I’ve read your current article as well as the referenced articles regarding
secure deletion, but I haven’t seen anything regarding hidden copies of files.
Maybe it’s just urban legend, but I’ve been led to believe that Windows places
copies of data in locations other than the ones that you see. That even the
so-called secure ‘wipe’ leaves other copies available to trained cyber forensic
So you’ve also now made me question the security of my Carbonite backup.
Knowledgeable hacks like yourself and certainly law enforcement professionals
can access all of my data either by simply downloading or by especially
subpoenaing it. Or is that thinking not really ‘real’?
This question raises a number of issues that in some ways, all boil down to
“Just how paranoid are you?” And I mean that not in a negative way at
The fact is that much of the data that we own can be examined by others, sometimes
incidentally, sometimes only as a matter of legal proceedings.
In this audio excerpt from a recent Ask Leo! webinar,
I’ll discuss some of the things that are worth considering if you’re at all concerned
about the accessibility of your digital life.
… and even if you’re not.
Important: I am not a lawyer, and none of this should be taken as legal advice. If you have concerns for which you need an actual qualified opinion, I strongly suggest contacting an attorney.
I’ve read your current article as well as the referenced articles regarding secure deletion, but I haven’t seen anything regarding hidden copies of files. Maybe it’s just urban legend, but I’ve been led to believe that Windows places copies of data in locations other than the ones that you see. That even the so-called secure ‘wipe’ leaves other copies available to train cyber forensic specialists.
So also you’ve now made me question the security of my Carbonite backup. Knowledgeable hacks like yourself and certainly law enforcement professionals can access all of my data either by simply downloading or by especially subpoenaing it. Or is that thinking not really ‘real’?
So there’s a number of issues that this question addresses and I’ll try and take the pieces of them.
Actually, I’ll work from the backend up. The concept of a subpoena…first of all, this is one of those areas that varies dramatically from country to country depending on where you happen to live; the laws, the rules, the regulations that you are subject to may be very different from what I’m about to describe.
So, assuming you’re in the United States, yes, law enforcement can subpoena access to anything you have, basically anything you have online, they can actually, of course, subpoena access to your computer. The important thing to realize there, of course, that they have to have a reason.
The whole subpoena process implies that somebody has gone in front of a judge and said, ‘We have cause to believe this person is doing something illegal and we need to look at their computer or their online records.’
Once that’s approved, then absolutely, whatever you have stored online is actually easily available. Most of the online storage providers have a policy that they will typically respond to a court order and give the requesting agency access to the information that you happen to have stored.
So, I say online storage providers – you mention Carbonite which is fine. They’re a good online backup solution. There are several of those. But a lot of people don’t realize that also pretty much includes anything else you happen to have stored online in this so-called ‘cloud’; everything including Gmail, Facebook, Twitter, Flickr or Picasso, Photostreams, whatever. Anything you have or have used online is easy accessible to them once they’ve got a court order.
One of the solutions…and that includes things like Dropbox, also. I wanted to make sure that was clear. Dropbox, itself, because you have access via the web to the contents of your Dropbox that implies that the administrators at Dropbox can also gain access to those files. We trust them not to, but that also then implies that they can gain access in response to a court order.
Now the traditional solution to this is to encrypt the data that you keep online. So, for example, there are several solutions for Dropbox that automatically encrypt the files before they’re uploaded. It adds a level of complexity and actually adds a level of inconvenience when you actually try and use those files but it’s one approach.
I don’t know if Carbonite itself encrypts the data that’s being backed up. I kinda hope that it does, but I honestly don’t know. Some backup solutions do; in other words, they will encrypt the data locally on your machine and then upload only the encrypted data which would then render it inaccessible to the administrators or anybody coming at you with a warrant.
I’m currently using Amazon’s s3 as a second or third level backup for almost all of my files and when I elected to set that up, I made sure to run everything through an encryption pass before the data was uploaded to s3. Because, once again, it’s not that I have anything to hide, but in my case, I also have files from clients, my own personal data; I just don’t feel comfortable having it necessarily be ‘out there’ intentionally accessible to authorities who might come in with a warrant. Again, not that I ever expect them to.
And, in fact, that leads us to the next level and that is that with a warrant, your computer is accessible. I mean, we’ve heard about this before too where law enforcement officers will come into a suspect’s home with the appropriate search warrant and actually take their computers and take them back to their facilities and do whatever kind of analysis that they might want to do including analysis of the files that are visible, for deleted files, etc.
So once again, the only real solution there is encryption. Where you really feel that is something you want to keep truly private, even those kind of prying eyes then you really do need to be looking at Hold This or other kinds of encryption solutions, like TrueCrypt where the data that’s stored on the disc is just so much random noise unless you have the password or passphrase to decrypt the volume that contains the data that you’re trying to keep private.
Now, there’s one final twist to that particular aspect of it. And that is there was a recent case where an individual was…the government attempted to compel an individual to reveal their password so that the data on their computer could be decrypted. Now, I don’t know the state of that, but the fact is that is an approach that they are attempting to push through. Right now, I believe the EFF, the Electronic Frontier Foundation, and other organizations who are attempting to maintain civil liberties are fighting that very strongly.
As it turns out, the case in point became moot because the password was finally discovered, but not through any kind of deep analysis. What I heard was a friend of the individual gave the authorities some number of common words that might be associated with that individual. I don’t know if they mean by a pet’s name or family names and that kind of stuff.
So what they ended up doing was effectively using a semi-brute force attack using the information already related to that person and they were able to just open it up with that added information. So that was kind of interesting and it’s another approach that authorities have at least been trying to.
So to go all the way back on that, when you really end up being that concerned about your privacy it becomes a level of to put it to…to use a word that I hate to use because it has such negative connotations that is it really depends on how paranoid you are. It depends on how concerned, how real a threat you think you’re under, the degree to what steps you need to take.
In my case, I have encrypted the files I upload to s3 but the files that are all on my servers that are equally’ subpoenable’ are not encrypted there so it’s a trade-off.
The other part of this question is hidden copies of files. I’m not aware of any. To the extent that you run a secure delete, or I’m sorry, a free-space wiping utility (such as you might find in CCleaner – that cleans everything), I believe that’s cleanable.
Now, there are some areas on the disc that may contain trace information. For example, somebody pointed out to me the other day the hibernation file. The hibernation file contains an image of your computer’s memory, all of it at the time you put your computer into hibernation. Well, depending on what’s in memory, there could be some interesting stuff there and there’s no real easy way to access the hibernation file or even delete the hibernation file without turning hibernation off.
So, again, if that’s something you’re concerned about, I would turn hibernation off. Similarly, the paging file can have random bits of information in it that might expose interesting things, if accessible. The solution there too is not necessarily having a paging file. If you’ve got enough RAM in your machine, you don’t necessarily need a paging file and that kind of sidesteps that problem completely.
So, I don’t know if that covers exactly what you are asking for but it’s an interesting and deeply complex problem when you start talking about truly, truly protecting or absolutely protecting all of the data that you place both online and on your own computer.
As I think Peter is mentioning, ‘Just because you’re paranoid doesn’t mean that they’re not out to get you.’ Absolutely! And that’s one of the reasons that I say that the word ‘paranoid’ has this negative connotation to it; we tend to think of it in a negative light, but there are absolutely people out there who have very real, very legitimate, very strong concerns about their privacy, their data and I absolutely don’t want to minimize that. They are paranoid and they have every right to be paranoid because of the situation they might be living under.