Hiding Sensitive Data Can Be Tough in a Digital Age (fwd)
---------- Forwarded message ---------- Date: Mon, 14 Jan 2002 09:23:10 -0500 From: "R. A. Hettinga" <rahettinga@earthlink.net> To: Digital Bearer Settlement List <dbs@philodox.com>, dcsb@ai.mit.edu, cryptography@wasabisystems.com Subject: Hiding Sensitive Data Can Be Tough in a Digital Age http://www.nytimes.com/2002/01/14/technology/ebusiness/14DELE.html?pagewante... January 14, 2002 Hiding Sensitive Data Can Be Tough in a Digital Age By JOHN MARKOFF SAN FRANCISCO, Jan. 13 - The modern task of successfully destroying electronic documents has become daunting enough to give Oliver North nightmares. Mr. North is the Marine officer who became notorious during the Reagan-era Iran-contra scandal after it was discovered he had tried to delete thousands of e-mail messages, only to discover that they had been retained on backup tapes and made available to Congressional investigators. The issue of the destruction and possible retrieval of electronic data burst into the news last week after Arthur Andersen & Company, the auditors for the Enron Corporation (news/quote), said that the accounting firm had destroyed a "significant but undetermined" number of documents relating to Enron and its finances. The embarrassing acknowledgment set off new demands from Congress that Andersen produce a wide range of documents, including e-mail and other computer files for investigators. Today, Mr. North's efforts would be vastly more complicated because of changing computer technologies and the emergence of the Internet, which has ensured that there will be multiple copies of almost any electronic document. "Today documents aren't just stored. They're sent," said Mark Rasch, a former federal prosecutor who is vice president for cyberlaw at Predictive Systems (news/quote), a network security consulting firm based in Herndon, Va. Even though many companies have general procedural rules that require the periodic deletion of e- mail, he noted, messages can usually be recovered. "The sender and the recipient may have the message on their machine, in addition to the server where it was stored," he said. "Unless there is a tool used to remove it using military-grade technology, it can be recovered." Most computer-literate office workers now realize that simply deleting an e-mail message or moving a document onto the trash icon on their computer's desktop screen does not eliminate the data. That is because modern computers organize information by using file-system directories that point to physical areas on a disk drive where the data resides. "Deleting" the information usually only breaks the link between the directory and the data so that the original storage space can be reused in the future. To eliminate important data, some companies and individuals use software tools that try to "wipe" files from storage disks by writing random strings of 1's and 0's over the space where the files were stored. Others will use programs that "defragment" disks by moving information around on the surface of the disk so that data can be retrieved more efficiently, which can also write over old data. Or they can reformat the drives entirely. What most computer users do not realize, however, is that the world of computer forensics has made huge strides in recent years, and it is now remarkably difficult to hide data from a determined investigator. "Computer forensics is going to play an important role in recovering documents in the Enron case," said John Patzakis, president and general counsel of Guidance software, a company in Pasadena, Calif., that makes hardware and software used by law enforcement authorities as well as the Big Five accounting firms. Every action taken by a computer user leaves a telltale trail, he said, so the act of deleting documents can itself be revealing. "Not only can computer forensic techniques recover documents, but they can inform investigators when and how they were deleted," he said. "It is often possible to determine if a deletion is an innocent act pursuant to a corporate policy or if there is an ulterior motive." Even more remarkable, technical means exist to retrieve data that has been erased. It is possible to take a disk apart and use an electron microscope to read information from the individual magnetic spots on the surface of a disk that may have been intentionally erased, Mr. Patzakis said. Originally a tool of the intelligence world, this technique - which is costly - has been used successfully in big legal cases. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (1)
-
Jim Choate