Pervasive Data

Enron can't shred electrons
The pervasiveness of electronic data makes shredding irrelevant

THE ENRON SCANDAL heats up by the day, and the hunt for "smoking guns" that may confirm or deny wrong doing at the company is shifting into high gear. The issue of the destruction of data broke into the news in the middle of January after Arthur Anderson & Company, the auditors for the Enron Corporation, said they had destroyed a "significant but undetermined" number of documents relating to Enron and its finances.

This embarrassing admission prompted new demands from Congress that Anderson produce a wide range of documents, including e-mail and other computer documents, for investigation.

Congress has rightly placed emphasis on digital documents. Yet most media reports have focused on the shredding of paper documents -- which couldn't be more irrelevant. If every last paper document were shredded, back-ups could still be found on the company's computer networks.

Anderson/Enron may well have little or nothing to hide. But those that do have smoking guns they would like to put out have a difficult, if not impossible, task in these days of networked computers and the Internet.

Undone by back-up tapes
In the past, a shredder would certainly have covered an incriminating paper trail. But the advent of e-mail and digital documents put paid to that. Take the case of Marine officer Oliver North, who became notorious during the 1980's Iran-contra scandal. He tried to delete thousands of e-mail messages, but came unstuck because they were retained on back-up tapes, which were later made available to Congressional investigators.

Today, North would have an even harder job trying to conceal his document trail because of changing computer technologies and the emergence of the Internet, which has ensured that there will be multiple copies of nearly any electronic document.

In the case of e-mail, not only do the sender and the recipient have the message on their machines, but it is also stored on company servers. Unless a military-grade tool is used to remove the message, it can be recovered.

Deletion is not elimination
Most computer-savvy office workers are now aware that simply deleting an e-mail message or moving a document to the Recycle Bin or Trash icon on the computer's desktop does not eliminate the data. This is because modern computers organize information using file-system directories that point to physical areas on a hard disk where the data resides. Deleting the information usually only breaks the link between the directory and the data so that the original storage space can be reused in the future.

To eliminate important data, some companies and individuals use software tools that try to "wipe" files from storage disks by writing random strings of binary code -- 1's and 0's -- over the space where the files were stored. Others use "disk defragmentation" programs which, besides rearranging information on the surface of the disk so data can be retrieved more efficiently, write over old data. Some people go a step further and reformat their hard drives completely.

Cyber Forensics
What most computer users fail to recognize, however, is that the world of computer forensics has become highly sophisticated in recent years, making it very difficult to hide data from a determined investigator. Every action a computer user takes leaves a telltale trail. Even the act of deleting documents can in itself be revealing. Not only can computer forensic investigators recover documents, they can tell when and how they were deleted. In some cases, they can even determine whether a deletion was an innocent act -- part of company policy -- or if there was a more devious motive.

Still more remarkable, using an electron microscope, computer forensic teams can read information from the individual magnetic spots on the surface of a hard disk that has been intentionally erased. This costly technique, originally a tool of the intelligence world, has been used successfully in big legal cases.

Privacy not guaranteed
The message that comes out of all this is we cannot assume that e-mails or any other documents sent over a network or the Internet are private. They are in the "public domain" the moment we hit the Send button. Slam your boss, make fun of a colleague, or share a sexist joke with a friend, and even though you and your recipient delete the mail, it may come back to haunt you.

Write anything potentially incriminating and the only way to prevent a computer forensic team extracting the data would be to take a hammer to every hard disk on your computer network -- and that's forgetting all about the Internet...

DCLnews Editorial

We will be exploring the issues surrounding e-mail privacy in future issues of DCLnews. Please send any comments on the subject to DCLnews Editorial.

Read more tech-related articles at DCL Library

Return to top