Old Data Never Dies - And Now It's Everywhere
Way back in the June 10, 2003 issue of this newsletter, I did an editorial called "Hard to Kill: Some Data Never Dies." That piece was focused on how data stays on your hard drive even after you think it's gone - because simply deleting a file or even formatting the hard drive doesn't erase the data stored there. For that reason, we need to be careful about what happens to our old disks, whether we're removing them from our computers to replace them with faster, higher capacity models or junking the whole machine. If you're in the mood for a bit of nostalgia, you can read that one again here:
WXPnews
But a lot has changed in the seven years since I wrote that article. Today, our data is not confined to our computers' hard drives and the removable drives attached to it, or even to our own networks. Many of us have multiple devices, including laptops and smart phones on which data is stored, and even worse, much of the information we create and save resides not on any device that's physically under our control but somewhere "out there" in the cloud.
At least when data is on a drive, card or device that we own, we have a fighting chance of being able to destroy it - even if that means taking a sledge hammer and physically destroying the media on which it resides. But when it's on some server somewhere else, we may not even know what city, state or country it's in and even if we did, we would have no way to physically get access to it.
It's been almost a year since researchers at Cambridge University revealed that most of the major social networks don't erase your data from their servers when you delete it from your pages. Last week, Zack Whittaker over on ZDNet showed that, at least when it comes to Facebook, that's still true. He wrote about that experiment here:
Facebook does not erase user-deleted content | ZDNet
The troubling thing is that not only are the deleted items still sitting there on the server where Facebook's administrators could access them, but they're even still accessible across the Internet to a Facebook user who has the direct links they were originally assigned.
Now you could argue that anybody should know that information uploaded to a social networking site loses any illusion of privacy. The "Delete" button on social sites is a wonderful thing and has probably saved countless people from embarrassment, but using it is a gamble: maybe you'll get there in time, and maybe you won't. Let's say you post a comment in a friend's status update thread that you decide, after a moment's reflection, might not be appropriate or gives away information you'd prefer not to share with the world. Even if you delete it as soon as it appears, it also appeared on the pages of all those who have access to that particular thread of discussion - and all of those who actually participated in the thread (or even just clicked the "Like" button) will get an email notification that includes the content of your comment if they have their settings configured to receive such notifications. There's no way to take those back.
It's not just social networking sites that save information long after everyone thought it was gone, though. As I discussed in the April 18, 2006 edition of this newsletter, "Online is Forever," there are millions of old, orphaned web pages out there whose creators can't access them to change them or take them down, Google caches pages so that web searches can still see them even after they have been removed from the web server, and backups of ancient data still languish on the shelves of numerous server rooms.
WXPNews
Then there's all that data on our cell phones. With the huge popularity of text messaging, especially among young people, folks are carrying on entire conversations, in writing, that they regard as private. But what happens to all those texts after the conversation is over? The SIM Card Spy is a device that claims to recover deleted text messages stored on a phone's SIM card (of course, this only works for phones that use removable SIM cards, so we Verizon users are safe from it; the iPhone and Blackberry similarly don't have removable SIM cards and can't be spied on this way). It's being marketed as a way to spy on your spouse or children.
Cell Phone Spy: Deleted Text Spying | Cell Spy Sim Card Reader
However, there are other technologies that can be used to extract data from devices that don't use removable SIMs. CellDEK is a forensics tool that will recover not just text messages (including deleted ones) but also the log of dialed and received calls, phonebook information, calendar, memos, "to do" lists, pictures, video and more.
Logicube CellDEK® - Cell Phone Data Extraction
Many folks don't realize that it's not just computers and the miniature handheld computers we call phones that store information for years. Many devices that were once considered peripherals and many standalone electronic devices have computers inside them and are capable of storing information. For example, GPS navigation devices can store the routes you've taken and thus a record of your travels, and some of the same tools used to extract data from phones (such as the CellDEK) can be used on them.
And did you know that most copy machines have their own hard drives and keep copies of every document that the machine copies (or scans or faxes)? Well, more people are aware of it, now that U.S. representative Edward Markey has requested that the FCC investigate criminal misuse of the information on those hard drives.
Markey calls for investigation on copy machines - Political Intelligence - A national political and campaign blog from The Boston Globe - Boston.com
This really shouldn't be "news." CCN reported on the risk of identity theft posed by office copy machines back in 2007, and although that story is no longer on their site, Bill Detweiler referenced it on TechRepublic:
Office copiers pose identity theft risk | IT Security | TechRepublic.com
But it's unnerving, because in so many cases, copy machines are used by companies with which we do business and by government agencies to make copies of sensitive documents such as our driver's licenses or social security cards, and we have absolutely no control over the stored copies of those documents. Should organizations be required to secure those copy machines' hard drives, in the same way health care providers are required to secure personal medical records and financial services companies are required to secure their clients' sensitive information?
Do you worry about all the places your data goes - and where it might be lingering? Can you think of other "hidden" data repositories (devices that store data, especially personal data that could be used for identity theft, that the average person doesn't think of as being a threat)? What can you do to prevent your data from being extracted from all these places and misused - or is that a hopeless dream? Let us know what you think: discuss this in our forums at
WXPNews - Old Data Never Dies - And Now It's Everywhere