Zen and the Art of Data Destruction

This morning a friend pointed me to the following blog article by David Bradley On the BBC TV news this morning, there was video footage of a man in overalls feeding hard drives, one after the other, into an incinerator. The hard drives had...


This morning a friend pointed me to the following blog article by David Bradley

On the BBC TV news this morning, there was video footage of a man in overalls feeding hard drives, one after the other, into an incinerator. The hard drives had been pulled from computers used in the UK government's failed ID card endeavours. Now, forgive me, it may have been purely for show and it was easier to publicly have an operative burn the disks rather than show an IT person using scrubbing software to remove all the data they contain and so allow the drives to be re-used. But. If they really are burning them, two things:

Where he goes on to outline (actually) three questions - why not digitally erase the data, why not use cryptography to have rendered the data unreadable by third parties, and why were so many hard disks involved?

In response I submitted the following - now lightly edited and clarified - comment, but I feel the less on is worth sharing more broadly:

---- 8< ----

You know, I totally agree, but on the other hand with reasonable expertise in data destruction I can also answer all your questions from the perspective of the ID-card people.

1) Oddly enough incinerators aren't enough to destroy data on modern drives unless the platter goes molten, although it does make recovery a grotesque task. The coercivity of modern materials is stupendously high and basically the magnetic structure will remain until the platter goes "gloop". Alas ceramic platters do not readily go "gloop".

2) So we can assume therefore that this is all done for show, and that the goal is to reassure, and to forestall questions in the House of Commons, or those that might be put to the ICO.

3) Why so many drives? Because there was probably no centralised database, but instead replica copies. Scratch space on people's desktop computers, that sort of thing. It's easiest to treat all those disks as tainted.

4) Lack of crypto-to-the-spindle is an abomination, and I am not fit to judge whether it was used, but do see point 2 regardless.

5) Economics: it's probably economically unviable to scrub the drives and re-home them as "secondhand"; if they are more than 3 years old they will be a tax writeoff, and if more than 18 months old they are not interestingly large (a Moore's law kinda thing).

To scrub/erase/DBAN (say) 100Gb would take a few technically-capable-and-vetted-man-hours, multiplied by a few hundred drives; thus ripping the drives out and putting them mechanically beyond use makes economic sense. Plus, also, see point 2.

6) DBAN: great software, love it to bits. Alas it cannot wipe remapped sectors which the HD controller will not let it access unless using magic manufacturer commands, so there might just be the name of some little kiddywink there, just waiting to be handed over to some foreign revolutionary technoterrorfaction, leading the Daily Mail to trumpet about how Government ecoweenies are putting childrens' lives at risk. Plus, also, see point 2.

...etc etc.

I agree it's dumb and kinda wasteful, but I can see why they did it.

As an aside: I was told by a trusted friend that in the mid-'90s that the UK Government way with top secret drive disposal was to pulverise the platters into powder, blend it, and store the powder in barrels for 10 years before chucking it.

Many years ago there was a similar rule for some security levels of drive disposal in (if I remember correctly) the USA, that they would be shredded and put through a 0.25" (quarter-inch) mesh, but since a 0.25" square can now store a significant number of gigabytes, I rather hope/believe/expect they've advanced beyond that.

---- 8< ----

As for the lack of crypto-to-the-spindle? I can see the issues in that, too.

The problem is one of key management and usability in an office environment - it requires considerable nouse amongst all staff to encrypt data properly:

  • Application level crypto leaves tell-tail traces of unencrypted data in scratch files, recoverable forensically.
  • Driver/spindle level crypto impacts performance of all software, and has to be plumbed into the system build specification - which has probably been outsourced to a third party.

In these circumstances the risk-averse, publicity-averse security officer will wisely trash all disks, just in case someone's been stupid.

Anyone reading this who has bleeding-edge experience of storage is welcome to add comments; also SSDs are entirely another kettle of fish.

Follow me as @alecmuffett on Twitter and this blog via the RSS feed.

Find your next job with computerworld UK jobs