Relevant and coincidental personal anecdote:
10 years ago I caught my x-wife in an affair as she was using this same method the communicate with her lover. Her choice of email address for the shared account raised alarms on my firewall, so it was a simple matter to track to her machine. While she had gone to the similar trouble to delete all records on Yahoo (coincidentally), she had been browsing with IE which, due to some off-line setting, was cacheing locally all of the pages she had written. It was simply a matter of laying hands on her laptop and downloading all of that cache to expose the ruse.<p>I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.
Here's a thought: what if 'Yahoo gives FBI snapshots' is actually parallel construction, but Yahoo are not allowed (under PATRIOT or whatever) to admit the extent of their cooperation with three letter agencies (for instance, that they hand over everything they see without requests being made). Do they have to refuse to comply with the court?
The idea that Yahoo is covering for a government surveillance program is entertaining, but it hardly seems difficult to believe that they aren't actually deleting what they say they are deleting. Of course, keeping copies of everything forever in violation of their own policy is not exactly going to make law enforcement unhappy.<p>I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.
Data retention is negotiated and spelled out in detail in NDAs for contract research organizations. It's easy to delete data from servers once a project is done, but the backup tapes also have copies. You can't throw the tapes out, because the company needs them, hence there are agreements what happens to the data and tapes, and nowadays these are standard practice.<p>This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.
I'm curious if there will be blowback on Internet email companies if it turns out the emails were not deleted, just archived away from user's access.
Aren't backups basically a guarantee that you can never ever delete anything from anyone's server? Even if you hit delete on an email/post/photo/etc. if they made a backup before then, your data will now forever live on in some vault or maybe just Amazon Glacier. I can't imagine that Yahoo would go and retroactively remove your email from their backup tapes/optical discs/offline hard drives/clay tablets that they use.
I could imagine drafts have much less diligent deletion policies vs sent emails. Auto-save mechanisms typically keep a long history of diffs, or whole versions.