Your Erasures are Not Secure
A reader who recently attended a high-level security seminar along with a number of US government infosec employees has given me permission to post his description of the event...
Bona fides: The instructor spent 9 years sitting in the back seat of a USN spy plane. Most of the students (all but one or two of 22) were either current or recent past US government high level IT employees. One was a current DHS systems guy. Another was recent ex-NSA infosec. Several more were chief network security admins for Pentagon and the like.
Here is the scoop. We were discussing secure erasure of magnetic media, and a comment was made about recovering data using electron microscopy (to read remnant magnetic patterns in layers beneath current data) after a 7-pass overwrite (DOD standard for secure erasure - the presumed state of the art for wiping data.). I stated my belief that such a procedure had to be prohibitively expensive and that, absent becoming a"person of interest" to the NSA, should probably not be of concern. My statement went unchallenged by the instructor, but the ex-NSA guy was looking directly at me, with a friendly smirk, and shaking his head"no". On the next bathroom break, I asked him if he was implying that the procedure had become economical. He replied in the affirmative, and added that he was aware of a single DHS laboratory with five electron microscopes in 24x7 use for this purpose, and that other labs undoubtedly exist.
So now we know what happens to a TSA-confiscated laptop, and probably to many that are listed by the owners as as"missing or stolen in airport". The following day, class disucssion topic was techniques for limiting employee access to web pages at work. The DHS systems guy stated that the method currently under discussion would not work for him"because we have five sections that do nothing but look at libraries". Remember the incident a couple of years ago where the two DHS goons announced to patrons in the Maryland public libnrary that they were there to stop them from looking at porn, etc? The disclosure may have been unintended by TPTB, but evidently the attitude truly reflects DHS philosophy. Time and concerns about self-identifying as an anti-government person kept me from making further inquiries, but that certainly does not sound encouraging.
Going forward, the assumptions must be that no information that is not very securely and correctly encrypted is even remotely safe, Big Brother is watching everything that we do at the public library (in person or on-line), and the only way to securely erase data from magnetic media is to melt or completely incinerate it and scatter the ashes.
comments powered by Disqus
- Rubio Surges Into Second In New Hampshire
- Branstad Says Cruz Ran ‘Unethical’ Campaign
- Christie Highlights Santorum’s Endorsement of Rubio
- Portman Comes Out Against Trade Deal
- Megyn Kelly Gets a Book Deal
- A Big List of the Bad Things Clinton Has Done
- An Unambiguous Sign Sanders Won Last Night’s Debate
- Still Friends at the End
- Quote of the Day
- Trump Still Leads as Clinton Slips
- Clinton Can’t Shake Image as Wall Street’s Friend
- Maddow Doesn’t See Sanders Winning
- Why Does the Media Still Shield Chelsea Clinton?
- Bush Jokes His Mother May Have Abused Him
- Rubio Closes the Gap in New Hampshire
- Mary Beard, herself a bestselling author, wonders why more women historians aren't
- Princeton U. historian Imani Perry claims mistreatment in parking ticket arrest
- Retired historian George Dennison remains on the payroll at the U. of Montana while faculty are cut
- The Atlantic profiles exciting ways to teach history
- LDS Church has gone from 0 to 4 historians specializing in women’s history