« Forget everything you know about the Internet | Main | Three kinds of randomness... »

Simson Garfinkel and deleting for real

”The main difference between the European and American view of privacy is that in the US you have a responsibility as a data subject to actually watch over your personal data. If you disclose it you loose the expectation of privacy that you would otherwise have enjoyed. In the EU the responsibility is focussed on the collecting party, not the data subject”, explains Dr Garfinkel when we discuss privacy issues. He is a nestor in this field, with several books, papers and projects that testify to his deep knowledge of the issues. His observation is interesting, even though it can be challenged. The EU is after all focusing not only on the data collector, but rather on the personal data as such. Anyone that handles personal data – much like people who handle explosives – have rights and duties that follow from the legislation in place. But Garfinkel has a point - and his unique perspective on privacy is a strength in the on-going debate about the future of the private sphere.

But isn't privacy dead? This was after all the argument made by the provocative book The Transparent Society, by physicist David Brin. Brin argued that privacy was dead (and had the audacity to add a ”good riddance” to that observation), and that we had now better focus on issues of access to personal data, rather than try to preserve the already fictional privacy of individuals. Brins argument is met with vehement anger from Garfinkel and other privacy activists. The find it ”childish”, ”extremely shallow” and call Brin a blatant: ”technological determinist”. And the perhaps most interesting thing is this: they do not agree with him. Garfinkel in fact thinks that this time in our history will be remembered as the ”wild west of privacy”, when we had no clear regulations in place and faltered in our belief in this democratic core value. Things will, he thinks, become much better.

Maybe. It depends on many different factors, one of which is technology. Here Garfinkel is involved in one of the perhaps most interesting technological development projacts that the privacy scene has seen for some while. Classical privacy enhancing technologies fail because they add to much perceived cost to the user: noone has patience with configuring P3P-options or encrypting e-mails, and the idea of privacy brokers as it was launched by John Hagel III has never succeeded commercially. Early companies, like Privada, have returned to other, more security software oriented markets. But what if we could find a small, simple function that could, if modified only slightly, help privacy to develop in a much more positive way than today? If so, we could enhance privacy in a way that would be transparent to users and still very positive.

Garfinkel has found one such simple function: the delete and format commands in most common operating systems. Windows, for example, does not delete files that are deleted. It simply forgets where it put the file – but the file is still there, on the hard drive for anyone with the computer forensics skills to find. Garfinkel has already managed to get Apple to fix this in their operating system: there is now a secure way to empty the trash can, so that when it is emptied, the files are actually overwritten with random data seven times.

Why seven? Garfinkel sighs, puts his head in his hands and murmurs something inaudible. It turns out that there is no need to overwrite old data more than once, perhaps twice, but companies compete with the number of times the overwrite old data – as if this would in fact increase the level of deletion. In modern hard drives this is quite impossible to prove. Instead, it turns out, this is only a grotesque waste of computing capacity and speed.

”7 times are 6 times too many.” Garfinkel notes, and it slows the system 6 times more than necessary. But the perception of security seems to lie in magic numbers, still.

Garfinkel has in fact developed technologies for erasing and deleting data more completely, and he thinks that these technologies should be mandatory. In fact, he has even had the law changed by his one-man-privacy-lobbying-campaign. Companies that their own used hard drives have an obligation to erase them securely before they do so, he tells us. But resellers do not, and this is something tha Garfinkel wants to change.

Together with a German company he is currently buying used harddrives on Ebay – he has around a hundred different harddrives in his office, perhaps more – and he looks for personal data on these, to try to ascertain how many users actually delete their data before selling a harddrive, or if they do erase them if they erase them securely, not only using the substandard deletion commands in their operating systems.

His project has shown that second-hand harddrives that are not securely formatted may actually represent a huge risk to privacy for unsuspecting individuals.

Garfinkel hopes that Microsoft will include a secure deletion command in Vista, the upcoming version of Windows, and he says that he has at least gotten a verbal promise that this will be the case.

In his crusade against privacy infringing technologies, Garfinkel has also testified about computer forensics in court. In one case he succeeded in showing that the log files used to accuse a man in a case, where an ISP had suffered an intrusion attack in their systems that cost them a third of their customers, hade spelling errors and typos. Log files never have typing errors, he stated and showed the court the typos.

The prosecutor's side then had to admit that yes, they had edited the log files in a word processor – which of course amounts to tampering with evidence – something that weakened their case enormously. Garfinkel then could show that the timestamps on the log files – formulated as the number of days since 1/1 1970 – actually showed that the logs were written several weeks after they were printed. The timestamp mismatch clearly showed that the logs were fabricated and the accused was acquitted.

Computer forensics is a new field, but it will grow in importance as more and more court cases actually have to deal with digital evidence of different kinds. It will be interesting to see how Garfinkel changes this field as well...

Posted by Nicklas on April 11, 2006 08:04 PM |

TrackBack

TrackBack URL for this entry:
http://www.myothernotes.com/cgi-bin/mt/mtb.cgi/16

Listed below are links to weblogs that reference Simson Garfinkel and deleting for real:

» bupropion from bupropion
puegawax eqe [Read More]

Tracked on October 21, 2006 03:06 PM

» actos from actos
tyoiqa ago [Read More]

Tracked on October 21, 2006 03:09 PM

» atenolol from atenolol
qeafeti ulipoc [Read More]

Tracked on October 21, 2006 07:00 PM

» bactrim from bactrim
an oabewr [Read More]

Tracked on October 21, 2006 07:07 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)