12.02.09

Tiger's Digital Sex Trap

The golfer’s naughty messages came back to bite, but it could get far worse for him—and you. Douglas Rushkoff reveals how companies keep every text, email and voicemail you send. Forever.

It's always the cover-ups that undo them in the end.

Perhaps the greatest irony in the Tiger Woods scandal is that the most salacious item to emerge so far is a voice recording of the golf pro leaving a voicemail message instructing one of his mistresses to disassociate her name from her cell phone number, so that it would not show up when his wife utilized CallerID in her forensic analysis of Tiger's cell phone SIM card.

Amazingly, to me anyway, in spite of our increasing familiarity and comfort with the Internet, most of us still have pitifully little idea of the fossil record of data we leave trailing behind us every day, all the time. Until, of course, it is too late.

According to one of my wireless industry moles, workers relish celebrity accounts in particular, and the horror stories of inappropriate eavesdropping (including bribes from private detectives) could fill a book.

Not that Tiger's liaisons wouldn't have been captured eventually by a security camera, the paparazzi, or a traditional blackmailer. But entrusting digital devices with private communications while simultaneously underestimating the distributive power of the Internet is a recipe for disaster.

Most of us still haven't grasped the fact that everything we commit to the digital space—not just our public blogs and broadcast tweets, but every private text message, email, and voicemail is likely to be stored and accessible. Forever. While these electronic media seem ethereal compared with hard evidence like pen and paper, they actually provide a more durable, perhaps indestructible archive of everything committed to their realm.

Every Gmail message is archived by default. If you delete a Gmail message, it is stored for 30 days, and then, according to Google, "permanently removed from Gmail." But what does that really mean? Removed from "Gmail" doesn't necessarily mean removed from all Google servers. In fact, your old emails are the data set from which Google models our behaviors—the real product it is offering its advertisers.

Likewise, AT&T states that it archives our SMS messages for 72 hours. But then how, when subpoenaed during the Kobe Bryant sex scandal, were they able to retrieve the basketball player's SMS messages four months after they were sent? Phone carriers may not want to be bothered with offering subscribers access to their old SMS messages, but they do hang on—indefinitely—to all the data associated with those messages in order to maintain a billing history. Their servers contain who we have texted (or sexted), when we did so, how many characters were in the message... and, depending on the circumstances, even the message itself.

Though wireless carriers admit to maintaining a record of all our transmissions, they steadfastly deny hanging onto the text within our SMS messages. AT&T says they get rid of them in three days, and Verizon "expunges" after five. Even if the phone companies are telling the absolute truth and they really do delete the content within our old messages from their own databases, this doesn't mean they are truly gone.

I asked my best phone experts where my SMS messages go to die, and if they ever do. Are they gone, or never really deleted. The overwhelming answer from them all? "Bet on 'never deleted.'"

Still worse, the data often remains deep in your phone, on an IT department server (if you're texting someone's work phone) or various other places. "It all depends,” says Josh Klein, an SMS network programmer responsible for bringing us the technology behind those vote-for-your-favorite-performer shows. “Really, the messages flow into the TelCo through a variety of sources—their own network, partner networks, external networks -- and land in a database before they (hopefully) pass them on to the appropriate location, be it a phone in their system, another network's device, email, or whatever."

Get it? Your messages are not stored in a database “after” they are sent. They go to the database first. "Once it's in the database they can do anything they want with it,” says Klein. “Search them for spam, for keywords, for names, for certain phone numbers, or even delete them!"

Why should the companies delete them? Unless they're hurting for data drives, there's really no good reason on earth to throw away this realtime consumer data, and nothing in any of the subscriber agreements I have read to prevent them from keeping it. The time limits merely indicate how long a subscriber has to request a message be retrieved—not how permanently it will be stored. As Klein explains, "The 'we will delete them after 72 hours' clause is only as enforceable as any other policy—it's something somebody said they'll do. If some low-level tech is sitting there monitoring the system's traffic and he sees some cool messages from Tiger come through, it's likely to be trivial for him to save them for later."

Besides, the phone carriers' databases are not the only databases containing our text messages. Increasingly all this SMS data is being stored and relayed through third party SMS Centers—ones unconnected to the larger phone companies and uninvolved in our subscriber contracts. These companies allow for easy interoperability between systems. Employees there can watch messages fly by more easily than a surveillance-act empowered CIA agent.

In just one famous example, over half-a-million pager messages from the 24 hours surrounding the 9-11 attacks were published to the "WikiLeaks" website, three months after they were originally sent via companies such as SkyTel, Metrocall, and Arch Wireless. According to one of my former students, who now serves as one of my wireless industry moles, workers at SMS centers relish celebrity accounts in particular, and the horror stories of inappropriate eavesdropping by employees and companies, as well as the private detectives who bribe them, could fill a book.

AT&T, Verizon, and Sprint all refused to comment on any of this, including the possibility for third-party SMS centers to hoard, sell, or accidentally leak the messages relayed by their databases. But the redundancy inherent to any messaging system—the sheer volume of databases and systems busy saving and backing-up our data—virtually assures its survival long beyond any date it may be scheduled for official deletion.

Most of us will never be subjected to kind of subpoena-worthy inquiry that tests the boundaries of the telephone companies’ ability to retrieve old data, or the kind of celebrity that makes us worthy targets of SMS hackers. Still, we—the first generation of digital messagers—are in for a rude awakening when our pasts come back to haunt us like an old Junior High School stalker finding you on Facebook. It's all out there. Indelible. Waiting.

The answer is not to crash the gates of our messaging companies and force them to execute proper deletion programs. It is, rather, to remember that every keystroke you make is more permanent than if it were chiseled in rock. Your next SMS will probably be around longer, and remain more legible, than your tombstone.

For, unlike your tombstone or even your mortal coil, your texts may be worth something.

Douglas Rushkoff, a professor of media studies at The New School University and producer and correspondent for the PBS Frontline Digital Nation project, is the author of numerous books, including Cyberia, ScreenAgers, Media Virus, and, most recently, Life Inc., released this month by Random House.