Too Much Data

 

The time has come for companies, and even individuals, to establish policies for data DESTRUCTION.  This sounds completely paradoxical in an age where everyone, by now, has learned the importance of backing up their files; and even private individuals have access to services, such as Carbonite, which allow for your selected files to be backed up in a secure, offsite location.  What possible reason could there be for a policy to destroy data?  To answer this, let us take a moment to examine the history of data storage.

In the early 1980s, hard drive storage space was both expensive and limited.  People did not retain a copy of every single revision of a document or spreadsheet, and these electronic documents were not the feature and media rich quasi-applications that we think of today.  They were little more than electronic versions of hard-copy documents that were simply easier and more convenient to update.  As hard drive space increased, along with corresponding decreases in cost, popular desktop applications started to become more feature-rich as it was no longer prohibitively expensive to store the larger applications and the files they generated.

 
Fast-forward to today: our cell phones have removable memory chips that are smaller than a fingernail and have more storage space than 3,200 of the original 5 megabyte hard drives used in the first IBM PCs.  This allows a person to carry around thousands of hours of music files, or dozens of hours of video, as well as documents, calendars and schedules, contact information, and thousands of phone numbers and email addresses in something smaller than the a deck of cards.  A computer sold today has, on average, more than half a terabyte (500 gigabytes) of hard drive space.  Today, we throw away nothing, and collections of files that once filled our hard drives (not to mention numerous boxes of floppy disks) are now sequestered in a single, forgotten folder in some tiny area of our modern hard drives, just in case we need may need them someday.

 
The reality is that we rarely do need them.  And, in fact, the vast majority of these archived files are never opened again.  However, neither to do they fade away.  They don’t gather dust, they don’t deteriorate, in fact, they don’t degrade at all.  They just sit, lying in stasis, waiting to be retrieved.  What do they have to say, when they are finally opened?  What if they are not opened by you, but by a lawyer or a member of law enforcement?  Most people cannot recall events of the past with any significant degree of reliability, but computer files are ageless.  So long as they remain, they are as unchanged as the day they were written, even if that day happened decades in the past.  Cardinal Richelieu is quoted as having said, “Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him.”  Well, what do you think a motivated (or even lazy) investigator could do with a decades worth of emails and documents?

Any business can be sued, and a sufficiently large business has constant dealings with legal actions.  When discovery laws that were written for a paper-and-filing-cabinet world are used with reckless abandon on digital storage media, the results can be a fishing expedition that is almost certain to result in a favorable outcome for the plaintiff.  When the harsh glare of government scrutiny falls upon a private citizen, the computer is always one of the first targets.  And its contents, no matter how innocent, can still be incriminating.

So how will a data destruction policy help?  In the business world, if you are the subject of an investigation, all of your records and files become fair game.  Any attempt to destroy information will almost certainly result in a summary judgment against you and/or your company.  If you destroy files in advance, it might still appear that you are hiding something, even if the data you destroyed has no relevance to the investigation.  On the other hand, if you establish a policy for data destruction (or data retirement if you prefer a more politically correct term), then you have a perfectly legitimate reason for obliterating old data files.

Similarly, for a private individual, if you routinely erase files that are over a certain age, then not only are those files not available for future scrutiny, you also create plausible deniability for any other files that are deleted from your computer since, if the files are obliterated correctly, it would be impossible to ascertain what was deleted in the first place. Now as you read that, it might come across as being a little seedy.  But isn’t that ironic?  Unless you’ve been given a subpoena for your data files (or at least, a notification that you are being investigated for something), you are under NO obligation to keep those files in the first place.  It is YOUR data in YOUR files on YOUR hard drive on YOUR computer.  In addition to your right to privacy, you have the right to do anything you want with your personal property; and your data is your property four times over!

 

I will conclude with a quote from computer security expert Bruce Schneier, who wrote in, February of 2009, “Data is the pollution of the information age.  It's a natural by-product of every computer-mediated interaction.  It stays around forever, unless it's disposed of.  It is valuable when reused, but it must be done carefully.  Otherwise, its after-effects are toxic.”

 

E-mail: john@sentinelcomputers.com