Told Ya So!
Back in April of 2008, I wrote here that a single overwriting pass was sufficient to obliterate hard drive data, and that the stories of post-wipe data recovery were preposterous--the stuff of urban legend. I put my money where my mouth was and offered a new iPod to anyone who could prove me wrong. No one ever did, but maybe no one cared enough to try.
Well, I'm happy to report that my friend, Dave Kleiman, and colleagues, Craig Wright and Shyaam Sundhar, definitively proved that multipass erasure is a waste of time, and that one good pass is more than sufficient to protect data from recovery despite heroic efforts.
I'd scoffed at the notion of using magnetic force microscopy (MFM) to achieve practical recovery of single-pass overwritten data, and so I'm pretty pleased that some smart folks have tried to to use MFM to do just that and proven that it's a dead end.
The outcome in their words: "In many instances, using a MFM to determine the prior value written to the hard drive was less successful than a simple coin toss," concluding, "The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."
I couldn't have said it better myself--oh, wait, wait, that's exactly what I DID say a year ago! Please forgive the smug "I told you so," but when a blind hog stumbles upon an acorn, it's only right to wallow around a bit!
You can read more here.
Interesting article. Looks like you made a great call.
But how do you explain DOD requirements? Plus all those experts that go around saying a ledge hammer is the only way to be sure data is gone. Popular delusions, yes? But DOD delusions too? You would think our military would know something, but perhaps that is why military intelligence is considered an oxymoron.
Posted by: Ralph Losey | January 24, 2009 at 10:53 AM
Hi Ralph:
By "DOD Requirements," I assume you're referring to the matrix set out in the National Industrial Security Program's Operating Manual (DoD 5220.22-M) which used to dictate that hard drives be sanitized by, inter alia, overwriting all addressable locations with a character, its complement and a random value?
I could say that 5220.22-M is correct for the same reason that 3 oz. of toothpaste poses no threat to aviation security whereas 4oz. requires seizure and suspicion. Fear is ignorance's greatest ally. Or, as Bertrand Russell said, "Neither a man nor a crowd nor a nation can be trusted to act humanely or to think sanely under the influence of a great fear."
Instead, I'll note that the 5520.22-M matrix emerged at a time in the early 1990's when data remanence was a more plausible concern. You'll recall that the areal density of early 90's hard drives was vastly different than today. Further, we hadn't completed the jump from stepper motors to servos so ghost track remanence was a more plausible concern. And remember, in the early 1990's, magnetoresistive heads were not in wide use, so the capacities of consumer drives were still being measured in megabytes. Explosive growth in areal density and ubiquitous use of servo tracking by voice coil actuators changes everything. 5520.22-M still has to deal with old equipment. But just because the government takes away your toothpaste doesn't make it dangerous.
Posted by: Craig Ball | January 24, 2009 at 01:02 PM