Chats at google by default have 24 hours of chat history. (That is, after 24 hours, the chat history is delelted.) You can opt in to having 30 days of chat history instead. And when under a legal hold, Google continues to delete chats in the 24 hour history mode, but will not delete chats in the 30 day history mode.
That is, Google's theory here seems to be that if you have a policy to destroy certain letters and memos 24 hours after receiving or creating them, then you don't need to stop doing that and preserve them even if under a court ordered legal hold. But if your policy is to destroy certain documents 30 days after creating them, then you must stop deleting them and retain them if ordered by a court.
Which is....a.....theory!
I think it's fine for Google to have a policy to delete chats by default after 24 hours, and...probably fine for some executives to strongly prefer to use the 24 hour history mode by default just in case they get sued sometime in the next 30 days. What I don't understand is what argument exists for why you can delete relevant records after you're under a legal hold.
I guess there's a little complexity here in that Google seems to have called (and thought of) these chats as being off the record - that is, they weren't chats with recordings deleted automatically after 24 hours, they were chats that had no recordings and just happened to have chat history that stuck around for 24 hours. From a technical point of view, that's nonsense; the chat history is absolutely a recording, and slapping a label on top saying "off the record" doesn't change that. But eh, maybe it'll be more convincing to the judge.
This is just Google up to their old tricks again. They used to have an internal practice to add company lawyers to emails in order to try and make them privileged and undiscoverable: https://archive.is/1Bwgs
I don't know what the aftermath of the DoJ action mentioned in the link was, but I hope they were sanctioned in some way for it, just like I hope they get sanctioned for what they're trying to do here.
At that point I’d be arguing it’s a criminal conspiracy involving the lawyer so anything with that lawyer no longer has privileges due to being evidence of crime
The loophole for face-to-face and telephone conversations is sort of interesting. I wonder if it remains because it historically wasn't historically practical to record...or solely because of eavesdropping/consent laws. Or some combination of the two? What if you were using a 3rd party chat with no history capability at all...where does that fall?
AFAIK you have an obligation to retain records if under a legal hold, but you do not have an obligation to create records. So if your company policy is to record all phone calls, then yes, you would need to retain and provide those records as part of discovery. However, you cannot be obligated to start recording phone calls in order to make them discoverable.
> What if you were using a 3rd party chat with no history capability at all...where does that fall?
This somewhat gets to the heart of what Google was doing. There's two parts to this:
1. There's always some amount of history with chat software as it's a async communication mechanism. Maybe it's minutes, hours, or days. But let's say there's no feature to retain messages for longer. If you're under a legal hold, are you obligated to retain these?
2. Now let's say the software does also have a history feature but it's optional that you can switch on, but you default it to off for everyone. If you're under a legal hold, are you now obligated to turn it on? Or this is analogous to being forced to start recording phone calls.
Regardless of why Google was doing this, it's an interesting legal question and one that I'm not sure has much case law on.
> The loophole for face-to-face and telephone conversations is sort of interesting. I wonder if it remains because it historically wasn't historically practical to record...or solely because of eavesdropping/consent laws.
I think it's largely because you had to go out of your way to record a phone call. You generally needed to get an extra device, wire it up, get tapes, etc. In the modern era of video calls this is a built-in feature available at the click of a button. Which raises the question: if you're under a legal hold are you compelled to enable that by default?
That's a dangerous path. It implies that anything that so much as touches a computer must be preserved for the government. There absolutely should be a category for data to be transmitted with the understanding that it will not be preserved. Otherwise, you will just push people to use analog communication channels (or legal arguments around "what is a record", "what about E2E encrypted", "do debug logs count", etc), and for what? No one wins.
(e) Failure to Preserve Electronically Stored Information. If electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery, the court:
(1) upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or
(2) only upon finding that the party acted with the intent to deprive another party of the information's use in the litigation may:
(A) presume that the lost information was unfavorable to the party;
(B) instruct the jury that it may or must presume the information was unfavorable to the party; or
(C) dismiss the action or enter a default judgment.
Google has been accused of violating FRCP 37(e). USA and State AGs have moved for sanctions in another case against Google in DDC:
In the Epic case the court did not believe that the steps taken to preserve chats were reasonable.
"Consequently, on the record as a whole, the Court concludes that Google did not take reasonable steps to preserve electronically stored information that should have been preserved in the anticipation or conduct of litigation. Fed. R. Civ. P. 37(e)."
I hope the lawyers involved emphatically remind the judge that "reasonable" in the case of Google, the self-described organizer of the world's information, would have been the perfect preservation of 100% of all evidence. That is the standard they applied to us mortals when they unleashed their surveillance capitalism upon us. Anything less than that is obviously a ploy to evade the consequences of whatever it is that they did.
> a party failed to take reasonable steps to preserve it
There is nothing reasonable about turning an existing system that was never designed to keep chats at all, to do on a whim, where would cause irreparable damage to the common offering both internally and externally.
Once is a pass, but 24 hours is not nearly an established window that a medium can/should be made arbitrarily compliant. It would be a large precedent.
Not familiar with the details in this case, but it makes total sense to me that an "off the record" chat doesn't need to be preserved, even by a court order to keep all records. Let's assume there is a chat app that is officially designed to be off-the-record, and everyone who uses it assumes it is off-the-record. Let's assume technology-wise, there are indeed no records kept, everything is ephemeral. Should the court order then apply to those chats? I don't think so, just as a court order doesn't apply to a live conversation which isn't recorded. Now assume that the programmer of the app made an error, and accidentally records are kept for 24 hours. Should the court order now apply to those records? Doesn't seem to be a clear-cut case to me.
> it makes total sense to me that an "off the record" chat doesn't need to be preserved, even by a court order to keep all records. Let's assume there is a chat app that is officially designed to be off-the-record,
You cannot officially designate anything to be "off the record". That's just not a thing that the legal system recognises - the closest thing might be attorney-client privilege, and that's not relevant here, so none of your analysis applies.
You are answering your own question yourself. Read carefully and notice how you use the world record in your post.
> Let's assume technology-wise, there are indeed no records kept, everything is ephemeral. Should the court order then apply to those chats?
No, there is no record to be kept.
> Now assume that the programmer of the app made an error, and accidentally records are kept for 24 hours. Should the court order now apply to those records?
Yes, the court order applies indiscriminately to all records no matter why or how they were made.
One thing that comes to mind is that by the time a judge orders a hold, more than 24 hours will have elapsed since any chats that hold applies to. That is, if such a hold only applies to records created before the hold - do these orders apply to future records as well?
The brief answer is that if you know, or can "reasonably anticipate" legal action, you have to take steps to preserve evidence related to it.
So if Google has been sued about, let's say, how they negotiate Revenue Share Agreements (RSAs), then they need to 1) take active steps to ensure any records they have about RSAs are retained, including making sure they aren't caught by any document retention policies and 2) they need to preserve any future records that might be relevant. And they also need to do that if they can "reasonably anticipate" they might be sued, which means (at a minimum) that if someone sends them a formal note telling them that they're planning to sure about RSAs (or whatever) they need to start retaining evidence.
If all your communications are either unrecorded or are deleted after 24 hours, then when you get sued (or receive a notice indicating someone is preparing to sue) then:
1) You likely have almost no retained records you need to prevent being deleted.
2) And in fact you can very likely argue that it took you more than 24 hours to implement the legal hold, so actually all your existing recorded conversations will probably end up deleted.
3) But everything going forward will be covered. And since these lawsuits drag on for years, that's likely to be quite a lot of material. Unless you keep deleting most of them, of course. Which doesn't seem like a good plan, but I suppose we'll see how it works for Google.
The obligation to preserve electronically stored information, e.g., the Google chats, starts upon reasonable anticipation of litigation, e.g., when the DoJ announces it has initiated an investigation of the company and dozens of state AGs publicly announce plans to sue. That can be before a suit is filed and before a judge is assigned. No court order needed.
Same thing that happened to Hillary Clinton’s emails. In fact, ”a computer technician” introduced the email deletion policy after a subpoena was issued. Remind me is how Google did something horrific here, must be some dastardly “computer technicians.”
It's always really funny/amazing that seemingly smart people think that the legal system can be "hacked" by doing cheap stuff like deleting history. It's going to come out and it's going to look bad. In an actual case that I was involved in, the other party was an ex-lawyer and had a rigorous practise of not keeping records in case something bad was discovered. I on the other hand had (terrifyingly, in retrospect) meticulous notes. I figured if I don't do anything bad my notes will be fine. When it came to the actual case my notes meant our side prevailed on every material question of fact because they had literally nothing to back their theories up with. Some of the notes were a bit embarrassing to be crossexamined about because they were my personal take on meetings and conversations etc[1] but it 100% reinforced my basic idea: act with integrity and don't be afraid of the record.
Another widely used "legal lifehack" of this kind is to just add "Attorney Privileged and Confidential" or something similar either to the first line of the email or to the subject and then (optionally) cc a member of legal team, thinking this will prevent the document being found and used in discovery. This won't work.
Attorney client privilege covers you providing facts to your legal team sufficient for them to give you some advice and them providing that advice.[2] You can't just tag any communication and think it is magically covered, and not all communications involving a lawyer are covered either. In an actual discovery (at least in the ones I have been involved in) there is a massive document production (including emails but every other kind of document also) and then the lawyers go into a conference to argue about what is and is not privileged. If you mark actually privileged conversations you can speed this process up because they don't need to sift through as much, but if you have marked a bunch of comms privileged that is not, all you are doing is making this process take longer (and thereby increasing your legal bill). Either way, you marking something (or not) doesn't actually affect whether it is privileged (or not).
[1] I can say from experience that "Mr Hunter, what do you think it means when it says here this was 'a complete clusterfuck'?" is not a fun question to have to answer to a roomful of lawyers but whatever.
IANAL. My understanding of how ACP (typically) works with email is that it requires the communication to be solely between one individual and an attorney. Since the header is not covered by ACP, these get challenged very quickly.
Uber became a unicorn by exploiting the differences between regulation of taxi companies and limo companies. While burning though mountains of investor money subsidizing it’s product. The important bit was they didn’t need much capital because they didn’t own the cars, and they didn’t need much advertising because the subsidies where initially huge.
The underlying business model looked quite reasonable for investors who assumed they could eventually turn off subsidies and terrible to those who didn’t. But, you don’t need to convince every investor just enough investors to keep going.
It's bizarre. Why would anyone delete their texts? It's such a transparent lie. Luckily the EU will soon go ahead with its chat control law, and the police will have access to all text and chat logs and will be able to prosecute any corruption in the parlament. At least that's what I think it's for.
Ironically at google's scale(size and global timezone footprint) the inefficiency this default setting creates likely burns millions every day from work that gets blocked or knowledge that isn't discoverable.
Organize the world's information, except if it might make us look bad.
This is the pennywise pound foolish leadership that has taken over.
It changes the expectation of the team though. Since teams know they expire in 24 hours they are forced to extract the important information and document them somewhere else. I've been on remote teams where they explicitly do it so members are forced to document in a structured way.
Conversations in real life get deleted after 0s! The trick is to not use chat as documentation. Documentation as documentation is way more useful. The process of creating it is valuable to
clear thinking too.
I have lost maybe a dozen hours of work to Chrome's hard-coded 90 day history limit. Frustrating if you remember this internal tool from a year ago, but can't find it again.
I wonder why they chose not to make it configurable.
Pardon my ignorance, but why isn't Pichai allowed to have chat conversations that don't record history? Was there a case against Google already that bans this or something?
And couldn't this just be circumvented by having an in-person meeting?
The complaint details the reason it was not allowed in this case, though would be normally: the topics were subject to legal holds.
> Like Mr. Pichai, other key Google employees, including those in leadership roles, routinely
opted to move from history-on rooms to history-off Chats to hold sensitive conversations, even though
they knew they were subject to legal holds. Indeed, they did so even when discussing topics they
knew were covered by the litigation holds in order to avoid leaving a record that could be produced
in litigation. As the examples below make clear, Google destroyed innumerable Chats with the intent
to deprive Plaintiffs and other litigants of the use of these documents in litigation
Note: that's the argument the plaintiff's lawyers are making, not the final word on the matter
> why isn't [...] Was there a case against Google already that bans this or something?
According to [1], "The DOJ maintains Google should have suspended its auto-delete practices by 2019, when it was clear litigation was coming."
I found more details in [2] on the legal topic of evidence spoliation that might be interesting, though I'm not a lawyer and don't know what which law(s) are relevant in this case.
> And couldn't this just be circumvented by having an in-person meeting?
Yes, but there's presumably a difference between deleting evidence vs. not having it in the first place.
> Yes, but there's presumably a difference between deleting evidence vs. not having it in the first place.
In the article it seems Google's "history off" feature isn't really history-off so much as it simply auto-deletes after 24h. If the chats were never logged, would they have avoided this?
Also how far does the law go regarding deletion - I mean if a message was stored in memory and then released/garbage collected does that still count as "deleting evidence"? Because if so, then virtually any means of electronic communication might be counted as "deleting evidence". For example a voip call audio buffer that gets deleted.
(Just thinking out loud, not that I would ever want to circumvent the law)
Thanks. The law is kind of silly. A chat system that doesn't store history is functionally equivalent to an unrecorded call, but I'm guessing they would not consider an unrecorded call destruction of evidence.
I’m not a lawyer, but my understanding is that remote work doesn’t create a discoverable record if the conversation happens by unrecorded methods such as a video chat or phone call where the recording feature has not been enabled.
The problem with Google Chat in this context is that even history-off Chats are kept for at least 24 hours before being destroyed (I’ve sometimes seen longer due to caching), so a record is created and then destroyed. That isn’t allowed when an obligation to preserve the record exists.
I admit I don’t know whether something like un-logged IRC would be allowed, but at the very least, any IRC clients that do log the history even for the purpose of displaying it locally after a crash and restart would themselves create a discoverable record subject to any applicable preservation obligation.
If you mean that remote workers are more likely to use Google Chat for sensitive information topics than in-person workers, yes, that could be an example of a peril of remote work. But, from the perspective of society rather than the company, making it harder for companies to hide misbehavior is actually an advantage of remote work.
Disclosure: I have worked for Google in the past, but not for more than 8 years now, and I have no inside knowledge of or connection to anything discussed in the submitted PDF.
It's even funnier reading than famous McKinsey email:
In one internal email sent in July 2018, a McKinsey executive appears to acknowledge the growing legal risk faced by Purdue Pharma over its opioid business.
"It probably makes sense to have a quick conversation with the risk committee to see if we should be doing anything other that [sic] eliminating all our documents and emails," McKinsey senior partner Martin Elling wrote in an email sent to another executive at the company. "As things get tougher here someone might turn to us."
> "It probably makes sense to have a quick conversation with the risk committee to see if we should be doing anything other that [sic] eliminating all our documents and emails,"
Gah that is so incredible dumb and the fact that he didn't check himself before hitting 'send' is just perfect. Nothing like a bit of hubris to go with the mindset of a criminal. It makes you wonder what 'anything other' referred to.
I moved from an HFT firm to Google. The attitude difference with respect to document holds was hilarious.
At the HFT firm, the attitude was, "we're constantly being sued (by the SEC and others), so we treat all of our records like they're under litigation holds, just in case the SEC claims they wanted them, even the off-topic slack channels."
At Google, the attitude was, "we're constantly getting sued, so we treat all of our records as being as ephemeral as possible so we can avoid having a record of what we're doing."
This probably isn't because of litigation holds, actually, this is because finance firms are under SEC record-keeping rules, which require the preservation of ALL internal written communications, regardless of whether they're currently being sued or not. It's a bit of a different beast. See https://www.bloomberg.com/opinion/articles/2023-02-02/the-se... which covers some ... interesting recent developments of this rule and its application
Yeah, as I understand it though, the SEC rules are to allow investigations (and "enforcement actions"/lawsuits) to happen quickly. I saw one of these "investigations" happening at one point and had no idea it was an investigation until I was casually informed that the strange people in the office were from the SEC and they had some questions about some trades, and that it happens all the time.
Today, we use instant messaging like we use voice conversation - especially for people who work remotely. Banning the use of ephemeral IM is sort of like saying “you need to record all of your discussions, no matter how trivial”.
Levine’s article makes a great point:
“It really is wild that the SEC’s official position is now that it is illegal to “use unofficial communications to do things like cut deals, win clients or make trades.” “Conduct their communications about business matters within only official channels”! Imagine if that was really the rule! You can’t have lunch with a client and talk about business, or have beers with your colleagues and gripe about work, because that does not create a searchable archive for the SEC to review.”
Paraphrasing: "What policy? I'm on multiple legal holds as well. I ignore them every day [smileyface] But if you want to follow the rules, I'll respect your decision. I'll just communicate with the others off the record. I only included you for optics reasons."
Some would say that company culture starts at the top. Here's the 50-year-old CEO:
I assume my private messages are always public record, so I don’t get this mindset. My first thought when messaging someone is, “What if they screenshot or leak this conversation?” or “What if their message history is subpoenaed?” It never makes sense to assume confidentiality with other coworkers.
Wow, that's not just "hey let's be careful", it's "hey, screw all that legal hold stuff, lol!"
What kind of legal guidance were these people getting? When I worked at a big corp, we had regular meetings with legal that were reminders of how to treat sensitive subjects and it was taken very seriously.
jsinouye@google.com: "Hi, please use this chat for ops/policy/BD/escalations issues that need faster response. Please note: I would like to keep history off. Members are Shie, Camille, Dan, Court, Sherry, Jintae, Ash, Jami, me."
Yeah, FAANG gang has no idea the level of surveillance and record keeping that bank/fund/wall st tech is under.
I worked at one shop that if you said "call my cell" in a slack to someone, you'd get a call from compliance within days ask to explain why you did this, what the conversation was about, why it wasn't on a work phone.. and to never, ever, ever do it again... because you know we are watching, so we will find you.
No. You are allowed to communicate by voice and it isn’t recorded and compliance will allow it. However it depends what you are doing. If you are trading, it better be on a recorded line. See FINRA Regulatory Notice 20-16 for reference.
In fact, many Zoom conversations are expressly forbidden from being recorded at many financial firms. Again, that’s because no one is using zoom to make trades so there isn’t a requirement to record them and financial firms also don’t want to have to pay to keep things stored just so some lawyer can hit them with discovery.
A big current issue is when you use written correspondence that is not part of a system of record. See Finra Regulatory Notice 17-18 for details on that.
I work at a big tech company (not Google) and this flagrant contempt for the legal hold is absolutely shocking to me. We're also under a legal hold. It has nothing to do with anything relating to my work. I will never have anything responsive to any kind of discovery request, I don't even work on a product team, only infra. The company is preserving everything that could even hypothetically be responsive to some future discovery request. If I need to reimage my work laptop, I can't, current company guidance is to return the laptop to IT and get a new machine because they need to preserve any data on the laptop. Email is being archived, there's regular communications about making sure everyone from top to bottom knows to preserve anything tangentially related to the legal hold.
During yearly compliance training one thing that was stressed was not to mark anything A/C Priv unless it actually was. They made sure to call out that including someone from legal in an email chain does not make it A/C Priv and not to try anything like that. At the time I thought it was silly that the training went over such obvious things as "don't commit white collar crimes" in essence but apparently that's not how they do things at Google. I just can't wrap my head around why any of the many different people involved could ever look at what they were doing and think "yes, this is fine, I should continue this behavior". WTAF.
Every bank I’ve worked at issued a company cell phone. To be pedantic if you say call my personal cell, then compliance will be on you like flies on poop
The lack of any kind of effective legal standards in the tech industry is batshit crazy considering the the primary business model and what they are investing in. Its an actual tragedy and by far the thing the scares me the most about living in the US.
At my company (not finance, and never gotten sued), documents are ephemeral
primarily due to GDPR reasons.
Many of them contain various personal data of clients and/or employees, legal makes us specify for how long each service needs to hold on to it, and purge as soon as possible to minimize chance of leaks.
This was my experience as well. (Well I didn't come from an HFT company but on arriving at Google and then seeing some "dubious" things get diverted to ephemeral media, because possibile suits, was a thing.)
What I found interesting was the rationalization that "people would just cherry pick data and use it against us." Which belied the idea that if you saved all of it, you would be able to reconstruct it.
Also the storing of live traffic not to "look at" but to have a model of live traffic to test changes against. I once asked "why not create a statistical model of the traffic and use that?" and was responded "#1, people wouldn't believe you if you said this was 'just like actual traffic', and #2 we get live traffic for free with no engineering effort so its a win to use it instead."
They weren't wrong but they didn't really prioritize privacy or safety either.
This is the same story in the medical space. Chat history is deleted after 7 days. Emails are deleted after 18 months. Cloud store documents are deleted after 3 years. Is all about legal downside. Of course, quality approved necessary documents are retained for the, entire duration of the company
Google operates exactly like a criminal organization would. It's that simple, and we should talk about it in that way, because that is what it is. A huge portion of their business is effectively racketeering, and we should be putting Larry, Sergey, and Sundar in prison. RICO provides some tools to effectively bring in the heads of the organization based on the actions of people under their employ.
"Nice website you got there. It'd sure be a shame if your competitors all were listed above it in search even when looking for it by exact name."
"Wow, that would suck for me. Guess I'll be telling my customers to find me on Bing. Not to mention supporting the trade and industry organizations that will be putting the message out, via ad campaigns, that Bing is the better option."
None of this is particularly surprising, but it's very amusing to see the litigation go this route. It's incredible common for corporate legal to recommend purging data or communications no longer relevant, or to advise avoiding specific means of communication (like email) due to retention challenges.
It's incredibly dumb to explicitly discuss avoiding leading a paper trail with respect to subjects where litigation is imminent or already in progress.
The point of these legal policies is generally to avoid unnecessary risk. From a legal perspective it's impossible to control communication completely but advice to reduce the scope or volume of legal holds is almost always reasonable. Legal holds can be really painful, and it's not uncommon for a lot of unrelated communications to become in-scope.
This is exciting to see, I hope it triggers real change in corporate culture but I suspect it might simply make it even worse.
I am not a vengeful type. But people need to be punished to a shocking degree until this is fixed. It should be surprising. And it should have terrible, if not horrific, consequences.
who in particular would you punish? All this behavior is required by company policy, presumably set by Google's legal department: "Google employees are instructed that chatting “‘off the record’” is “[b]etter than sending . . . email” specifically because Google destroys off-the-record Chats every 24 hours, whereas it retains emails to produce in litigation".
Australia has recently had multiple data breaches across a number of large groups that saw decades of user data copied .. that should have been PURGED.
Some of it arguably should never have been retained - proof of identity data, addresses, passport numbers, etc.
Obviously this isn't the same as internal emails, chat histories, etc but I'm hoping we here in Australia see a solid swing away from data retention "just in case", "because we can".
The default setting on all such things and software really needs to be nothing is saved unless specifically and knowingly set to be saved (for a solid recorded reason) and then for only the minimum neccesary duration.
If you have a policy or procedure, what you’re suggesting is ok in most companies.
There’s no law that says that you need to keep security camera footage for any length of time. If your practice to to retain for 7 days, and you get a subpoena to provide it 10 days later, no problem. But if you are directed to retain footage from February 30th, or have a reasonable foreknowledge that you should keep the footage, you’re in trouble.
The answers vary by company. If you sue or investigate people all of the time, you want to keep everything forever. If you get sued frequently, you want to get rid of the data as soon as practical. If you consciously don’t create records for matters that aren’t confidential, people are probably going to infer something.
I think worse they were under injunction to retain all communications. They were essentially destroying discoverable material. AFAIK the result is in the court the court can assume the material was damaging to their case and treat it with prejudice.
>It's incredibly dumb to explicitly discuss avoiding leading a paper trail with respect to subjects where litigation is imminent or already in progress.
I'd say it's incredibly dumb to do that on a platform that can record the interaction.
I never understood why folks use platforms like slack/email/etc. to discuss stuff they don't want others to know about.
The ideal for that, of course, is to have in-person conversations in a place either known to be free of surveillance and/or difficult to surveil.
Failing that, assuming you trust the other party (which, in a case like the one we're discussing, you'd think would be the case), an unrecorded telephone call (yes, you can actually still do that) will work in a pinch.
I don't know how many times (many, though), I've met with someone in person or spoken via telephone about stuff that might be less than flattering (for me, at least, nothing illegal/unethical -- usually more about discussing my or the other party's activities/behavior that might reflect poorly on either of us or the organization) to avoid any record of such conversation.
I'm not suggesting that people should organize/discuss unethical/illegal things on any platform (in person included). Rather, I am surprised that folks have and continue to do so on recorded (or even potentially recordable) media.
Especially someone as obviously (how else could he have come to head GOOG) smart and savvy as Pichai.
Not sure if it matters, but all chats at Google default to history off (deleted after 24hrs). Turning on history only keeps messages for 30days and you have to do this for every single group chat, private chat, etc. There is no archive or long held messages like Slack.
Yes, these settings were chosen specifically to destroy evidence, and the courts are increasingly unhappy with that. All conversations involving people on legal holds (such as the CEO!) should be retained indefinitely.
In-person and video/audio/phone conversations do not have the same requirements. What makes text chat that is meant to be ephemeral to be different than an in person chat?
That's a rather biased way of phrasing it. Did humans evolve mouths and ears specifically to destroy evidence? Those settings were chosen because the platform was designed to emulate hallway chats, and the "records" are an implementation detail.
If this goes through, all that will happen is that Google will re-engineer the backend to evade whatever standard set by the ruling. Who wins from this outcome? Perhaps the engineers getting paid and promoted to work on said project. Certainly not the courts or the "people".
Readit News
Chats at google by default have 24 hours of chat history. (That is, after 24 hours, the chat history is delelted.) You can opt in to having 30 days of chat history instead. And when under a legal hold, Google continues to delete chats in the 24 hour history mode, but will not delete chats in the 30 day history mode.
That is, Google's theory here seems to be that if you have a policy to destroy certain letters and memos 24 hours after receiving or creating them, then you don't need to stop doing that and preserve them even if under a court ordered legal hold. But if your policy is to destroy certain documents 30 days after creating them, then you must stop deleting them and retain them if ordered by a court.
Which is....a.....theory!
I think it's fine for Google to have a policy to delete chats by default after 24 hours, and...probably fine for some executives to strongly prefer to use the 24 hour history mode by default just in case they get sued sometime in the next 30 days. What I don't understand is what argument exists for why you can delete relevant records after you're under a legal hold.
I guess there's a little complexity here in that Google seems to have called (and thought of) these chats as being off the record - that is, they weren't chats with recordings deleted automatically after 24 hours, they were chats that had no recordings and just happened to have chat history that stuck around for 24 hours. From a technical point of view, that's nonsense; the chat history is absolutely a recording, and slapping a label on top saying "off the record" doesn't change that. But eh, maybe it'll be more convincing to the judge.
I don't know what the aftermath of the DoJ action mentioned in the link was, but I hope they were sanctioned in some way for it, just like I hope they get sanctioned for what they're trying to do here.
https://www.oyez.org/cases/2022/21-1397
From listening to the oral arguments, the court didn't seem to think that just CC'ing a lawyer automatically made the full communication privileged.
> What if you were using a 3rd party chat with no history capability at all...where does that fall?
This somewhat gets to the heart of what Google was doing. There's two parts to this:
Regardless of why Google was doing this, it's an interesting legal question and one that I'm not sure has much case law on.> The loophole for face-to-face and telephone conversations is sort of interesting. I wonder if it remains because it historically wasn't historically practical to record...or solely because of eavesdropping/consent laws.
I think it's largely because you had to go out of your way to record a phone call. You generally needed to get an extra device, wire it up, get tapes, etc. In the modern era of video calls this is a built-in feature available at the click of a button. Which raises the question: if you're under a legal hold are you compelled to enable that by default?
Deleted Comment
...
(e) Failure to Preserve Electronically Stored Information. If electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery, the court:
(1) upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or
(2) only upon finding that the party acted with the intent to deprive another party of the information's use in the litigation may:
(A) presume that the lost information was unfavorable to the party;
(B) instruct the jury that it may or must presume the information was unfavorable to the party; or
(C) dismiss the action or enter a default judgment.
Google has been accused of violating FRCP 37(e). USA and State AGs have moved for sanctions in another case against Google in DDC:
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
In the Epic case the court did not believe that the steps taken to preserve chats were reasonable.
"Consequently, on the record as a whole, the Court concludes that Google did not take reasonable steps to preserve electronically stored information that should have been preserved in the anticipation or conduct of litigation. Fed. R. Civ. P. 37(e)."
https://archive.org/download/gov.uscourts.cand.364325/gov.us...
There is nothing reasonable about turning an existing system that was never designed to keep chats at all, to do on a whim, where would cause irreparable damage to the common offering both internally and externally.
Once is a pass, but 24 hours is not nearly an established window that a medium can/should be made arbitrarily compliant. It would be a large precedent.
You cannot officially designate anything to be "off the record". That's just not a thing that the legal system recognises - the closest thing might be attorney-client privilege, and that's not relevant here, so none of your analysis applies.
> Let's assume technology-wise, there are indeed no records kept, everything is ephemeral. Should the court order then apply to those chats?
No, there is no record to be kept.
> Now assume that the programmer of the app made an error, and accidentally records are kept for 24 hours. Should the court order now apply to those records?
Yes, the court order applies indiscriminately to all records no matter why or how they were made.
There's a massive difference in deleting records that did exists vs. records that never existed in the first place.
The former is deleting data, the second case isn't.
So if Google has been sued about, let's say, how they negotiate Revenue Share Agreements (RSAs), then they need to 1) take active steps to ensure any records they have about RSAs are retained, including making sure they aren't caught by any document retention policies and 2) they need to preserve any future records that might be relevant. And they also need to do that if they can "reasonably anticipate" they might be sued, which means (at a minimum) that if someone sends them a formal note telling them that they're planning to sure about RSAs (or whatever) they need to start retaining evidence.
If all your communications are either unrecorded or are deleted after 24 hours, then when you get sued (or receive a notice indicating someone is preparing to sue) then:
1) You likely have almost no retained records you need to prevent being deleted.
2) And in fact you can very likely argue that it took you more than 24 hours to implement the legal hold, so actually all your existing recorded conversations will probably end up deleted.
3) But everything going forward will be covered. And since these lawsuits drag on for years, that's likely to be quite a lot of material. Unless you keep deleting most of them, of course. Which doesn't seem like a good plan, but I suppose we'll see how it works for Google.
The obligation to preserve electronically stored information, e.g., the Google chats, starts upon reasonable anticipation of litigation, e.g., when the DoJ announces it has initiated an investigation of the company and dozens of state AGs publicly announce plans to sue. That can be before a suit is filed and before a judge is assigned. No court order needed.
Deleted Comment
Another widely used "legal lifehack" of this kind is to just add "Attorney Privileged and Confidential" or something similar either to the first line of the email or to the subject and then (optionally) cc a member of legal team, thinking this will prevent the document being found and used in discovery. This won't work.
Attorney client privilege covers you providing facts to your legal team sufficient for them to give you some advice and them providing that advice.[2] You can't just tag any communication and think it is magically covered, and not all communications involving a lawyer are covered either. In an actual discovery (at least in the ones I have been involved in) there is a massive document production (including emails but every other kind of document also) and then the lawyers go into a conference to argue about what is and is not privileged. If you mark actually privileged conversations you can speed this process up because they don't need to sift through as much, but if you have marked a bunch of comms privileged that is not, all you are doing is making this process take longer (and thereby increasing your legal bill). Either way, you marking something (or not) doesn't actually affect whether it is privileged (or not).
[1] I can say from experience that "Mr Hunter, what do you think it means when it says here this was 'a complete clusterfuck'?" is not a fun question to have to answer to a roomful of lawyers but whatever.
[2] https://uk.practicallaw.thomsonreuters.com/7-506-8557?contex...
Uber became a unicorn doing exactly this.
The underlying business model looked quite reasonable for investors who assumed they could eventually turn off subsidies and terrible to those who didn’t. But, you don’t need to convince every investor just enough investors to keep going.
It's always really funny/amazing that this exact process works flawlessly for EU politicians: https://www.reuters.com/world/europe/eus-von-der-leyen-cant-...
Organize the world's information, except if it might make us look bad.
This is the pennywise pound foolish leadership that has taken over.
And couldn't this just be circumvented by having an in-person meeting?
> Like Mr. Pichai, other key Google employees, including those in leadership roles, routinely opted to move from history-on rooms to history-off Chats to hold sensitive conversations, even though they knew they were subject to legal holds. Indeed, they did so even when discussing topics they knew were covered by the litigation holds in order to avoid leaving a record that could be produced in litigation. As the examples below make clear, Google destroyed innumerable Chats with the intent to deprive Plaintiffs and other litigants of the use of these documents in litigation
Note: that's the argument the plaintiff's lawyers are making, not the final word on the matter
This is not true anymore. The judge in the case determined that the DOJ was right.
See: https://news.ycombinator.com/item?id=35363095
It gets a bit tricky privacy-wise if you cannot do same online. Though Google is probably the last company deserving any privacy.
According to [1], "The DOJ maintains Google should have suspended its auto-delete practices by 2019, when it was clear litigation was coming."
I found more details in [2] on the legal topic of evidence spoliation that might be interesting, though I'm not a lawyer and don't know what which law(s) are relevant in this case.
> And couldn't this just be circumvented by having an in-person meeting?
Yes, but there's presumably a difference between deleting evidence vs. not having it in the first place.
[1] https://gizmodo.com/google-employee-chats-deleted-evidence-j...
[2] https://www.americanbar.org/content/dam/aba-cms-dotorg/produ...
In the article it seems Google's "history off" feature isn't really history-off so much as it simply auto-deletes after 24h. If the chats were never logged, would they have avoided this?
Also how far does the law go regarding deletion - I mean if a message was stored in memory and then released/garbage collected does that still count as "deleting evidence"? Because if so, then virtually any means of electronic communication might be counted as "deleting evidence". For example a voip call audio buffer that gets deleted.
(Just thinking out loud, not that I would ever want to circumvent the law)
Hmm, so what if the chat said “let’s continue this discussion in the conference room”?
here I present you a case for the perils of remote work
The problem with Google Chat in this context is that even history-off Chats are kept for at least 24 hours before being destroyed (I’ve sometimes seen longer due to caching), so a record is created and then destroyed. That isn’t allowed when an obligation to preserve the record exists.
I admit I don’t know whether something like un-logged IRC would be allowed, but at the very least, any IRC clients that do log the history even for the purpose of displaying it locally after a crash and restart would themselves create a discoverable record subject to any applicable preservation obligation.
If you mean that remote workers are more likely to use Google Chat for sensitive information topics than in-person workers, yes, that could be an example of a peril of remote work. But, from the perspective of society rather than the company, making it harder for companies to hide misbehavior is actually an advantage of remote work.
Disclosure: I have worked for Google in the past, but not for more than 8 years now, and I have no inside knowledge of or connection to anything discussed in the submitted PDF.
Deleted Comment
There’s a general obligation to preserve records pertaining to the subject of actual ot reasonably anticipated litigation, and chats are records.
Deleted Comment
In one internal email sent in July 2018, a McKinsey executive appears to acknowledge the growing legal risk faced by Purdue Pharma over its opioid business.
"It probably makes sense to have a quick conversation with the risk committee to see if we should be doing anything other that [sic] eliminating all our documents and emails," McKinsey senior partner Martin Elling wrote in an email sent to another executive at the company. "As things get tougher here someone might turn to us."
Gah that is so incredible dumb and the fact that he didn't check himself before hitting 'send' is just perfect. Nothing like a bit of hubris to go with the mindset of a criminal. It makes you wonder what 'anything other' referred to.
At the HFT firm, the attitude was, "we're constantly being sued (by the SEC and others), so we treat all of our records like they're under litigation holds, just in case the SEC claims they wanted them, even the off-topic slack channels."
At Google, the attitude was, "we're constantly getting sued, so we treat all of our records as being as ephemeral as possible so we can avoid having a record of what we're doing."
Levine’s article makes a great point:
“It really is wild that the SEC’s official position is now that it is illegal to “use unofficial communications to do things like cut deals, win clients or make trades.” “Conduct their communications about business matters within only official channels”! Imagine if that was really the rule! You can’t have lunch with a client and talk about business, or have beers with your colleagues and gripe about work, because that does not create a searchable archive for the SEC to review.”
megcampbell@google.com: "it needs to be history off"
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
schramm@google.com: "should we have history off for this?"
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
margaretlam@google.com: "Hi Tim, if OK, can I ask you to turn history off :)"
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
margaretlam@google.com: [interesting exchange with another employee who is trying to follow the rules]
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
Paraphrasing: "What policy? I'm on multiple legal holds as well. I ignore them every day [smileyface] But if you want to follow the rules, I'll respect your decision. I'll just communicate with the others off the record. I only included you for optics reasons."
Some would say that company culture starts at the top. Here's the 50-year-old CEO:
https://ia802501.us.archive.org/21/items/gov.uscourts.dcd.22...
What kind of legal guidance were these people getting? When I worked at a big corp, we had regular meetings with legal that were reminders of how to treat sensitive subjects and it was taken very seriously.
https://ia601707.us.archive.org/28/items/gov.uscourts.cand.3...
jsinouye@google.com: "Hi, please use this chat for ops/policy/BD/escalations issues that need faster response. Please note: I would like to keep history off. Members are Shie, Camille, Dan, Court, Sherry, Jintae, Ash, Jami, me."
https://ia801707.us.archive.org/28/items/gov.uscourts.cand.3...
I worked at one shop that if you said "call my cell" in a slack to someone, you'd get a call from compliance within days ask to explain why you did this, what the conversation was about, why it wasn't on a work phone.. and to never, ever, ever do it again... because you know we are watching, so we will find you.
In fact, many Zoom conversations are expressly forbidden from being recorded at many financial firms. Again, that’s because no one is using zoom to make trades so there isn’t a requirement to record them and financial firms also don’t want to have to pay to keep things stored just so some lawyer can hit them with discovery.
A big current issue is when you use written correspondence that is not part of a system of record. See Finra Regulatory Notice 17-18 for details on that.
During yearly compliance training one thing that was stressed was not to mark anything A/C Priv unless it actually was. They made sure to call out that including someone from legal in an email chain does not make it A/C Priv and not to try anything like that. At the time I thought it was silly that the training went over such obvious things as "don't commit white collar crimes" in essence but apparently that's not how they do things at Google. I just can't wrap my head around why any of the many different people involved could ever look at what they were doing and think "yes, this is fine, I should continue this behavior". WTAF.
Seems like it might be time.
Many of them contain various personal data of clients and/or employees, legal makes us specify for how long each service needs to hold on to it, and purge as soon as possible to minimize chance of leaks.
It's on a high speed train heading in that direction now.
What I found interesting was the rationalization that "people would just cherry pick data and use it against us." Which belied the idea that if you saved all of it, you would be able to reconstruct it.
Also the storing of live traffic not to "look at" but to have a model of live traffic to test changes against. I once asked "why not create a statistical model of the traffic and use that?" and was responded "#1, people wouldn't believe you if you said this was 'just like actual traffic', and #2 we get live traffic for free with no engineering effort so its a win to use it instead."
They weren't wrong but they didn't really prioritize privacy or safety either.
"Nice website you got there. It'd sure be a shame if your competitors all were listed above it in search even when looking for it by exact name."
But I wouldn’t even go that far.
It's incredibly dumb to explicitly discuss avoiding leading a paper trail with respect to subjects where litigation is imminent or already in progress.
The point of these legal policies is generally to avoid unnecessary risk. From a legal perspective it's impossible to control communication completely but advice to reduce the scope or volume of legal holds is almost always reasonable. Legal holds can be really painful, and it's not uncommon for a lot of unrelated communications to become in-scope.
This is exciting to see, I hope it triggers real change in corporate culture but I suspect it might simply make it even worse.
I am not a vengeful type. But people need to be punished to a shocking degree until this is fixed. It should be surprising. And it should have terrible, if not horrific, consequences.
Australia has recently had multiple data breaches across a number of large groups that saw decades of user data copied .. that should have been PURGED.
Some of it arguably should never have been retained - proof of identity data, addresses, passport numbers, etc.
Obviously this isn't the same as internal emails, chat histories, etc but I'm hoping we here in Australia see a solid swing away from data retention "just in case", "because we can".
The default setting on all such things and software really needs to be nothing is saved unless specifically and knowingly set to be saved (for a solid recorded reason) and then for only the minimum neccesary duration.
There’s no law that says that you need to keep security camera footage for any length of time. If your practice to to retain for 7 days, and you get a subpoena to provide it 10 days later, no problem. But if you are directed to retain footage from February 30th, or have a reasonable foreknowledge that you should keep the footage, you’re in trouble.
The answers vary by company. If you sue or investigate people all of the time, you want to keep everything forever. If you get sued frequently, you want to get rid of the data as soon as practical. If you consciously don’t create records for matters that aren’t confidential, people are probably going to infer something.
I'd say it's incredibly dumb to do that on a platform that can record the interaction.
I never understood why folks use platforms like slack/email/etc. to discuss stuff they don't want others to know about.
The ideal for that, of course, is to have in-person conversations in a place either known to be free of surveillance and/or difficult to surveil.
Failing that, assuming you trust the other party (which, in a case like the one we're discussing, you'd think would be the case), an unrecorded telephone call (yes, you can actually still do that) will work in a pinch.
I don't know how many times (many, though), I've met with someone in person or spoken via telephone about stuff that might be less than flattering (for me, at least, nothing illegal/unethical -- usually more about discussing my or the other party's activities/behavior that might reflect poorly on either of us or the organization) to avoid any record of such conversation.
I'm not suggesting that people should organize/discuss unethical/illegal things on any platform (in person included). Rather, I am surprised that folks have and continue to do so on recorded (or even potentially recordable) media.
Especially someone as obviously (how else could he have come to head GOOG) smart and savvy as Pichai.
It's not like this is something new, is it?
Edit: Removed extraneous text.
Now I’m imagining tech executives having meetings in the bathroom with all the faucets going full blast whispering like the mafia dons of old.
If this goes through, all that will happen is that Google will re-engineer the backend to evade whatever standard set by the ruling. Who wins from this outcome? Perhaps the engineers getting paid and promoted to work on said project. Certainly not the courts or the "people".