WE CAN only imagine the look on Bill Gates's face when he learned that four-year-old personal files were to be used as evidence against him in the US government's antitrust case against Microsoft. But it could have been anyone. Who hasn't kept files, labelled them private, kept them in a fairly secure place and considered the matter closed? But it gets worse. Even if you delete data, whether it's a lengthy document or just a few remarks in an e-mail, those forgotten words could come back to haunt you. Amid warnings that deleted data poses a threat, New Scientist has learned of one case where a British worker has been sacked on the basis of personal e-mails deleted from her mailbox several weeks earlier.
Now an American judge is proposing a change in the law to ensure that data you delete disappears for good, at least as far as any court is concerned. According to James Rosenbaum, a district judge in Minnesota, when you press the Delete key, you intend to obliterate the information concerned. So even if it has not physically vanished, then it should at least have ceased to exist in the eyes of the law.
The problem arises because hitting Delete doesn't actually destroy data at all. "It's like removing the page number and the reference in the table of contents," says David Pappas, a data recovery expert with the US National Institute of Standards and Technology in Boulder, Colorado. The information is still stored on the disc. All that's gone is the map telling the computer where it is.
A computer records things indefinitely. "It never forgets, and never forgives," says Rosenbaum. A mixture of techniques, ranging from simply knowing where to look to high-tech retrieval methods such as scanning tunnelling microscopy, make it possible to dig up a whole host of information from a hard drive or a floppy disc.
Rosenbaum is troubled by the fact that this allows words never intended to be seen by others to be exhumed for all to see. He says it is unethical to take words that were never intended to be published, and use them as evidence against their author. It's like punishing people merely for thinking things they shouldn't, he says.
So Rosenbaum is seeking a way to protect people from the perils of modern technology. In a recent issue of the progressive law journal Green Bag, he proposes that the courts should no longer be permitted to attach legal value to "cyber trash". At the very least, Congress should pass a law limiting the legal lifespan of deleted data.
According to Caspar Bowden, director of the London-based think-tank the Foundation for Information Policy Research, bullying employers could use personal information obtained in this manner to gain a stranglehold over their employees.
Many companies have strict codes governing what their staff can and cannot write, Rosenbaum says. He fears that those who want to rid themselves of an unwantedemployee could dig up information they drafted, but never intended to be seen, and use it as grounds for dismissal. That rude description of your boss that you found so amusing before you consigned it to the trash could be dragged back from oblivion and used against you.
Earlier this year a woman was sacked by a British aviation company because e-mails she had sent and subsequently deleted from her Sent Items box had been recovered by her employers, says Brian Palmer a solicitor at the firm Charles Russell in London. Working as a personal assistant, she had been e-mailing her former boss who had left the company to set up his own rival business. She was under the impression that she had removed all traces of the e-mails, says Palmer.
In Britain, the Regulation of Investigatory Powers Act, passed this year, could make it easier to obtain this sort of data, says Bowden. But he also says that British judges already take a lenient view when evidence of this kind has been obtained in ways that are legally questionable. "By and large judges haven't seemed to mind evidence being admissible even though it may have been obtained illegally," he says.
Rosenbaum argues in his essay, entitled "In defense of the Delete key", that it is unreasonable and illogical to penalise people for words they don't intend to publish. He says people are led astray by the computer. "It lies when it says 'Delete'." As the law now stands on both side of the Atlantic, it is possible to libel someone even though you never showed the defamatory comments to anyone. "If you leave it in a place where someone can find it then that's libel," says Rosenbaum. And this includes leaving it as deleted matter on a disc drive.
Road to recovery
There are technical fixes that can help. It is possible, for example, to install a program on your computer that overwrites data when you hit the Delete key, making it much harder to recover. But these programs slow computers down, and even they don't obliterate the original message, says Peter Gutmann, a computer scientist at the University of Auckland in New Zealand who specialises in examining the different ways to recover deleted information.
It is even possible to dig up information that has been buried beneath installations of entirely new operating systems and overwritten a number of times. Gutmann says he knows of information that has been retrieved from a Windows 95 operating system that had subsequently been overwritten with a Solaris operating system and then by a Linux operating system. Part of the problem is that your computer may have stored your message several times over, in unsuspected ways. "The information you want to get rid of resides not only in the obvious file, or files it's associated with, but in temporary files, swap files, the registry, and who knows where else."
Not everything is on the side of the data-scavengers, however. Recovering deleted data can be extremely laborious. A typical modern hard drive can hold some 10 gigabytes of data. That's roughly 80 billion bits of information. "Our technique can read an area of only 50 bits at a time, taking about five minutes," says Pappas. So recovering a deleted message could take an age. "You work it out," he says.
But it is still there if you're prepared to look hard enough, so Rosenbaum suggests introducing a "statute of limitation" on deleted data. Arbitrarily he offers six months as the cut-off time, after which deleted data could not be used as evidence.
But Donald Ramsbottom, an English lawyer who specialises in the Internet, says that even this modest step would be hard to implement. He suggests that people might tinker with their machines to hide the true age of the residual data. "All computers can be tampered with, whether it's a crude changing of a clock, or something more sophisticated like replacing time stamps and watermarks," he explains.
Ramsbottom is also concerned that laws like Rosenbaum's might give too much protection to criminals. It would be somewhat bizarre if a "Mr Big" was able to escape punishment simply because data dredged up from his computer had been deleted more than six months before, he explains. Even in cases like the bomb that brought down a Pan Am 747 over Lockerbie, new evidence is surfacing all the time, Ramsbottom says.
But Rosenbaum dismisses such objections. Apart from major offences like murder, most crimes have a statute of limitations, he points out. While admitting that his proposals aren't ideal, he says he is glad his essay has sparked a debate. He remains convinced that these are issues that have to be tackled by the lawmakers.
Author: Duncan Graham-Rowe
New Scientist issue: 28th October 2000
PLEASE MENTION NEW SCIENTIST AS THE SOURCE OF THIS STORY AND, IF PUBLISHING ONLINE, PLEASE CARRY A HYPERLINK TO: http://www.newscientist.com