Slashdot Mirror
White House Says Hard Drives Were Destroyed
wanderindiana brings us an update on the White House missing emails mess, which we have discussed before. It seems the hard drives of many White House computers are gone beyond the possibility of recovery. Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy? "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."
"Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?"
I worked on some projects involving email at the white house. The system tracks other things includuding gifts and snail mail.
There are very specific rules and laws that must be followed and the million dollar consultants the white house pays to manage this stuff is very aware of those rules and laws.
Any destruction of email by the white house is purely intentional, period.
slashdot troll = you make a compelling argument I do not like the implications of.
"When workstations are at the end of their lifecycle and retired ... the hard drives are generally sent offsite to another government entity for physical destruction,"
That's standard practice, and required by law, for ANY government computers.
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
I work in the NHS, and we're required to do two things:
1: Destroy hard drives comprehensively.
2: Ensure that any data on them of a sensitive/clinical nature is kept on a secure backup (in clinical data, for 25 years).
So, yes, destroying hard disks is a common thing. Now destroying DATA.. That's something else altogether.
For sensitive government documents, there is no excuse. Destroying the data can be arrived at through two ways:
1: Incompetence of the IT staff (with the amount of change control in a high profile environment such as high government/clinical, you'd have to be REALLY incompetent, and probably picked up way before this).
2: Someone said "This data is embarrassing. Make it go away.".
I'd say 2 was the most probable.
I've worked at two companies where hard drives were removed from computers before they were sent out for recycling.
Then the company would physically destroy the drives... the low-budget company was a lot more fun then having them professionally destroyed.
I've heard that the military calls this "Spiking" a drive as they drive a railroad spike through the platters. But who knows if that's true or not.
"Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?"
:)
I don't think this is asking the right question as some other posters have alluded to. We're talking corporate IT departments versus a branch of the Federal Government. We're also talking about destruction of the only copy of a given piece of data rather than destruction of one of several means of storing it.
It is absolutely usual for my corporate IT department to destroy hard drives by policy; but I work for a bank. I don't work for the government where I'm required by law to archive anything and everything. After a person no longer needs a workstation, the workstation is kept in a locked room for about 90 days just in case anything pops up (oh crap, I forgot to copy my personal folder over to my new machine!). After that, the drive is securely erased. If the machine is going to be redeployed to a new user we then load a fresh install of the OS onto it and it's put in another secured room and marked as "Available for Redeploy" in the asset database. If it's not going to be redeployed then the hard drive will be removed and run through a degaussing machine and then put in a pallet box to be picked up by our secure shredding company. The company will shred the drives on site and take the materials to be recycled.
Servers are much the same way, except that by policy, we back servers up at least once a day. While the drive that originally contained the information may be long gone, the data lives on for whatever the normal retention policy is. For email I believe it's a year, unless there's a reason for that box to be kept indefinitely (e.g. if a notice of discovery has been received).
So to answer the question posed in the story posting, yes it is normal for corporate IT departments to completely destroy hard drives, but that's not germane to the discussion. A better question would be "Is it normal for corporate IT departments to destroy hard drives by policy without any suitable forms of backup or other mechanisms to make sure any retention policies mandated by law or policy are enforced." Of course that's a lot longer than the original question and the Slashdot eds probably would have gotten lost and not posted the article!
Accept that the ones that would prosecute them are the department of justice, which in this administration has become a political tool and not a tool for justice. Harriet Myers and Karl Rove both simply ignored a congressional subpoena. Congress sent the criminal case to the department of justice, who declined to prosecute. It'd be the same for this email thing and prosecution under the presidential records act. They would decline to prosecute.
Unlike HIPPA, which requires destruction of data, the White House is subject to the various laws mandating the preservation of all presidential records.
This includes the Presidential Records Act of 1978. This states that upon leaving office, white house documents become the property of the government. A different law, the Hatch Act, prohibits federal employees from engaging in partisan political activities.
In order to address the Hatch Act, about 88 people who work in the White House were given separate computers purchased by the Republican National Committee and given email addresses in the domain gwb43.com, georgewbush.com, and rnchq.org.
It appears that White House staff consciously used the political equipment and email for some official business, presumably so that no "paper trail" would be left behind. Indeed, instead of a paper trail, in each case, the investigators requested relevant emails
but it was found that those emails were handled on the RNC machines and thus were destroyed.
So part of the legacy of the Bush Administration is a blueprint for obstruction of justice.
I disagree that this is a non-story. I worry that this will now be added to the toolkit of future administrations. Every administration will thinks it knows best for the country and some will want to get around all these pesky laws.
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
http://www.hipaadvisory.com/regs/recordretention.htm
Disclaimer: I am a document specialist for a company that itself specialized in business processes for major Part C and Part D health providers. So I know this stuff.
So having you say this is a non-story, based on you citing that records must be adequately destroyed without first stressing that those destroyed records had to be on file, and available at a moment's notice, for YEARS, is disingenuous at best.
It's a story PRECISELY because of th amount of time the records HAD to be retained.
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012102070_pf.html
So what happens if a probe is launched? Well, thanks to Sarbanes-Oxley (and the fuck up that was Enron, with BushCo's friend Kenneth Lay), Chapter 73 of USC18 (United States Code 18, Obstruction of Justice) was beefed up. Specifically Section 1505.
1505. Obstruction of proceedings before departments, agencies, and committee
Shiny. Let's be bad guys...
The local university does a DOD wipe of all hard drives in systems before they sell them as surplus, ensuring no data leaks out in a $30 P3 system.
The local public school district (K-12) can not (by policy) allow a hard drive to get into thehands of anyone outside the shcool district. When we decommision/recycle a computer we DOD wipe the hard drives, remove them from the system, and then, if we don't need to use the drives as spare parts for other machines, they are sent out to be destroyed.
This is nothing unusual - at the previous poster indicated, this is a good IT practice and ensures that no data leaks out of the organization http://www.csoonline.com/read/030103/briefing_data.html.
Ken
Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?
No. It's not unusual at all, especially if those hard drives have held confidential information like people's medical or financial info. If there's a chance that they once held state secrets, then definitely. Anything less would be incompetence.
The only real question is what constitutes "destroyed." At medical or financial facilities a disk wiping utility that overwrites the disks with 1s and 0s ten or twenty times is usually secure enough to do the job. If you're dealing with state secrets, then shredding the disk platters is more appropriate.
I'd agree that for information such as top secret documents, drilling a hole is probably insufficient.
However, for the average person, it's good enough as it raises the bar for recovery beyond simply plugging it it or simply repairing a part of the drive. Don't know why you need a product for it though, a 1/4" drillbit will go through the aluminum backside of most harddrives like butter.
So what happens if a probe is launched?
Judging by what has happened with past Congressional investigations, the subpoenas will be ignored and nothing will be done about it. It's a pattern that works for Bush again and again.
Sorry but the Rule of Law doesn't seem to apply when "National Security" is on the line.
We are all just people.
"I'd be pretty disappointed to find out that anyone with access to a particular console in 1962 could have initiated a first strike on the Soviet Union because all they had to do was guess the code '123456'."
(Obligatory) Damn... Now I have to change the locks on my luggage.
Seriously, though. You're right. Even if things are 'secret' now doesn't mean that they should always be. I'm politically agnostic (I've had a fair share of dislike for both Republicans AND Democrats) so this shouldn't come off as a slam against any one party, but our elected officials at the highest levels need to understand that they are held accountable. It is particularly true for the current administration. To provide the excuse that the backups were lost (or any other lame excuse that I couldn't get away with in elementary school) is insulting. There are procedures for these things and multiple records are kept ABOUT the records that are kept (ever fill out a form in triplicate?). Tracking the media for the backups - without the need to know what that data was, exactly - is easy. Unless someone intentionally deleted those records (and perhaps including the actual backup data, itself), there should be a paper trail showing what happened to the backup media after is was used to take said backup. No secrets need be revealed. Then we'd know who accessed those media and when.
Seeing as how those records don't seem to exist anymore, something smells like rotten fish.
I'm insulted, personally, that this administration can't or won't keep track of it's backup media. For an organization to have so little control over something as simple as backup procedures indicates the people involved are either incompetent to even serve in office or have so little regard for the laws governing both them and the rest of us (depending on if they're truly lost or whether it was ordered destroyed).
While it's entirely plausible that the federal government is just that bad at keeping records, it's unlikely that data backups completely vanished without a trace. I'm guessing that someone at a high level in the administration (definitely not the President, but someone close to him) ordered the destruction of the media and all records associated with them. Quietly. And that's what I find so insulting.
Solution? Get Jack Bauer on it with Chloe feeding him instructions on recovery via his awesome cell phone. Oh, wait... There's no time! (or 2008 season, but I digress)
--Me, ending on a high note.
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
It is possible to still retrieve the data. A hard drive never, ever, ever has a zero or one written on it. Instead (if I can accurately sum this up in a non-technical way that doesnt invalidate my answer), it has a close to "0" or close to "1" written. Much like how certain electronic chips (that lets say are +5 = on, 0 = off) arent truly at +5 or zero. A "threshold value" is used to determine on or off.
In the case of hard drives, assuming "0" and "1" are the desired results, a zero gets "written" to the disk (which ends up being a .0020919) or a one gets written (which ends up being a .98298329) - gotta remember it's not an actual number written - it's something that (loosely) corresponds with a voltage/magnetic resistance that indicates 0 or 1 when compared to a threshold... thus .1 or less may be 0, .9 or more may be 1, and anything inbetween indicates errors.
The government (various parts - the requirements vary) mandates multiple wipes, because there are recovery tools out there, that by reading the actual magnetic/electrical value can interpolate what the data was after a single wipe. The reason apparently being, setting from "1" to "0" (or vice versa) leaves enough of the residual one to determine it was a one.
Thats (I can guarantee you) a very poor attempt at explaining it, but the basic theory behind what I am trying to say is correct...
A better idea would be to read up on it for a better explanation...
http://en.wikipedia.org/wiki/Data_remanence
Data remanence is the residual representation of data that has been in some way nominally erased or removed. This residue may be due to data being left intact by a nominal delete operation, or through physical properties of the storage medium.Scroll down the article to the section on "The Gutmann Method" to see why (a format is not acceptable means of wiping a drive).
A key point to this discussion is that "as of Nov 2007, overwriting is no longer a DoD-acceptable sanitization method for magnetic media. Only degaussing or physical destruction is acceptable." (Wikipedia)
This I find interesting timing, since it coincides with many requests for info and/or discovery of such info - that now, the DoD requires to be non-recoverable...
StarTrekPhase2 - The Five Year Mission Continues!