So, how long..
..until the hard drives show up on eBay, with all the data intact?
The IPS plans to order Thales and 3M SPSL to shred the hard disks and back-up tapes holding the personal information on the National Identity Register (NIR), according to a document released through Parliament's library. The document, CWIC-NIR destruction and equipment decommissioning, says that IPS will order shredding, …
Had the government actually deemed NIR data IL5 at the outset, and said so clearly, I think more than a few infosec professsionals might have felt slightly better about the whole misbegotten programme. Except, of course, an IL5 NIR would have been so expensive as to be impossible in the first place...
..the disks can be 'wiped'. You'd be amazed how easy it is for forensics to recover data from 'wiped' disks (yes, even the us DoD wiped ones).
I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff.
Anyway - for this Impact Level (5) you really need to destroy it (shred).
Scotland has been quietly developing the eCare system which makes the NIR look quite tame.
One of the main main justifications for gathering information is that it will protect children.
There is evidence that this set-up may be destined for further roll-out.
Read Kenneth Roy in the Scottish Review:
"'Scotland has quietly led the way in the national data sharing agenda with its innovative eCare programme,' enthuses a journal devoted to the exciting new world of information-sharing. The key word in that sentence is quietly."
http://www.scottishreview.net/KRoy28.shtml
http://www.scottishreview.net/KRoy29.shtml
http://www.scottishreview.net/KRoy30.shtml
"I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff."
Do you have a source for this? I was under the impression that recovering usable data from a zero-written hard disk was an urban myth, and that even with the best equipment, there was only a 50% bit recovery rate (which would be useless). I'd be very interested to see evidence to the contrary though!
I asked an data recovery expert the same question (no names, but he was an expert witness in the Dr. David Kelly case). He said that no-one offers hardware data recovery commercially in the UK and he was dubious as to whether MI5 or MI6 could do it either. Wipe your data once and it's gone; although you have to beware of bad areas on the disk which have been marked as unusable by the OS and make sure you get any swapfile - so there is a small case for shredding, I'll admit.
Hardware data recovery to find the "ghost image" at the side of the main track was postulated years ago when areal densities were many times lower. Modern disks pack the data so tightly that they have to use probability theory to identify what the bit pattern is.
I won't be one of them.
Personally I'd be happy if the *whole* contents of whatever wet brained idiots volunteered for this lunacy to be dumped to the internet (I believe Wikileaks has some spare capacity)
I'd rather bury the collection of meglomanical civil servants and government con-tractors, along with the equally wet brained ministers and junior ministers that were persuaded it was *such* a good thing.
You can bet some of this vermin have been "re-assigned" to whatever the IMP is now being "Re-branded".
To think of all the pounds that will end up in the car crushers!
Government destruction means just that. A squaddy of security types accompany the discarded equipment to a favourite metal shredding outfit, featured on Discovery Channel, where their humongous metal shredder does it's evil to millions of pounds of equipment.
Enough to make a technician cry.
"Are you sure, it cost a lot to collect this and it will take years to do so again"
"well, maybe you are right. We'll make back-ups of the back-ups and then destroy the original back-ups and then all we will have remaining is the back-ups with the data in case we need it again"
"but we have to destroy it"
"we are, all the hardware is going to be trashed. We'll keep the data though"