Yahoo Ordered to Explain Data Gathering Procedures in Deleted Email Case

Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were thought to be deleted.

Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were presumed deleted.

Yahoo’s policy guide claims it cannot recover emails from a user’s account that have been deleted but defense lawyers for a convicted U.K. drug trafficker are speculating whether the company did that, or via a surveillance program, to obtain emails used as evidence against their client.

The court granted the defense’s motion for discovery when Magistrate Judge Maria-Elena James from the Northern District of California Court handed down an order last Wednesday (.PDF) in San Francisco.

Screen Shot 2016-07-26 at 4.49.24 PMThe case revolves around Russell Knaggs, a defendant from the U.K., who was convicted and is currently serving a 20-year sentence for conspiring to import cocaine from South America in 2009. Knaggs and his team are appealing the conviction, contending the way Yahoo recovered the emails may have gone against British law.

According to court documents, co-conspirators used Knaggs’ Yahoo account to communicate but never actually sent messages through the service. Instead, the group communicated by viewing and editing drafts of emails through a single Yahoo account. According to court documents a collaborator in Colombia logged into an email address – “slimjim25@ymail.com” – to communicate with an accomplice. The conspirators removed the text in the email draft when they were through and simply started their communication over again.

Sukhdev Thumber, Knaggs’ lawyer in the UK, has gone on record that Knaggs didn’t use the account himself. A Court in the UK approved Knaggs’ bid to pursue an appeal as long as it was based on questions regarding the Yahoo-originated evidence.

So, with the UK’s permission, Knaggs is looking to learn more on how Yahoo obtained evidence used against him, potentially through what his attorney believes was “real-time monitoring and/or bulk data gathering” by the company.

Knaggs claims Yahoo circumvented British law and included four “snapshots” of content from the email account. Yahoo claims the “snapshots” were files created by the company as part of its email autosave feature, which keeps versions of email drafts on its email server for “periodic intervals.”

Knaggs’ defense claims that since six months of emails were apparently retrieved, Yahoo’s statements don’t “agree with common technical principles.” Instead Knaggs’ team claims its more likely the emails were obtained via a surveillance program of some sort.

He asserts that “[a] more plausible explanation for the e-mail information provided to law enforcement is that the e-mail account of Mr. Knagg”s [sic] was under surveillance and through the immediate efforts of surveillance, Yahoo was able to capture the email information and provide it to law enforcement.”

Yahoo is stressing that any “snapshots” that the company captured weren’t done in real time, but through autodraft pings that saved copies on a mail server. The company’s attorneys have called the defendant’s argument that it was part of a surveillance program “baseless.”

Still, Knaggs’ legal team is demanding more information about the company’s email system and how it handles data retention. In addition to asking Yahoo to answer questions at a Rule 30(b)(6) deposition, the defense team asked for instructional manuals, documents on the software and even a copy of the source code the software uses.

Yahoo’s attorneys called the demands “cumulative, overbroad, and harassing” in a response to the petitioner’s Motion for an Order filed back on June 8.

While the court agreed with Yahoo that the petitioner’s requests were broad, it also called Yahoo’s responses up to this point “conflicting.”

“The petitioner cannot be certain he understands the process of information gathering he seeks to challenge,” Judge James wrote in the order.

As part of the order the judge has asked Yahoo to provide a witness for deposition and produce any additional non-privileged data-gathering methods it may have used. Both parties were also asked by the judge to file a status report with the court by September 9 regarding their compliance.

Yahoo, which was acquired by Verizon for $4.83 billion earlier this week, is no stranger to battling it out in court over privacy and requests to turn over sensitive customer records.

The company disclosed the contents of three National Security Letters it had previously received last month. Chris Madsen, Yahoo’s Head of Global Law Enforcement, Security, and Safety called the move “an important step toward enriching a more open and transparent discussion about the legal authorities law enforcement can leverage to access user data” at the time. The publishing of the letters followed the disclosure in May of documents that pertained to the company’s tussle, in which it was asked to divulge user data, with the Foreign Intelligence Surveillance Court (FISC) in 2007

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.