This week the National Football League upheld a four-game suspension of New England Patriots quarterback Tom Brady stemming from his involvement in the so-called Deflategate scandal. The affair centered around footballs used by the Patriots in last season's AFC championship game, which were found to be below the pressure level mandated by league rules. The NFL requested Brady hand over his cell phone, on which he allegedly had exchanged text messages about the deflated balls, but Brady destroyed it first--a move the NFL believes was intended to get rid of evidence that implicated him.
But in a world of automatic backup in the cloud, digital forensics, and the NSA's mass data collection, is Brady's data really gone forever?
"Smashing a phone may not destroy the data on the phone," Aamir Lakhani, senior security strategist for network security firm Fortinet, tells Inc.
It's true. NAND flash chips, where most of the data on a phone is kept, are very durable. Even if the chips are burned, kept under water for a year, or crushed, digital forensics potentially can recover stored photos, video, and messages.
If the phone is gone all altogether though, does the data disappear along with it? That's not a simple yes-or-no question, says Jon Callas, the co-founder of Silent Circle, a company that makes an encrypted smartphone called The Blackphone. "Deleting data is inherently not as effective as saving data," he says.
Most smartphones have a fairly effective backup function, so if you drop your phone in a puddle, you can get a new one from your carrier with all of your information intact. Backing up lets us "keep the things we want to keep and get rid of everything we want to delete," Callas says. Brady's situation, he adds, sheds light on a related issue. "People are not as good at deleting things they want to delete."
Below, check out all the ways you can, or cannot, successful destroy data on your mobile device.
Believe it or not, Brady was onto something. "Backing over your phone with a car is not a bad move," Callas says. Just remember that the flash memory chips are super resilient--you'll have to obliterate the phone and its chips. Your phone records will have the numbers you have been communicating with, but carriers do not collect the contents of those communications.
"If there was no court order, the carrier wasn't collecting the messages or voice communications that can be caught on a wire. If it turns out that the carrier could bring back the messages, it would be a big privacy scandal," he says. "It would mean that they have a server keeping everyone's communications. If you erase your phone, then the messages are gone from that device. But, there are backup systems that will transfer old messages to your new phone."
Five years ago, Apple and Android phone makers began adding encryption features. Apple's iMessages are encrypted by default, while Android phones must be set up to encrypt text messages. This means that even if the messages were found, no one would be able to read them. Messaging apps are less consistent: Snapchat, for instance, has been known to hold onto its "ephemeral" messages on its servers, while WhatsApp is rolling out message encryption too. Silent Circle's new feature, called Burn Notice, allows you to set a time limit for messages to be deleted from your phone and the recipient's phone. The recipient's phone is key--you can delete messages, emails, and photos all you want, but if the recipient does't do the same then a copy remains, waiting to be found.
Apple, Android, and Silent Circle all have remote wipe functions to delete everything on the phone in case it gets lost, stolen, or you need to delete your data before you sell it. While wiping is not bulletproof, Callas says tech companies have beefed up their security protocols because older phones have been known to keep a surprising amount of data after being wiped.
Emails love to stick around. They are "a strange case legally speaking--there are special provisions for collecting emails," Callas says. "They are sitting up on a server somewhere. If you delete them, they will go into the server's delete system and may or may not be recoverable."
Text and picture messages (SMS and MMS)
Here's where things go completely unprotected. Anytime you send a regular text or picture message, also known as SMS and MMS respectively, the contents are unencrypted--meaning they can be intercepted and read by hackers or government spooks. Photos sent as an MMS can leave geolocation and other metadata behind even after a phone is wiped.
"Presume that no SMS that you send is private. The NSA collects messages and Internet data for 60 days or more. We don't know what they are doing exactly, but I wouldn't be surprised if they keep all SMS in the world for at least 60 days," Callas says. But would the NSA help nab Tom Brady, or help prove his innocence? He suggests keeping a little perspective: "They are after terrorists, not NFL players deflating footballs."