Tom, destroying your phone doesn’t destroy the data

Taking over sports headlines today is the announcement that the NFL would uphold its suspension of star New England Patriots quarterback Tom Brady for his role in the now-famous “Deflategate” scandal, along with the bombshell disclosure that he allegedly destroyed his mobile phone instead of turning it over to investigators investigating his involvement in the altering of footballs in the 2015 AFC Championship.

What seems to be missing in this coverage is any challenge of the notion that simply destroying a smartphone is enough to delete all traces of texts, pictures, emails and other data. It’s not! For starters, pictures may be backed up in a cloud account (depending on settings), emails still reside on email servers and copies of texts remain retrievable from the telephone carriers. Of course, this is completely ignoring traces of pictures, emails and texts sent to and residing on devices belonging to others, in addition to screengrabs and printouts of any communications.

There are a few noteworthy (and pretty obvious) conclusions to draw from this:

1. NFL investigators clearly have forensic options available to them via email and carrier requests / subpoenas, should they legally allowed to request and receive texts and emails. Highly doubtful on their own, but theoretically Tom Brady would be able to complete his obligation to turn those over to investigators.

2. Athletes (and clearly the general public) still do not fully understand the extent of their digital footprints. Merely deleting a text, photo, email, Facebook post or tweet does not remove all worldly traces, nor does destroying a phone like Mr. Brady and his assistant seem to think. It is a lesson that many people still need to learn: carriers, email providers, search engines, social media companies and others retain much of our communication, data and histories on their servers. Everything today is discoverable and our expectation of privacy is almost non-existent.

3. Sensitive communication that should remain private should be restricted to phone calls (though those calls leave a trace as well) or in-person conversations. Thoughts, plans, ideas or comments you do not want to be splashed across ESPN should not be typed onto any type of device. This includes football PSI levels, thoughts about the worthiness of your starting quarterback or critical comments of simple fans voicing their opinions. (And of course, you can make a case for not saying any of that…verbal, written or otherwise).

Deflategate might be reaching its conclusion, but given that some of the data that was removed by Mr. Brady might still be out there, the potential exists that some air could be reinserted into the investigation.