Hiding Sensitive Data Can Be Tough in a Digital Age (fwd)

Jim Choate ravage at ssz.com
Mon Jan 14 07:28:53 PST 2002



---------- Forwarded message ----------
Date: Mon, 14 Jan 2002 09:23:10 -0500
From: "R. A. Hettinga" <rahettinga at earthlink.net>
To: Digital Bearer Settlement List <dbs at philodox.com>, dcsb at ai.mit.edu,
    cryptography at wasabisystems.com
Subject: Hiding Sensitive Data Can Be Tough in a Digital Age

http://www.nytimes.com/2002/01/14/technology/ebusiness/14DELE.html?pagewanted=print




January 14, 2002

Hiding Sensitive Data Can Be Tough in a Digital Age

By JOHN MARKOFF

SAN FRANCISCO, Jan. 13 - The modern task of successfully destroying
electronic documents has become daunting enough to give Oliver North
nightmares.

Mr. North is the Marine officer who became notorious during the Reagan-era
Iran-contra scandal after it was discovered he had tried to delete
thousands of e-mail messages, only to discover that they had been retained
on backup tapes and made available to Congressional investigators.

The issue of the destruction and possible retrieval of electronic data
burst into the news last week after Arthur Andersen & Company, the auditors
for the Enron Corporation (news/quote), said that the accounting firm had
destroyed a "significant but undetermined" number of documents relating to
Enron and its finances.

The embarrassing acknowledgment set off new demands from Congress that
Andersen produce a wide range of documents, including e-mail and other
computer files for investigators.

Today, Mr. North's efforts would be vastly more complicated because of
changing computer technologies and the emergence of the Internet, which has
ensured that there will be multiple copies of almost any electronic
document.

"Today documents aren't just stored. They're sent," said Mark Rasch, a
former federal prosecutor who is vice president for cyberlaw at Predictive
Systems (news/quote), a network security consulting firm based in Herndon,
Va. Even though many companies have general procedural rules that require
the periodic deletion of e- mail, he noted, messages can usually be
recovered.

"The sender and the recipient may have the message on their machine, in
addition to the server where it was stored," he said. "Unless there is a
tool used to remove it using military-grade technology, it can be
recovered."

Most computer-literate office workers now realize that simply deleting an
e-mail message or moving a document onto the trash icon on their computer's
desktop screen does not eliminate the data.

That is because modern computers organize information by using file-system
directories that point to physical areas on a disk drive where the data
resides. "Deleting" the information usually only breaks the link between
the directory and the data so that the original storage space can be reused
in the future.

To eliminate important data, some companies and individuals use software
tools that try to "wipe" files from storage disks by writing random strings
of 1's and 0's over the space where the files were stored. Others will use
programs that "defragment" disks by moving information around on the
surface of the disk so that data can be retrieved more efficiently, which
can also write over old data. Or they can reformat the drives entirely.

What most computer users do not realize, however, is that the world of
computer forensics has made huge strides in recent years, and it is now
remarkably difficult to hide data from a determined investigator.

"Computer forensics is going to play an important role in recovering
documents in the Enron case," said John Patzakis, president and general
counsel of Guidance software, a company in Pasadena, Calif., that makes
hardware and software used by law enforcement authorities as well as the
Big Five accounting firms.

Every action taken by a computer user leaves a telltale trail, he said, so
the act of deleting documents can itself be revealing.

"Not only can computer forensic techniques recover documents, but they can
inform investigators when and how they were deleted," he said. "It is often
possible to determine if a deletion is an innocent act pursuant to a
corporate policy or if there is an ulterior motive." Even more remarkable,
technical means exist to retrieve data that has been erased.

It is possible to take a disk apart and use an electron microscope to read
information from the individual magnetic spots on the surface of a disk
that may have been intentionally erased, Mr. Patzakis said.

Originally a tool of the intelligence world, this technique - which is
costly - has been used successfully in big legal cases.



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list