviously) not true. A question posted on a help desk does not have a limited scope. Obviously, through a discussion/conversation, the "topic" per se will be fluid and dynamic. That is the very definition of a discussion/conversation. A discussion is not a static situation (i.e., question asked; question answered; end of discussion). That is an over-simplification of the process. A question that originally mentioned Hillary Clinton could easily migrate to other questions about Hillary Clinton. And, in this case, the feasibility of deleting emails. Joseph A. Spadaro (talk) 19:05, 21 August 2015 (UTC)
- If the email was encoded using a method that can't be broken, and only the sender and receiver have the key, then, once the key is destroyed at both ends, access to the information in the email is also lost, regardless of who has copies of the encoded version. Of course, then you have the issue of the key having been being copied, so doing the encoding/decoding on separate PCs without internet access, then hand carrying a disk containing the email between them, would be safest. I suggest the old floppies, which had a physical read-only lock, to prevent viruses from getting onto the secure machines and then copying the key. StuRat (talk) 14:33, 21 August 2015 (UTC)
Thanks, all. Joseph A. Spadaro (talk) 02:37, 23 August 2015 (UTC)