Yahoo is in hot water over giving UK police and the FBI access to six months' worth of deleted emails as part of a transatlantic drug trafficking investigation, which might possibly be illegal.

A US judge has granted a motion forcing Yahoo to explain how exactly it is able to recover emails that have been deleted from a user's inbox, when its privacy policy on dealing with law enforcement explicitly declares that "Yahoo is not able to search for or produce deleted emails".

The motion has been granted as part of a convicted UK drug trafficker's appeal to try to get evidence against him thrown out of court by arguing that the information was illegally obtained by Yahoo.

A drug trafficking plot gone wrong

In 2009, Russell Knaggs, then 35, was serving a 16-year drug sentence in Lowdham Prison in Nottinghamshire, UK when he hatched a daring plan to import five tonnes of cocaine to the UK from Colombia by hiding the drugs in consignments of fruit that would be shipped from Costa Rica, California, Germany and Belgium.

To communicate with the supplier in Colombia, Knagg would log onto a Yahoo email account, type an email, but instead of sending it, he would save it to the Drafts folder. His accomplice would then log into the same account, open the Drafts folder, read the message, delete it, and type his own reply as a draft that wasn't sent either, in order to avoid creating a digital trail that could be discovered by the authorities.

Unfortunately for Knagg, his plan was discovered after prison wardens discovered an A4 piece of paper containing an outline of the plan during a search of his cell. To shore up the case, the UK's Serious Organised Crime Agency (SOCA) and the FBI asked Yahoo to provide them with six months' worth of deleted emails, and Yahoo complied with the request.

Yahoo
Yahoo has been ordered to reveal exactly how it is able to retrieve deleted emails as part of a drug trafficker's fight to get his conviction overturned Reuters

Is Yahoo's email retention system legal?

Knagg was convicted in 2012 in the UK courts and jailed for 20 years, together with four other individuals who helped in the plot, but he is now trying to get his conviction overturned by taking Yahoo to court in the US, claiming that the email provider was using an NSA-style real-time interception technology to bulk collect data, which contravenes privacy laws in the UK.

As spotted by Motherboard Vice, a judge is now demanding that Yahoo explicitly define how it is able to retrieve deleted emails. The email provider is ordered present a witness and provide documents on how the email retention system works, as well as a copy of the software's source code and instruction manuals used by Yahoo staff on how to retrieve the emails.

Yahoo has argued that it is able to recover the emails via its "auto-save" feature, which creates snapshots of an email account preserving its contents at a certain date, and that it provided law enforcement with four snapshots from the Yahoo account used by Knagg and his accomplice.

When a user starts composing an email, Yahoo's server automatically saves a copy of the email in the drafts folder, just in case the internet connection drops or the internet browser is closed for any reason. As time goes on, the server continually updates the saved copy of the unsent email with any changes the user is making to it, until the user decides to send the email, which is when the email leaves the Drafts folder.

If it is true that emails you delete can be retained and retrieved by Yahoo at any time, this means that you have no guarantee of online privacy from the service.