1997-07-02 - Re: Degaussing

Header Data

From: Dave Emery <die@pig.die.com>
To: shamrock@netcom.com
Message Hash: 2bb55050b30373567a7adc0801d9e61ea25f373e8a4461c4a3b2fddec9d20987
Message ID: <199707020629.CAA15333@pig.die.com>
Reply To: <3.0.2.32.19970701214609.03801e34@netcom10.netcom.com>
UTC Datetime: 1997-07-02 06:55:08 UTC
Raw Date: Wed, 2 Jul 1997 14:55:08 +0800

Raw message

From: Dave Emery <die@pig.die.com>
Date: Wed, 2 Jul 1997 14:55:08 +0800
To: shamrock@netcom.com
Subject: Re: Degaussing
In-Reply-To: <3.0.2.32.19970701214609.03801e34@netcom10.netcom.com>
Message-ID: <199707020629.CAA15333@pig.die.com>
MIME-Version: 1.0
Content-Type: text



Lucky Green wrote :

> At 02:17 AM 7/2/97 -0000, Secret Squirrel wrote:
> >Could someone please point me to a FAQ or somesuch about degaussing
> >magnetic media? Thank you!
> 
> Mini-FAQ:
> 1. How do I degauss magnetic media so that the feds can no longer read my
> data?
> 
> You don't. That's why the feds themselves don't degauss their magnetic
> media for declassification purposes. They remove the oxide layer. In case
> of floppies the preferred method is incineration, in case of hard drives,
> the usual technique is sandblasting.

	This may also have to do with the many documented instances when
federal hard drives, including some from NSA computers, were sold 
surplus unerased with significant sensitive information still intact on
them (I know personally of once such incident of many).

	Destroying the disks makes sure that they were, in fact,
rendered  unreadable and not just signed off on by some bored low paid
clerk charged with demilitizing them who didn't want to bother to figure
out how to erase them.  The problem here is that a destroyed disk is
obviously  unreadable to even the most dumb and unmotivated clerk with a
GED, while a merely erased disk looks just exactly like  one full of
sensitive information - actually verifying that the information is in
fact entirely gone requires a lot of technical skill and is subject to
all kinds of false positives (how about sectors that contained sensitive
stuff and then were later marked bad and swapped with alternates, for
example ? )

	I think all of us forget that the usual key to crypto protected
secrets is in the trash and surplus equipment and document disposal
practices of the target rather than advanced mathematics.   And most
technical people pay as little attention as they possibly can to what
happens with the old floppies left by Joe who quit to take a new job
or what happened to Sallie's old hard drive after she got the new 
computer, or whether the old backup tapes really are all fully accounted
for or were thrown out in the move...


	I applaud the government for forgoing a few dollars in residual
revenue by not selling old disks intact any more.

							Dave Emery
							die@die.com






Thread