Your Erasures are Not Secure
A reader who recently attended a high-level security seminar along with a number of US government infosec employees has given me permission to post his description of the event...
Bona fides: The instructor spent 9 years sitting in the back seat of a USN spy plane. Most of the students (all but one or two of 22) were either current or recent past US government high level IT employees. One was a current DHS systems guy. Another was recent ex-NSA infosec. Several more were chief network security admins for Pentagon and the like.
Here is the scoop. We were discussing secure erasure of magnetic media, and a comment was made about recovering data using electron microscopy (to read remnant magnetic patterns in layers beneath current data) after a 7-pass overwrite (DOD standard for secure erasure - the presumed state of the art for wiping data.). I stated my belief that such a procedure had to be prohibitively expensive and that, absent becoming a"person of interest" to the NSA, should probably not be of concern. My statement went unchallenged by the instructor, but the ex-NSA guy was looking directly at me, with a friendly smirk, and shaking his head"no". On the next bathroom break, I asked him if he was implying that the procedure had become economical. He replied in the affirmative, and added that he was aware of a single DHS laboratory with five electron microscopes in 24x7 use for this purpose, and that other labs undoubtedly exist.
So now we know what happens to a TSA-confiscated laptop, and probably to many that are listed by the owners as as"missing or stolen in airport". The following day, class disucssion topic was techniques for limiting employee access to web pages at work. The DHS systems guy stated that the method currently under discussion would not work for him"because we have five sections that do nothing but look at libraries". Remember the incident a couple of years ago where the two DHS goons announced to patrons in the Maryland public libnrary that they were there to stop them from looking at porn, etc? The disclosure may have been unintended by TPTB, but evidently the attitude truly reflects DHS philosophy. Time and concerns about self-identifying as an anti-government person kept me from making further inquiries, but that certainly does not sound encouraging.
Going forward, the assumptions must be that no information that is not very securely and correctly encrypted is even remotely safe, Big Brother is watching everything that we do at the public library (in person or on-line), and the only way to securely erase data from magnetic media is to melt or completely incinerate it and scatter the ashes.
comments powered by Disqus
- Fake News and Fervent Nationalism Got a Senator Tarred as a Traitor During WWI
- Debunking Viral Story, Art Historian Says ‘Allah’ Does Not Appear on Ancient Viking Garment
- Will Trump Be Remembered as the Worst President in History? Almost Half Think So
- Thank This Man For Your Last-Minute Halloween Costume
- Letters from young Obama show a man trying to find his way
- Thomas Childers says we’ve got the Nazis wrong in 5 different ways
- National security expert Tom Nichols: “Hey, I’m unstable” is a bad look for the president
- Fake news? It’s nothing new, says Trinity College Dublin historian
- Historian discovers early Reformation writings “hiding in plain sight”
- Victor Davis Hanson says we shouldn’t be rushing to war with North Korea