________________________________________ > From: ietf <ietf-bounces@xxxxxxxx> on behalf of John C Klensin <john-ietf@xxxxxxx> >--On Tuesday, August 15, 2017 13:32 +1200 Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: >>> More seriously, how could you have any confidence at all that >>> unauthorized (or even "lawful intercept") copies of the >>> message would be deleted? >> >> You can't. I have destroyed Message-ID: >> <CACZ1GipivEf31iHchaM1OPFQF4QkfVRGVNsY_vVx=J8oFZ0JZA@xxxxxxxxx >> l.com>. Is that true? How do you know it's true? >Even if I had some way to verify that your statement about your >actions were true and that what you meant by "destroyed" >included any backup copies you might have kept as a side-effect >of other operations or procedures, there is no way that you can >guarantee that Google has destroyed it too. Indeed, prior to >the recent change in Gmail policy, I one could infer that they >had not and would not until whatever information it was >contained were deemed of no relevance. As an aside, that passive voice matters, too. The entity making the judgment (state agent, intelligence service, advertiser) will evaluate relevance differently. To the main point: I do know lots of people on this list know these issues and are channeling Socrates, but to be explicit: I think that once bits are out in the net, provably erasing them is impossible. I'll channel Franklin (or whoever he's quoting): "Three can keep a secret, if two of them are dead." -- Ted Faber <theodore.v.faber@xxxxxxxx> Engineering Specialist Computer Systems Research Department The Aerospace Corporation 310-336-7373 john