Your Erasures are Not Secure
A reader who recently attended a high-level security seminar along with a number of US government infosec employees has given me permission to post his description of the event...
Bona fides: The instructor spent 9 years sitting in the back seat of a USN spy plane. Most of the students (all but one or two of 22) were either current or recent past US government high level IT employees. One was a current DHS systems guy. Another was recent ex-NSA infosec. Several more were chief network security admins for Pentagon and the like.
Here is the scoop. We were discussing secure erasure of magnetic media, and a comment was made about recovering data using electron microscopy (to read remnant magnetic patterns in layers beneath current data) after a 7-pass overwrite (DOD standard for secure erasure - the presumed state of the art for wiping data.). I stated my belief that such a procedure had to be prohibitively expensive and that, absent becoming a"person of interest" to the NSA, should probably not be of concern. My statement went unchallenged by the instructor, but the ex-NSA guy was looking directly at me, with a friendly smirk, and shaking his head"no". On the next bathroom break, I asked him if he was implying that the procedure had become economical. He replied in the affirmative, and added that he was aware of a single DHS laboratory with five electron microscopes in 24x7 use for this purpose, and that other labs undoubtedly exist.
So now we know what happens to a TSA-confiscated laptop, and probably to many that are listed by the owners as as"missing or stolen in airport". The following day, class disucssion topic was techniques for limiting employee access to web pages at work. The DHS systems guy stated that the method currently under discussion would not work for him"because we have five sections that do nothing but look at libraries". Remember the incident a couple of years ago where the two DHS goons announced to patrons in the Maryland public libnrary that they were there to stop them from looking at porn, etc? The disclosure may have been unintended by TPTB, but evidently the attitude truly reflects DHS philosophy. Time and concerns about self-identifying as an anti-government person kept me from making further inquiries, but that certainly does not sound encouraging.
Going forward, the assumptions must be that no information that is not very securely and correctly encrypted is even remotely safe, Big Brother is watching everything that we do at the public library (in person or on-line), and the only way to securely erase data from magnetic media is to melt or completely incinerate it and scatter the ashes.
comments powered by Disqus
- Rise of Donald Trump Tracks Growing Debate Over Global Fascism
- Tales of African-American History Found in DNA
- History Celebrates New Show Roots With Project to Digitize Post-Slavery Documents
- In 1453, this Ottoman sultan ended Christian rule in Constantinople. But was he a good Muslim?
- Abraham Lincoln's Emancipation Proclamation among documents sold for $6.2m in New York
- History Relevance Campaign meets at the Smithsonian
- Bernard Lewis Turns 100
- David Lowenthal, author of "The Past Is a Foreign Country,” says it’s folly to scratch the names of slaveholders off buildings
- Jean Edward Smith, biographer of FDR and Ike, has a new biography coming out … of George W. Bush
- Flora Fraser, biographer of George and Martha Washington, wins $50,000 George Washington Prize