How hard is it to permanently delete data?

How hard is it to permanently delete data?

The controversy surrounding former Secretary of State Hillary Clinton’s email has brought data destruction to the forefront of the national conversation.  Clinton used a server housed at her New York residence for her personal and official emails and online communications while she was at Foggy Bottom Lawmakers investigating the 2012 death of an ambassador in Libya have been concerned that official government emails from Clinton that might assist in the investigation were deleted despite assurances from Clinton that she turned over all emails pertaining to government work  to the State Department.

Now reports say Clinton “wiped the server,” deleting all emails. But how easy is it to permanently wipe data from servers or storage media?  According to experts who were interviewed recently by the Washington Post, the congressional committee charged with investigating the U.S. ambassador’s death in Benghazi might still be able to obtain Clinton’s deleted emails – in the event they can access the server.

Provided Clinton simply hit the delete button on her emails, they probably still exist.  Files are not permanently deleted when a user hits the delete button. “Instead, the pointer the computer uses to find the file is removed, and the computer treats the space on your hard drive as reusable,” explained the Post.  Though, depending on the amount of activity one performs on a device, data that is randomly stored could replace deleted items as it needs the space.  Typically, additional steps must be taken in order to permanently delete items from a server. 

If experienced experts were able to access Clinton’s server with the intention of retrieving emails, they might create a “physical forensic image,” which “creates an ‘identical, bit-by-bit, zero-by-zero copy of the original hard drive,’” the Post reported.  This step is used to view the emails as they would appear in a read-only format preventing alterations.  Following the physical forensic image, experts might attempt to locate and extract databases that house emails and then conduct a forensic analysis of unallocated spaces within those databases.

However, an equally skilled technician tasked with permanently deleting data from servers  could make it very difficult for investigators to retrieve emails or discern if items were even deleted.  On the other hand, the Post suggested, any IT pro working with government data would have created some type of back-up to hard drives, the Internet or magnetic tape. 

In spite of data retention regulations, agencies need a way to reliably destroy government data and the media housing it. When agencies discard old equipment, for example, they have a variety of data destruction tools they can use.  These include:

WipeDrive from WhiteCanyon, which is used by the Air Force and the National Security Agency.

Solutions by Code42 that are capable of triple-pass data sanitization and secure delete capabilities that make it impossible for data recovery through forensics or file system utilities while also complying with government protocols.

Methods that overwrite a hard disk’s data multiple times with random characters.  

Using magnetic fields such as EMP to overwhelm systems, which damages, corrupts and renders the data virtually non-existent.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

inside gcn

  • government security

    Local government and cybersecurity: Working with all the stakeholders

Reader Comments

Tue, Apr 7, 2015 Overseas Observer

Owen Himbur's comment "The question is why public policy has ignored its implications for so long, by suggesting that records must be "declared ... [which] serves the self-interest of powerful people, who are too big (politically powerful) to be held accountable. " highlights the principle failing of American "democracy" and its governmental recordkeeping. The Australian, New Zealand and Canadian approach is that ALL records ARE records from the moment of creation. This principle is logical in a computerised environment and mitigates against selective preservation of 'the truth'. It enhances accountability, and is therefore unlikely to be adopted in the USA - where the Whitehouse (especially when controlled by Republicans) puts corporate interests ahead of those of American citizens. I would predict that any Tea Party Whitehouse incumbent would actively and aggressively legislate to reduce accountability by making it easier for government records to either be destroyed or not declared as records.

Wed, Apr 1, 2015 DialAPrice

Mrs. Clinton is showing here that she is not that smart after all. Why would anybody trust her claim that she had provided all e-mails that are "official"? This can only be verified if one also had access to the "superset" of all e-mails. I wonder if she still believes that her arrangement was "convenient."

Wed, Apr 1, 2015

one problem that people don't seem to be focused on is the fact she lied. I would imagine to most people that would be an admission of some sort of wrong doing. What was the "official" reason the emails were deleted?

Wed, Apr 1, 2015 Jerry CISSP

Where the over reaching problem comes in with Hillary's email is not the USG recipients. Think about an email to a foreign potentate soliciting a contribution to her foundation as a thank you for the foreign aid she gave them. She destroyed hers but he still has his copy. Then she becomes President and does something the potentate doesn't like. THERE is the real problem. It would actually be worse than a video of Bill and Monica.

Wed, Apr 1, 2015 Owen Ambur Hilton Head, SC

A decade and a half ago (2000), Ken Withers coined a term -- the Vampire Effect -- to describe this phenomenon. http://ambur.net/ARMA2/sld019.html The question is why public policy has ignored its implications for so long, by suggesting that records must be "declared". The answer seems to be that doing so serves the self-interest of powerful people, who are too big (politically powerful) to be held accountable. One wonders whether NARA and its Capstone approach in particular can change those dynamics.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group