Digital Spy

Search Digital Spy
 

DS Forums

 
 

Government Legislation Regarding Erasing of Data...


Reply
Thread Tools Search this Thread
Old 14-03-2013, 12:48
mred2000
Forum Member
 
Join Date: Nov 2008
Posts: 6,757

... Does it exist?

Apparently so:
All software that is available to the public that erases data leaves a fingerprint (id) on the hard disk/usb stick, this is a requirement in law and any software that does not is not permitted.
However, this then raises the question:

Could you show me where in the Linux kernel this is implemented?
So, has anyone heard of this legislation before now and has anyone got links to any solid information regarding it?
mred2000 is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 14-03-2013, 13:09
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds, UK
Posts: 6,695
What form would this "fingerprint (id)" take? We have quite a few developers post here, so they should have heard of it.
Stig is offline   Reply With Quote
Old 14-03-2013, 13:10
mred2000
Forum Member
 
Join Date: Nov 2008
Posts: 6,757
What form would this "fingerprint (id)" take? We have quite a few developers post here, so they should have heard of it.
That's what I would've thought. A supposed expert has mentioned it so I'm surprised that more of us weren't aware of it...
mred2000 is offline   Reply With Quote
Old 14-03-2013, 13:13
anniebrion
Inactive Member
 
Join Date: Sep 2005
Posts: 16,389
It would need to be a global law as people can get software for many different countries. I have never heard of this and have been in IT for many decades.
anniebrion is offline   Reply With Quote
Old 14-03-2013, 13:32
tealady
Forum Member
 
Join Date: Apr 2005
Location: colchester
Posts: 10,540
I dunno, but I found a lot of hits offering the service of erasing drives so that Cos could comply with the DPA....
tealady is offline   Reply With Quote
Old 14-03-2013, 13:33
robertcrowther
Inactive Member
 
Join Date: Jul 2006
Posts: 236
As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15
robertcrowther is offline   Reply With Quote
Old 14-03-2013, 13:34
anniebrion
Inactive Member
 
Join Date: Sep 2005
Posts: 16,389
I dunno, but I found a lot of hits offering the service of erasing drives so that Cos could comply with the DPA....
My company used to provide that service but we stopped when it became easy for anyone to perform this with free software.
anniebrion is offline   Reply With Quote
Old 14-03-2013, 13:43
d'@ve
Forum Member
 
Join Date: Oct 2003
Location: Darn Sarf
Posts: 20,524
As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15
That's just what Guttman theorised though, as discussed in the other thread. it even references his paper. Where's the Government regulation, and which Government(s) would that be anyway?

Not that I think this deserves its own thread, it doesn't, IMO, it just seems to be one poster having a go at another.
d'@ve is offline   Reply With Quote
Old 14-03-2013, 13:49
robertcrowther
Inactive Member
 
Join Date: Jul 2006
Posts: 236
That's just what Guttman theorised though, as discussed in the other thread. it even references his paper. Where's the Government regulation, and which Government(s) would that be anyway?

Not that I think this deserves its own thread, it doesn't, IMO, it just seems to be one poster having a go at another.
I've posted the link so that people who've not read about this subject before can get a understanding of what's going on before making comments.

You should read up on people like M. Geiger and L. Cranor, who are Counter-Forensic Privacy Tools experts rather than keep saying about Guttman.
robertcrowther is offline   Reply With Quote
Old 14-03-2013, 13:55
mred2000
Forum Member
 
Join Date: Nov 2008
Posts: 6,757
All I (and many others) want to know about is the specific government legislation regarding the leaving of digital fingerprints when data is being erased, as well as how this is implemented in the Linux kernel. Not the theories surrounding it. Hard proof of legislation.
mred2000 is offline   Reply With Quote
Old 14-03-2013, 13:56
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
... Does it exist?
No. it does not. there is no such legislation.

it would have to exist in every country in the world for it not to fall foul of the DP legislation where it didn't exist.

i blame the reverse vampires and the bildeberg group.
flagpole is offline   Reply With Quote
Old 14-03-2013, 14:00
mred2000
Forum Member
 
Join Date: Nov 2008
Posts: 6,757
No. it does not. there is no such legislation.
Until someone comes up with something solid proving otherwise, and not an exercise of dancing around gardens, this is enough for me.

Since I started coming to this forum, flagpole is one of many posters who has repeatedly given me (as well as many others on a daily basis) good advice and shared knowledge, often backing this up with links to sites etc. Hence I trust what he has to say on this matter.

Unless someone gives actual solid proof of this legislation existing...
mred2000 is offline   Reply With Quote
Old 14-03-2013, 14:02
Maxatoria
Forum Member
 
Join Date: Apr 2011
Posts: 5,448
The thing is if its law here in the UK it should be simple to just go say look at xxxx regulations section y paragraph z but given i've never heard of and no one i know has either it's some obscure 17th century legislation thats been re interpreted to mean something in the modern light

i was reading about the wikileaks marine and the us military worked over his computers and they could see he'd done some wiping but they were unable to view what was written to the disk before but they didn't give details of the wiping methods used so its hard to say what happened
Maxatoria is offline   Reply With Quote
Old 14-03-2013, 14:03
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds, UK
Posts: 6,695
I've posted the link so that people who've not read about this subject before can get a understanding of what's going on before making comments.

You should read up on people like M. Geiger and L. Cranor, who are Counter-Forensic Privacy Tools experts rather than keep saying about Guttman.
Page 6 of this paper by M. Geiger and L. Cranor is interesting:

http://reports-archive.adm.cs.cmu.ed...SRI-05-119.pdf

Basically, it says that "just overwriting the data once presents a major obstacle to recovery".
Stig is offline   Reply With Quote
Old 14-03-2013, 14:18
tealady
Forum Member
 
Join Date: Apr 2005
Location: colchester
Posts: 10,540
"Possible ways to access this content


Purchase on Springer.com £19.95 / $29.95 / €24.95 *
Buy now
Or buy the complete ebook £97.00 / $139.00 / €113.04 *
* Final gross prices may vary according to local VAT.

Log in to your account to check if you already have access to this content."
tealady is offline   Reply With Quote
Old 14-03-2013, 14:22
robertcrowther
Inactive Member
 
Join Date: Jul 2006
Posts: 236
"Possible ways to access this content


Purchase on Springer.com £19.95 / $29.95 / €24.95 *
Buy now
Or buy the complete ebook £97.00 / $139.00 / €113.04 *
* Final gross prices may vary according to local VAT.

Log in to your account to check if you already have access to this content."
You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.
robertcrowther is offline   Reply With Quote
Old 14-03-2013, 14:26
c4rv
Forum Member
 
Join Date: Aug 2010
Location: Essex
Posts: 14,878
As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15
Have you got anything newer then a 7 year old paper ?
c4rv is offline   Reply With Quote
Old 14-03-2013, 14:29
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
Page 6 of this paper by M. Geiger and L. Cranor is interesting:

http://reports-archive.adm.cs.cmu.ed...SRI-05-119.pdf

Basically, it says that "just overwriting the data once presents a major obstacle to recovery".
I've read this before.

they are dealing with a slightly different scenario. secure erasure from an in use hard disk of specific files.

they do indeed conclude that just over writing the data once presents a significant obstacle to recovery. but importantly where that failed. it wasn't because that data wasn't erased. it was because in using the operating system and applications certain temporary files were created and it was them that aren't erased.

we've all seen this. you open a word document and it immediately creates a temporary file to store the auto-saves. you close your document and the temporary file disappears. at this point if you securely erase your word document the temporary file can still be recovered.

so that is the end of that. next.
flagpole is offline   Reply With Quote
Old 14-03-2013, 14:31
misar
Forum Member
 
Join Date: Jan 2011
Posts: 260
All I (and many others) want to know about is the specific government legislation regarding the leaving of digital fingerprints when data is being erased, as well as how this is implemented in the Linux kernel. Not the theories surrounding it. Hard proof of legislation.
You are not going to get hard proof just more confusion.

The only candidate for legislation is the Data Protection Act (DPA) which puts a requirement on organisations to secure personal information they collect about individuals. Clearly this includes the responsibility to wipe disks etc of such information before disposing of them. There are vast numbers of programmes, many free, which do this to varying levels of security. Whatever "fingerprints" might be left, there would be no usable personal data for any "victim" to worry about and no justification for saying that the DPA had not been complied with.

Only the ultra paranoid need worry about some of the nonsense posted in this thread.
misar is offline   Reply With Quote
Old 14-03-2013, 14:34
mred2000
Forum Member
 
Join Date: Nov 2008
Posts: 6,757
As I said in the post that someone obviously reported because it hurt their feelings - posting stuff that goes around the gardens is pointless, repeatedly berating folk for various reasons without giving answers points to you as being pretentious and a WUM.

When someone wants to get directions to, say, Leeds they don't start by consulting star-maps or reading geology books to find out how the country was formed and then history books on Leeds to see how and when it first came into existence...

The only candidate for legislation is the Data Protection Act (DPA) which puts a requirement on organisations to secure personal information they collect about individuals. Clearly this includes the responsibility to wipe disks etc of such information before disposing of them. There are vast numbers of programmes, many free, which do this to varying levels of security. Whatever "fingerprints" might be left, there would be no usable personal data for any "victim" to worry about and no justification for saying that the DPA had not been complied with..
That's not exactly what we're talking about. Apparently there's a rumour (as it hasn't as yet been proven to exist) regarding a requirement for digital fingerprints to specifically be left behind by software that erases informantion.
mred2000 is offline   Reply With Quote
Old 14-03-2013, 14:39
tealady
Forum Member
 
Join Date: Apr 2005
Location: colchester
Posts: 10,540
You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.
Straw man argument.
tealady is offline   Reply With Quote
Old 14-03-2013, 14:43
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15
You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.
I'm not buying because it is clear from the summary what the paper is about. but i don't think you will ever realise how much of an ass the above makes you sound.

'Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract the name, size, creation date and deletion date of the “deleted” files.'

this is not exactly the same as recovering data from a zero'd drive now is it? being as it doesn't apply to a zero'd drive at all. or recovering data.

Nor is it the same as a law that says that all computers must retain indefinitely whatever it is that you think they retain.

next.
flagpole is offline   Reply With Quote
Old 14-03-2013, 14:43
robertcrowther
Inactive Member
 
Join Date: Jul 2006
Posts: 236
http://en.wikipedia.org/wiki/Data_remanence

Note: "As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter"
robertcrowther is offline   Reply With Quote
Old 14-03-2013, 14:44
misar
Forum Member
 
Join Date: Jan 2011
Posts: 260
That's not exactly what we're talking about. Apparently there's a rumour (as it hasn't as yet been proven to exist) regarding a requirement for digital fingerprints to specifically be left behind by software that erases informantion.
As I said, the only legislation that could possibly have any connection with the title of this thread is the DPA. Most of the posts so far are nonsense just like the rumour.
misar is offline   Reply With Quote
Old 14-03-2013, 14:46
robertcrowther
Inactive Member
 
Join Date: Jul 2006
Posts: 236
Another link to read is : http://en.wikipedia.org/wiki/Stochastic_forensics

http://en.wikipedia.org/wiki/Computer_forensics
robertcrowther is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 13:25.