The ABC’s of Data Deletion
Hillary claimed ignorance regarding how the process of “wiping” a hard drive works. That doesn’t surprise me, but the ignorance of journalists in the matter is surprising. Doesn’t anyone do even basic research any more? Here’s the Washington Post—the Post, for crying out loud:
“To make the information go away permanently, a server must be wiped — a process that includes overwriting the underlying data with gibberish, possibly several times.”
Really? A “server” must be wiped? With “gibberish”? Oi. Hold on, I’m about to get into the nuts and bolts of it. If you don’t want to know how erasing data from a computer works, move on—but it’s good knowledge to have, especially if you want to protect your data when disposing of an old device!
First of all, a “server” is not being wiped, the hard drive is. A server is technically not even a computer, it is software running on a computer, and the computer running it is often referred to as a “server”—but the part that is wiped is the data on the hard drive.
Next, “wiped” is not the most technical term, it is at least somewhat vague.
There are four basic ways to delete data on a disk: first, delete it from within a program; second, simply trash the files and empty the trash; third, reformat the hard drive; and fourth, to “zero out” the drive.
The first three ways of deleting data that I described (deleting, trashing, and reformatting) are, depending on the circumstances, recoverable. None of them actually destroy the data; in all three cases, the data remains on the disk, but either (depending on the file system used) it is marked as occupying space that can be taken up by new data at any time, or its directory information is erased so the computer “sees” the disk space as “blank” and therefore it’s allowable to write new data there.
In both of these cases, data stays on the drive until the computer, at some point, needs to save newer data, and decides to use the space taken up by the older data. This happens bit by bit, and depending on how full the drive gets, “deleted” data can remain on the disk for weeks, months, or even years. Data is often only partly destroyed. If the disk used is nearly full, then perhaps most of the data is destroyed as all the space is quickly needed; if the disk is mostly empty, there’s a good chance most of the data still remains, but the data still could be partly or fully overwritten.
That last way to delete data is what the Post is rather cluelessly referring to, and is the only way to securely erase data from a hard drive.
The technical term for this—the one everyone should be focusing on—is to “zero out” the disk. This is a process in which the computer literally writes all zeroes (rather than zeroes and ones) in every single place that the disk contains data. (It does not write “gibberish,” which would be random zeroes and ones.) The “zeroing out” process usually completely destroys the data that used to exist on the disk.
You may wonder why this process is not always used; the answer is, it takes time. When you save data on a disk, it takes a certain amount of time; to actually destroy the data, it would take the same amount of time. Try saving a long video from your smartphone on your computer; it might take a minute. However, you throw it in the recycle bin and then empty that, it takes almost no time. That’s because the data is not being zeroed out. It’s not necessary, and people would be annoyed if emptying the trash took several minutes every time. To zero out a whole disk takes hours.
You may need to consider this the next time you sell, give away, or even throw away an old computer: unless you “wiped” the hard drive in a way that took hours to accomplish, your data has not really been erased, and can be recovered!
So, is the data really destroyed when you zero out the disk? It depends. Remember the post wrote that it must be done “possibly several times.” Older hard drive technology was not so precise, and the marks used to indicate a 1 or a 0 might not be in exactly the same position, in which case overwriting with a zero might not completely cover up all the previous data. (It would be really hard to recover more than just fragmentary data, though.) As a result, older drives would need to be zeroed out many times. Apple has the option of zeroing out the whole drive 7 or even 35 times! Just once can take a few hours, so, well, you do the math.
Newer hard drives are more precise, and may only need to be zeroed out just once. I am not certain, but there may be a way that super-uber-geeks have to still recover that data, but I would bet against even them getting more than just a few crumbs here and there. It’s supposed to be pretty secure—but zeroing-out software still provides for the option of multiple overwrites.
Now, you may be wondering, how can I do zero out my data? If you have a Mac, zeroing out is built in to the OS; if you look in the Finder menu, under “Empty Trash,” there is an option to “Secure Empty Trash”; this will zero out only the data you have in the trash. If you open an app provided by Apple called “Disk Utility,” there are options to “securely erase” whole disks. For Windows, you can download free software that does the same thing. Just search (in a trusted software source) for “zero out utility”.
If you don’t feel like you can do this yourself, get a geek friend to do it for you. If you can’t, then be aware that your data can be accessed by the next person to get their hands on that device.
Zeroing out is what Karl Rove and the GOP did when they tried to destroy 22 million emails they didn’t want the public to see. In 2010, an archive of the email was in fact found—but we still don’t know what was in them, as they are going through a review that has so far taken 5 years, presumably to week out classified material.
And then, there’s another flaw in this now-raging “news” story: the only information is that the company that maintained the server—but obviously not the only ones to have access to it—said that they didn’t have a record of it being “wiped”—but not only does that not mean they didn’t zero it out, it also has no bearing whatsoever on whether or not someone else, like Hillary’s IT guy, zeroed it out. If they were smart, then they would have taken the email archive, deleted the emails they felt were personal, then copied the reduced archive to a new disk, and then destroyed the original archive data.
It appears that Hillary’s email deletion was far more casual—but I’d be willing to bet good money that if the files can be recovered, Republicans will waste no time rifling through every last one they can find and then leaking the juiciest ones, probably completely out of context and even partially made-up to boot, just like they did with the Benghazi emails.
And in the end, this is all about nothing more than an attempted smear job. Conservatives could give a rat’s ass as to whether Hillary actually did anything wrong, and they sure as freaking hell do not give a crap about whether national security was at risk (these are the people who outed a CIA agent for political payback, remember—one of they key issues discussed in emails the Bush White House deleted). No, this is about shooting Hillary down and nothing else.
The press should be ashamed that they’re giving this more than back-page attention.