Can deleted text messages actually be retrieved?
ARI SHAPIRO, HOST:
On January 6, Secret Service agents were protecting Vice President Pence from an armed mob that wanted to kill him. Agents were also driving the president that day when, according to sworn testimony, Donald Trump physically tried to redirect the car to the Capitol. The Secret Service says text messages from that day were deleted and may not be recoverable. So what would it take to retrieve them? Paul Luehr is a former federal cybercrime prosecutor at the Department of Justice, and he's done these kinds of investigations before. Welcome to ALL THINGS CONSIDERED.
PAUL LUEHR: Hi, Ari.
SHAPIRO: So leaders of the House Select Committee investigating the insurrection put out a statement yesterday saying every effort must be made to retrieve the lost data. So walk us through what that might involve. To start with, what typically happens when somebody deletes a text message?
LUEHR: There's a big difference between deleting and wiping a message, and I think that's getting lost in the context here. So when you delete a message as a normal consumer, the message is actually not gone. So think of it like a table of contents that's been ripped out of a book. You might not be able to find the chapter page where that section of the book begins, but the story is still intact.
SHAPIRO: OK. So if the Secret Service says the texts were erased in a - system migration was their term. Is that deleting or wiping? Do you know what happened there?
LUEHR: That's probably wiping. If you simply delete a text, they are still available. And there are common forensics tools used by both law enforcement and civil investigators to recover them. If the message or the texts or the entire phone has been wiped, that's a bigger problem because in that case, the underlying content has actually been zeroed out or overwritten, and therefore it's no longer available, at least on that device. And that's kind of what's key here. I'm sure what the folks are doing now at Homeland Security and at the Secret Service is they're scrambling to see are there any other locations where these texts could be located?
SHAPIRO: I realize there are a lot of unknowns here, but what do you think the likelihood is that these messages can be retrieved somehow?
LUEHR: I think there's a likelihood we'll see a few messages come out. One possibility is going to other people in the conversation. So when I wipe my device, when I delete my entire conversation, it may disappear from my phone. But anybody else who was part of that conversation should still have those texts on their device.
SHAPIRO: Who ultimately owns this information? Is it the sender, the Secret Service, the tech company, the phone company, the recipient? I mean, like, whose is it?
LUEHR: (Laughter) Welcome to the modern world. This is a problem that all companies and even the government have because it usually boils down to who owns the device. But in many cases, the employer may actually give you a device, and then that employer will have a large say over who controls the device and all of the content on that device. In other situations, though, there's a concept called BYOD, bring your own device - not bottle. And that's where people are bringing their own phones to the workplace. And usually, there is a bargain struck between the employer and the employee. And they also will tell you if anything goes wrong and you lose your device or have it stolen, we reserve the right to delete it entirely.
SHAPIRO: The leaders of the January 6 committee say that the Secret Service might have violated the Federal Records Act in deleting these messages. Are there typically consequences for that?
LUEHR: Sure, there could be employment or administrative consequences, disciplinary action being brought against those particular individuals. Obviously, if the situation is even worse and there was a concerted effort to intentionally go out and hide this information or delete it, that could be a more serious charge, one that would be criminal in nature and brought to the Department of Justice or the FBI for investigation.
SHAPIRO: Paul Luehr is a former federal cybercrime prosecutor at the Department of Justice, now in private practice. Thank you very much.
LUEHR: Sure. Thanks for having me.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.