Unsending an Email
posted by Daniel Solove
From CNN:
Most of us have done it.
Instead of hitting “reply” to an e-mail, we accidentally push “reply all,” sending a potentially embarrassing or insulting message to those we didn’t intend to see it.
To address this problem, Google Inc.’s Gmail Labs has launched an experimental feature called “Undo Send” that gives users a chance to rewrite their message, correct settings or simply fix typos.
When a Gmail user who enables this feature sends an e-mail, a button that says “Undo” will pop up on their screen for five seconds. If the user hits the button within that time, the service will retrieve the e-mail in draft form — allowing the user to make changes or cancel the message altogether.
I assume that this service works by delaying sending out an email after the user hits the send button. Suppose that Google offered a different service, one that allowed users to edit or delete emails sent after being received by recipients. Currently, I don’t think it would be possible within the technical architecture of email systems, but I wonder whether there’s a way it could be possible and/or legal. Would such a service be desirable? It would certainly be so for senders, who may want to zap the existence of emails they later came to regret. But what about the recipients, who would suddenly see emails vanish from their inboxes or change in content?
March 25, 2009 at 7:31 pm
Posted in: Privacy, Privacy (Consumer Privacy), Technology
Print This Post
Responses (15)
chris - March 25, 2009 at 7:47 pm
Last april fools they had a press release for a feature that allowed you to change the time stamp on an email to make it look like it was sent earlier than what it really was. I.e., you could have an email appear to have been sent 2 days before a deadline as opposed to an hour after it.
chris - March 25, 2009 at 7:48 pm
http://mail.google.com/mail/help/customtime/index.html
chris - March 25, 2009 at 7:48 pm
http://mail.google.com/mail/help/customtime/index.html
Daniel J. Solove - March 25, 2009 at 7:54 pm
Chris — There was an old SNL commercial skit that predates the Google joke about a mail service that allows you to send packages late, backdate them, then blame the mail service for the lateness. The ad said that the company would take the blame so you wouldn’t have to. Its motto was something like: “When it absolutely, positively has to be there the day before yesterday.”
A.J. Sutter - March 25, 2009 at 7:55 pm
This reminds me of a 1,600-year-old joke recently reported in the TLS in a review about ancient Greek humor (2009/02/20 @ 3):
Patient: Doctor, when I get up in the morning I feel dizzy for 20 minutes.
Doctor: Get up 20 minutes later, then.
fishbane - March 25, 2009 at 8:12 pm
Lots of corporate mail systems have had this feature. I still occasionally get MS Exchange “so and so would like to recall this message” notices – I see them, as I don’t use exchange, but within a user population, it at least used to work.
Of course, inside a corporation, different rules apply than if it were part of our normal email architecture.
Side query – would the legal reasoning apply if email had been designed from the ground up with that “feature”? What if it were simply part of the protocol from the beginning? Nobody would have been forced to be subject to it – just don’t use the protocol.
Ml - March 25, 2009 at 8:17 pm
The problem is: you can’t un-ring a bell. Once you send an email, I can print it out, back it up, and forward it, all of which preserves the content of the original e-mail. I don’t see how you could get around that, unless you recalled the e-mail before anyone was read it.
Frank - March 25, 2009 at 9:04 pm
Fascinating. Am I right to think that in the law of letters, the recipient owns the letter itself, but the sender owns the copyright in the content of the letter? If that maps to email, then perhaps the program would be destroying the recipient’s property if it zapped the letter…though I imagine the Terms of Service have already given the email service plenary power to do just that.
Jay Levitt - March 25, 2009 at 9:53 pm
I implemented unsend for AOL (which, TTBOMK, still has it).
Google does indeed add a built-in delay; it defaults to 5 seconds, but you can change that to 10 seconds.
Internet mail is store-and-forward, so you’re right; an Internet-based mail systems can’t do any better. If you have a “rock mail” system like AOL or Exchange, you can do true unsending. (Rock mail: The message itself is on a centralized server. When I send you an e-mail, I’m really just saying, “I put a message under this rock. Go look for it.”)
At the time, only a fraction of AOL mail was sent to the Internet, so store-and-forward wasn’t a big problem. For rock-mail recipients, we actually implemented it two different ways – one for Apple’s AOL-hosted eWorld and one for AOL itself.
eWorld had the ability to unsend any non-Internet mail, no matter what. This runs into exactly the awkwardness MI mentions: if I send you an e-mail, you open it, and then I unsend it, it’s still on your screen. But if you closed it without saving it – and that was rarer in the days of small hard drives and slow printers – then it was gone, and you couldn’t read it again.
AOL’s version was more limited. If any of the recipients had read the e-mail, you could no longer unsend it. In fact, we might have gone even further; it was possible for us to see if any of the recipients had listed their inbox, and thus if anyone had been aware of the e-mail’s existence at all. I forget which way we did it.
Naturally, the AOL flavor was named “ethical” unsend. If nobody finds out you did something, it must clearly be ethical.
I don’t recall any legal concerns about it, and we were fastidious about e-mail privacy (although this was before ECPA codified our responsibilities). So I’d assume that Frank’s right, and we felt that the Terms of Service allowed us to do it.
Steven M. Bellovin - March 25, 2009 at 11:30 pm
There are a variety of implementations that sometimes work…
As noted, Microsoft Exchange has that feature; however, it only works within Exchange. It does not use any Internet-standard ‘recall this message’ scheme, since none exists. Even if one were designed, if it’s mail as mail it can’t work reliably; the receiving system is free to ignore the request, since there is no Internet “protocol police” to force them to comply with the recall message.
Other schemes rely on something essential to reading the message being stored on the sender’s machine. To recall a message, delete that piece. For example, the message could be sent encrypted, with a URL to retrieve the key. Of course, most people don’t have mail readers that understand encryption; beyond that, having to click on a link to retrieve a key violates the receiver’s password, since it indicates when he or she actually tried to read the message. Indeed, depending on circumstances, it can disclose geographic information the recipient may prefer to conceal.
The other variant, more compatible with virtually all mailers, stores the mail itself on some web server, and sends the URL instead, with a request that the recipient click on it. As before, there are privacy issues. Besides, many people will not click on random links arriving in email purporting to be from someone they know. In theory, one could construct an email message that did the external reference automatically. There’s a feature of HTML called an IFRAME; in essence, an IFRAME is a mini-web page embedded within some larger HTML document. But mailers typically disable autofetching of content, for precisely the privacy reasons I just outlined.
Bottom line: it cannot be done, even in principle, unless the recipient’s mail server is willing to cooperate or if the recipient is willing to sacrifice some privacy and perhaps convenience. You can work around the privacy issue by putting the other part on some trusted third party server, but that requires everyone to actually trust it.
Michael Risch - March 26, 2009 at 7:24 am
A company called “invisible ink” implemented the kind of system Steven Bellovin describes – it sent the email in a form that required decryption, such that the message would become unreadable after a certain period of time.
C.T. - March 26, 2009 at 9:53 am
This concept seems to raise similar policy concerns that animated Facebook’s adjustments to their terms of service and the
hubbub that ensued. The changes ostensibly gave Facebook rights to the content people posted on their pages, even after a user deleted their profile. Facebook claimed that the purpose of the change was to alleviate them of liability in the event that the departing user had posted their photos on another user’s wall. Essentially, Facebook did not want to be faced with the issues that would flow from the ability to “unsend” regrettable emails.
Bruce Boyden - March 26, 2009 at 1:12 pm
“When it absolutely, positively has to be there the day before yesterday.”
I’m pretty sure that was “Einstein Express,” which used time travel to actually *get* your package there the day before yesterday. If Google could only figure out a way to do THAT…
Jeff Lipshaw - March 28, 2009 at 11:17 pm
I hear Toni Braxton has a take on this:
Un-do that mail
Go in another’s domain
Un-do that “send” that you hit
When you wanted to spit
But you didn’t delete
Un-type that note
It made “Above the Law”
Un-do that mail.
That mail.
Derek - April 5, 2009 at 3:31 pm
Lotus Notes does this…
Leave a Reply