Take http://www.terminatedata for example, their program can even prevent analysis onf a disk magnetization. And there are others.

Anyways, I just thought someone would be interested. Again, sorry if it's not my place.

Pablo.

What I wonder is lets say a school board gets some new servers and decides to sell their previous ones. They run a some sort of data destroying program on all the drives. The filesystem is a 'journalled filesystem'. The purchaser of the server before doing anything, uses a forensic software utility (encase, accessData, open source) and manages to extract some personal information about a parent. Say they use or publish this data in some way. Can I as the parent hold the school accountable legally?
-mike

In short, there is some proportionality test involved.

Two other points:

- one advantage of the 'destroy the disk' (rather than wiping it) policy is that it takes very little skill to tell if the policy has been carried out. Some of the cases that Sharon refers to involve failure to wipe the disk. It's hard to tell by looking at a hard drive taken out of a computer whether it has been wiped, but not hard to tell if it's been broken into pieces, or had Calgarian holes drilled in it. And no special programs are needed for the purpose.

- if you're worried that CSIS or the CIA or someone else with much time and money and interest in the data will manage to read useful things even off small pieces of the drive (and I have seen credible statements that this is possible, with enough resources), then the counsel of perfection is to melt down the disk….

I suspect that a simple pass with a wiping tool would be entirely satisfactory well over 99% of the time, in the sense that any undead data would not come back to haunt their maker. But if one has that <1% valuable stuff, then more dramatic measures may be called for. (And that verifiability point I find compelling too.)

There are two main problems with the media of today with respect to the secure wiping of data. The first is the file system itself. Most file systems are 'journalled file systems' and these types of file systems are often installed by default. File systems such as Ext3, ReiserFS, JFS are some examples. In short, journalled have advantages for power failures and crashes while data is being written to disk to allow easier recovery. They also have the disadvantage of being difficult to securely wipe the data. As an example, one typical program called 'shred' contains this information right in the manual.

"CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes ….."

The other reason is the media itself. Most of the hard drives and media of today, abstract the actual address locations from the operating system. So for example when an operating system writes to cylinder 3, track 2, sector 1, the next time it writes to cylinder 3, track 2, sector 1, it is possible that the hardware uses a different area, and marks the old area as deleted. Doing things at the hardware level like this, does permit possible recovery using forensic techniques even if a program was used to securely wipe the data.

In 2003 Alberta's Privacy Commissioner released Investigation Report # H0252 which addressed the inadequate destruction of medical information from a computer that was ultimately resold. The information was readily available to be accessed by the next owner.

Also in 2003, the Bank of Montreal's asset disposal contractor was contractually responsible for
ensuring the hard drives were properly erased. Two Bank servers were to have been scrubbed but, thanks to an "operational error" they were offered for sale, and were sold, without having been wiped clean. The purchaser quickly discovered account information, names, SINs, and other sensitive personal information on the servers. The event was reported in the media; whether the IPC waded in or not is moot.

To claim that the low numbers of reported incidents is because there's been few incidents would be folly. From my 25+ years of experience in the field, it's clear that (a) people are reluctant to report and/or ignorant of what/where to report a suspected breach; and (b) many people simply do not recognize when a breach has occurred.

Contributing to the problem is the frequent lack of coordination between operational network and local systems and back-up systems, and with hot/cold backup sites. Users might think they've deleted all information — without knowing that it's just been backed up to an offsite storage facility.
At least there's a modicum of data containment in those circumstances.

Far less controlled is data on obsolete systems."E-cycling" roundups routinely receive computers that have not been wiped in any way. I've interviewed many of the donors, each of whom assured me that "there's nothing important" on the system, "just family stuff, like old tax returns." And these donors are many of the same people who work in our governments and industries and are responsible for safeguarding sensitive information. Has any of them ever reported that information from the system they donated was used inappropriately? Would they even know? And without that knowledge, how would they be able to file a complaint to be investigated?

Unfortunately, in government and private sector organizations across North America the level of ignorance about these issues continues to be extremely high — and therefore the risk to sensitive personal and corporate information continues to be high. And when the decision-makers in industry and government don't understand the fundamental issues, they don't take it seriously or give proper funding or support to Access and Privacy Professionals, document management programs, or training and awareness programs to increase knowledge and reduce the risk.