РегистрацияЭто старая редакция страницы Библиотека / Основы / S S D / Данные У Третьих Лиц / Вы / Защита S M S за 09/03/2009 12:38.
Protecting SMS
Avoid Texting Sensitive Communications
Major cell phone providers claim that they don't log your SMS text messages except for a very short period of time to ensure delivery (see, e.g., statements from providers in this news story entitled "Most Text Messages Are Saved Only Briefly", or another article containing similar claims). However, there is reason to doubt these claims: we've seen several cases where SMS messages were disclosed by a provider months or even years after they were originally sent. For example, as USA Today recounts, text messages were subpoenaed in the Kobe Bryant rape case four months after they were sent, despite A&T Wireless' claims that customers' text messages are deleted within 72 hours. According to that story, "How messages in the Bryant case would be available four months later isn't known; most likely they were retrieved from an archival storage system." Considering such incidents, provider-side logging of your SMS text messages must be considered a high risk.
Furthermore, although we think that the Stored Communications Act and the Fourth Amendment require the government in most cases to get a warrant before obtaining your pager or SMS messages from your provider, there are several known cases where it has obtained such messages without warrants under the lower legal standards reserved for non-content records, using only subpoenas.
Not only is there the threat of your provider logging your messages and the government subpoenaing them, but also the near certainty that the phones of the people you are communicating with are logging those messages, adding yet another point of vulnerability. That's in addition to the logs on your own phone, which you should delete regularly based on the data retention policy[создать] you developed after reading about "Data Stored on Your Computer." However, keep in mind that with the right forensic tools, investigators will likely be able to recover even those deleted messages if they ever get a hold of your phone, and the secure deletion[создать] options for mobile devices[создать] are still quite limited.
Finally, although there have been some efforts at coming up with encryption solutions that work for SMS (as described in our mobile devices[создать] article), none of those techniques are easily or widely used.
Therefore, given the possibility that your SMS texts are logged by your provider, that the government may be able to obtain those messages from your provider without warrants and without notice to you, and that such messages are hard if not impossible to encrypt, along with the certainty that they will be logged on your phone and the phones of the people you communicate with, we strongly recommend against using SMS for any sensitive communications.
