Even the UK government can't get its lost data back.
Under pressure from officials from Her Majesty’s government, the editors of the Guardian newspaper in the UK destroyed the hardrives and computer equipment that had been used in reporting on Edward Snowden and the wiretapping by the American National Security Agency.
"You've had your fun. Now we want the stuff back," one official reportedly said to the Guardian, insisting that the classified material be either destroyed or surrendered.
The Guardian believed the UK government would either confiscate their computers or do something worse: freeze the paper's reporting everywhere by seeking an injunction under their “Law of Confidence”, a general statute that covers any unauthorized possession of confidential material, or starting criminal proceedings under the Official Secrets Act. In addition, a forensic examination of their computers could also reveal which journalists had worked on the Snowden materials.
So the paper decided for the destructive approach. Under the watchful eye of technicians from Government Communications Headquarters (GCHQ), two Guardian employees used grinders and other tools to destroy the hard drives and memory chips on which the encrypted Snowden files had been stored.
But, while the GCHQ technicians took notes and pictures, they still left without the classified data. Even worse, they had already been informed by the paper's editor that other copies of the files already existed outside the UK and that the Guardian was neither the sole recipient nor the steward of the leaked Snowden files. Yes, the whole event was an exercise in (destructive) futility.
The issue here is the outdated view of data held by the UK Government – and many other people. When talking about data, it is just incredibly easy to mix apples and oranges – and think of data as a physical object that can simply shredded into oblivion. The basic rule of a data breach is simple: When your data is gone, it's really gone.
- Physically data retrieval is a rarity. This usually happens only with the old-style microfiche sheets – when they blew off the truck on the way to the incinerator. But even if the device holding the data is retrieved – memory stick, DVD, even a laptop – there are no assurances that the data has not been read and copied somewhere else. Once data has escaped, it's virtually impossible to remove it from the cloud or whatever memory storage device it was on and stuff it back in the bottle. And if Her Majesty’s IT agent's can't do it – a private company is in a much, much weaker position.
- Data shrinkage is hard to identify (especially for the unprepared). The word “shrinkage” is a term for inventory theft. It is usually used for tangible objects such as automobiles or doughnuts, not the less fungible data. But shrinkage is just what accounting and organizing a company's data with a DLP solution is designed to prevent. The NSA should have been in a position where it knew what files Snowden had been looking at. It also should have been able to notice that Snowden was saving an unusually large number of files to a memory stick before he fled to Hong Kong and beyond. “Should” is the key word.
So remember, when it comes to data security, “Be prepared” is key – and keep your grinder at home.
(Any commentary about the UK government action and its impact on freedom of the press is way beyond the scope of this blog post)