The New York Times reported today that Karl Rove was personally deleting his emails from the RNC server until 2005, when the RNC changed the system to stop him from doing that. Frankly, I have to wonder why - it's simply not credible that they did it to obey the Presidential Records Act. They've made it abundantly clear that they regard themselves as above the law.
Anyway, I'm not an expert in the field of email. But I have studied the subject a bit over the years. And here's my explanation of the email situation, as I recently tried to explain to stairflight. Incidentally, it seems that Senator Leahy agrees with me on the technical aspects of this issue.
It is incredibly difficult to totally destroy all copies of an email once it has been sent. Too many copies are made in the process of delivery:
Totally erasing any ONE of those copies is a tricky proposition at best.
When you press "delete", you're just deleting the copy on whatever machine you're on. What's more, you're not actually deleting ANYTHING - you're just telling the system to mark the email header as deleted. All of the data is still there and can be recovered quite easily, up to this point.
To really destroy the data, you could use a special overwrite program to write random ones and zeros over the deleted file over and over and over. This has to be done multiple times, because otherwise there's a good chance that a forensic team can still recover the data via the residual magnetic charge on the drive.
Even that isn't totally reliable. The only sure way to destroy the data is to smash the hard drive into little pieces, or better still, melt it into slag.
Once you've done that, though, you have the problem of all the other machines that your email went through!
Email is simply not a secure medium.
Anyway, I'm not an expert in the field of email. But I have studied the subject a bit over the years. And here's my explanation of the email situation, as I recently tried to explain to stairflight. Incidentally, it seems that Senator Leahy agrees with me on the technical aspects of this issue.
It is incredibly difficult to totally destroy all copies of an email once it has been sent. Too many copies are made in the process of delivery:
- A copy on the creating device's hard drive.
- Possible backup copies of the originating device's hard drive.
- A copy on the originating email server.
- Backup copies of the originating server.
- Copies on the servers that the email passes through on the way to the recipient (which are almost certainly NOT under the control of the sender or recipient). This almost certainly represents multiple copies, possibly dozens or more.
- Backups of the data on any of those intermediate servers.
- A copy on the receiving server.
- Backup copies of the data on the receiving server.
- A copy on the hard drive of the receiving device.
- Backups (if any) of the hard drive of the receiving device.
Totally erasing any ONE of those copies is a tricky proposition at best.
When you press "delete", you're just deleting the copy on whatever machine you're on. What's more, you're not actually deleting ANYTHING - you're just telling the system to mark the email header as deleted. All of the data is still there and can be recovered quite easily, up to this point.
To really destroy the data, you could use a special overwrite program to write random ones and zeros over the deleted file over and over and over. This has to be done multiple times, because otherwise there's a good chance that a forensic team can still recover the data via the residual magnetic charge on the drive.
Even that isn't totally reliable. The only sure way to destroy the data is to smash the hard drive into little pieces, or better still, melt it into slag.
Once you've done that, though, you have the problem of all the other machines that your email went through!
Email is simply not a secure medium.