Ask Slashdot: Data Remanence Solutions? 209
MightyMartian writes "The company I work for has just had their government contract renewed, which is good news, giving me several more years of near-guaranteed employment! However, in going through all the schedules and supplementary documents related to the old contract, which we will begin winding down next spring, we've discovered some pretty stiff data remanence requirements that, for hard drives at least, boil down to 'they must be sent to an appropriately recognized facility for destruction.' Now keep in mind that we are the same organization that has been delivering this contract all along, so the equipment isn't going anywhere. What's more, destruction of hard drives means we have to buy new ones, which is going to cost us a lot of money, particular with prices being so high. I've looked at using encryption as a means of destroying data, in that if you encrypt a drive or a set of files with an appropriately long and complex key, and then destroy all copies of that key, that data effectively is destroyed. I'd like to write up a report to submit to our government contract managers, and would be interested if any Slashdotters have experience with this, or have any references or citations to academic or industry papers on dealing with data remanence without destroying physical media?"
Re:Why not digital destruction? (Score:4, Interesting)
There is software out there (like D-BAN [dban.org]) which will repeatedly overwrite the data on a hard drive, rendering it unrecoverable. Why not use that, rather than relying on encryption?
How do you verify that the software does this correctly, and that it hasn't been tampered with? What if a drive is mishandled and doesn't get wiped? And if there's a process to do this correctly and with no chance of failure, is it worth that effort to recycle some old hard drives?
Where I work, hard drives with less-sensitive data can be reused; other ones are ground up into little bits. Data cannot be recovered(*) from a thoroughly destroyed hard drive. What assurance is there for a software solution?
(*) To the best of my knowledge. Maybe NSA can piece together the dust of a hard drive, but I highly doubt it.
Re:Why not digital destruction? (Score:5, Interesting)
A lot of disks have "bad sector" replacement. When a sector starts to be unreadable, it replaces that sector with a spare one set aside for that purpose. Does the software wipe out these revectored sectors, or can someone read those old sectors after software overwrite?
It depends on the security threat on how serious you need to be about wiping data off drives. Sometimes just 'rm'ing files is enough. Sometimes dropping them in a volcano isn't enough.
Re:Why not digital destruction? (Score:5, Interesting)
Yea, you're remembering that contest how you want to remember it. The prize was a pittance, and the "company" offering it was a handful of people. There were also ridiculous restrictions, such as not damaging the single physical drive the whole challenge was based around. And several data companies said they likely could recover some data, just not necessarily the specific file that that the challenge was based around (as a general rule, you can't target a file, you get whatever it is you get). But the process involves ripping the drives to pieces and costs significantly more than the challenge was worth. And since the challenge was issued by a handful of guys rather than an actual, large company, very little publicity would have been generated, so it wasn't worth it to anyone.
Now, even if that story happened exactly as you remember it, it's still irrelevant. The point isn't that that it's currently possible, it's that it's theoretically possible and thus may be trivial in the near or distant future. For certain kinds of data, that is a world of difference.
+1 for AC
In addition, they required that you release your methods for recovering the data, which I'm sure is worth a lot more than the 3-4 digits they were offering.