Sounds like a certain senior manager also needs their email backups reviewed for naughty business, literal or otherwise.
A tale of theft, fraud and understanding the meaning of "Delete" to end your working week. Welcome to a legally questionable episode of On Call. Our story is another from a reader Regomized as "Ellen" and once again concerns Digital Equipment Corporation's finest. In this case, DEC's ALL-IN-1 office automation suite of the …
But not a very technically savvy one. I've worked for outfits where management would refuse to use e-mail. Even to summon an employee to an in-person meeting. Or place or take phone calls from anything other than a company-owned line*. No call logs. No evidence. But not anything classified. It's bad enough when the boss worries about covering his tracks after the fact. It't even scarrier when they know how to do so beforehand.
*At a previous job, I had returned a page from a superior from my home phone. Which had proven to be very embarrasing (and expensive) for the company. While speaking with him, I had a friend sitting near me who was an excellent witness to my side of the conversation. And who, in spite of repeated efforts by that company, I have never revealed the identity of.
... major governments of the world discover that when BigHighTechGossipMonster deletes all that personal data that they have been illegally hoarding for the last couple decades, all that really gets deleted is the current working copies. The carefully curated off-site backups live on forever, in all their redundant glory, just as they were designed to do.
Especially the backup I made to retain the paper, audio, & video trail that proves that the target of the blackmail will be very horrified to realize is no longer subject to corporate retention policies.
I, uhh, I mean, ummm...
Look over there! A distraction! ---===>>>
<<<===--- Runs away...
I heard a story that the Psion organiser (early PDA) saved data in UVEPROM, ie unerasable while in device. "Deletion" involved flipping the 8th bit in an ASCII code, which was interpreted as not to read the file. This approach relied on the EPROM being much larger than anyone could reasonably fill purely by typing. Apparently the Psion was a favourite of the criminal fraternity who recorded their deals on them. Once apprehended by the police, correctly read, the Psion provided a nice audit trail.
Isn't this essentially the same on MS-DOS based systems? My memory is that they just added a character to the start of a filename so that they were flagged so as not to show up in directory listings but remained until someone sent the command to clear space. I'm fairly sure that the clearing process was (is?) just removing them from the record of what is on the disk (hence the existence of undelete utilities).
Essentially, yes, also the FAT table retained the sector links.
IIRC it changed the first character rather than adding a character (only 8 remember) so to undelete you had to know, or guess, what the first character should be*.
I can't recall the exact details but I was once able to reconstruct a Word temporary file via Norton even though undelete failed. The user, a young student placement, had spent all day typing a document then failed to save it - one of the times IT managed to save the day and prevent a lot of tears.
*I used to work for an Apricot dealer, swapping between PC compatible and Apricot versions of DOS. The latter used A: for the HD so it wasn't unknown to type Format A: on an Apricot then Y followed by "Oh sh*t!" Ctrl-C and Undelete usually sorted it.
It was the high bit of the first byte of the filename. You just had to flip it back to 0 to get the original filename back. There were/are plenty of undelete tools around to make it even easier.
The character set was quite limited, upper-case only (lower-case letters you type in are auto-translated to upper-case on accessing the directory), some limited range of non-alphanumeric characters and DEFINITELY NO characters above ASCII 126 so the high bit of any character in a filename will never be set other than the special case of setting it for the first character marking that file as deleted.
I recall looking at a list of such deleted files in a utility. MS-DOS had changed the first character of each deleted file to that lower-case Greek character which looks like an "o" with a short tail on the top, sticking out to the right (sigma?).
From your description I first thought you meant "δ" which is delta, but on second thought I think you are right with sigma ("σ").
First programmed a computer when I was at school, in 1969, in Basic, Algol and Fortran. Started work in 1976. Worked in real-time software development and infrastructure development and support on early message switching systems, theatre lighting, POS systems, and market data systems, using Assembler, C, Python, running on CP/M, UNIX and Linux. I've written software for bespoke real-time microprocessor systems, debugging the software in partnership with the engineer debugging his hardware. I've worked on infrastructure development for complex networks of dozens of machines. Retired in 2015.
Still use computers every day (Chromebooks and Linux boxes, no Windows), still writing occasional bash scripts.
No, I don't think I'm new to computers. But I don't know everything about them, and I don't know easily how to type Greek characters.
And yet, with all that background, after reading ElReg this last decade and a half(±), you have never noticed non-ASCII characters in the commentardery, and instantly figured out how it was done‽
Dancing rodents. You have managed to well and truly flabber my gaster. Have a beer.
 Conga rats.
And, for what it's worth, the alt gr key will give you grave accents for when you're feeling posh enough to type café correctly.
If anybody knows how to get the funky I in naïve without resorting to hex codes or the aforementioned comment, I'm all ears!
Alt+0239 = ï.
Strange that nobody has seen fit to mention that little utility hiding within the Windows directory (for Windoze users) called charmap.exe. I think I first discovered it in Win 3. I have it permanently on the task bar along with paint, calculator, a hex editor, and NotePad++.
As I frequently have to write emails in both French and German as well as normal English, I have the need for umlauts as well as grave and acute accents, circumflexes, etc. Using this little utility has taught me that all the accented characters I regularly need can be typed by holding down the Alt key and adding four digits.
I have a Post-it note stuck to the side of my screen which looks like this:
But charmap can give you, as well as Central European characters, Arabic, Cyrillic, Greek, Hebrew, etc.as well as those more obscure characters like © and ® and so forth.
OK, I'm impressed that you can type Greek characters. No doubt it's easy to do if you know how, but still, I'm impressed!
Just add Greek to the languages of your computer (and include the keyboard), after that it is only a matter of switching. And as the Greek alphabet only has 24 letters compared to the 26 of the Latin alphabet, you won't even run out keys.
long later Yes, but the UV EPROM will be inside the case and likely have a sticker over it's quartz window. It would only get erased as a very deliberate action. EEPROMs came along a lot later than UV EPROMs and didn't catch up in capacity or cheapness for quite a while.
I remember there was a trick with Psion organisers and the Datapacks - the 64k (yes k) datapacks were quite expensive, but the Oxford Spelling Checker was a reasonable price (about 1/2 what the 64k datapack cost as I recall) and came on said 64k datapack - one trip through the EPROM eraser at work and I had a 64k datapack - I think most of the PSION user group knew/used this trick as well.
I take the view that delete is a hangover from the days of floppy disks and "enormous" hard drives that wouldn't hold one of my photographs.
My projects tend to have a soft delete and perpetual undelete, just because storage is cheaper than lost data. Although that wouldn't be appropriate in a GDPR adjacent application.
I remember years ago, one drug smuggler did exactly that, and was VERY embarrassed when the police seized his PSION organiser and read all of his 'deleted' files.
"As a drug smuggler, Paul Dye knew that a filofax was of no use to him, but
since his highly entrepreneurial business demanded a portable diary, contact
list, memory prompter, calculator and note-taking device, he opted instead for
a Psion Organiser.
At around (pounds)100 for the basic machine, he got a hand-held computer
whose memory could hold details of his (pounds)200 million drug smuggling ring,
and could be wiped clean if the law caught up with him.
But since he has been fined (pounds)202,000 and is now doing 28 years in gaol
partly on the strength of evidence obtained from the machine's "erased" memory
we may conclude that he potentially has a case under the Trades Description
I knew someone who didn't believe that neural networks existed before the current "AI" obsession.
It blew his mind when I showed him my copy of "Explorations in Parallel Distributed Processing" from 1988, revealing an already-established field of study. As for the 5¼" floppy disks tucked into the back cover, they truly blitzed his chakras.
It may be different now, in the days of whole disk-encryption and journalling file systems, but the act of "deleting" a file usually just removes the directory entry of the file. Unless the disk it is on is getting close to being full, the odds are that it will stay there for some time until overwritten, and any disk-recovery software (e.g. recuva) can quite easily recover the contents of deleted files, if not their original file names.
On the Psion 3 family, updating a file on the flash memory simply writes a new copy of it to be used in place of the older copy. Eventually the thing fills up and needs to be formatted to get the space back. But, yes, I can see people not realising that there may be multiple copies of a file lurking there.
Or, on many filing systems of the era, deleting a file simply destroys the links held in the directory and marks the space as free. The file itself is retained until overwritten.
On an early RISC OS, I was able to recover a file accidentally deleted by doing a *Create to make a file that was as big as the free space. The entire lot was dropped into Edit (the word processor, but could handle control codes) and hacked about with until the file was found and pieced together (not being in contiguous sectors made it harder).
Thankfully RISC OS on a floppy drive didn't bother to blank the file first, it simply allocated it in the directory and left the user/programmer to sort out what happens next. Saved my ass a few times. ;)
Edit wasn't really a word processor - it was a text editor at heart, and although it was invaluable to have one sitting there in the ROM by default, I tended to use StrongEd in preference, with its rather handy hex mode. The number of times I've recovered JPEGs by searching for JFIF or a string that looked in StrongEd like "ÿØÿÀ"...
Back in the day many offices used Amstrad PCW8256, 8512 and 9512 machines as they came with word processing and a printer, and you could buy spreadsheet, database and accounting packages, as it was a CP/M machine. If using the Word processing software and you chose to delete a file, it just flipped a bit on the header and moved it to another user partition. In CP/M you had 16 user partitions on a disk - the equivalent of folders on DOS machines. I file in one user partitin couldn't be seen from the others. Locoscript let you use the first 8, and if you deleted a file it got moved into the partition plus 8, so if it was stored in user 1, the "deleted" file would be moved to user 9 and so on. I think backup copies were also stored there. Finding and restoring them was trivial.
I loved those machines!
The Psion devices had two on-board EPROMs, so that when you'd filled up one by normal file operations (including deletion by hiding) you could copy the data to the other device, shrinking the total of bytes to the number of active files, taking the "full" device out, zapping with an UV eraser, then putting it back in. This meant that one had to be disciplined to work in a way compatible with this workflow.
As PC Paul mentions, the devices had open backs to them to enable them to be zapped, but were supplied with an index tab to cover the hole, analogous to the write-protect tab on a cassette. Cassette? Oh, never mind...
Not really a use of my IT skills, but when one of our users reported their laptop had been stolen, I looked up the footage from the nearest camera, which had actually recorded the theft. Unfortunately said thief had long gone, and the room was open to the public for a special event, so we had no access records.
I dutifully phoned 999, reporting the crime. Within a few minutes, I got a call from our local Police station, so offered them access to whatever they needed to solve the crime. Their response? "Here is a crime number. Please investigate the crime, and let us know if you find anything." The user was obviously not impressed, but chuffed when we were able to to claim on the insurance and buy her a new laptop.
We had a visit from the Police at work, asking if they could view our CCTV footage for a particular night as a crime had been committed nearby. Due to the ancient system we had then it wasn't easy to just view it, but I did offer to drop it onto a memory stick, which they were delighted about - promising to collect it in a couple of days.
That's the last we ever saw of them - so obviously it wasn't that important and I wasted my time trying to help!
The most they might have got anyway were times vehicles passed, the cameras didn't cover much beyond our immediate property boundaries and were poor quality.
"That's the last we ever saw of them - so obviously it wasn't that important and I wasted my time trying to help!"
TBF it *may* have been that the police were able to catch the guilty party red handed (so to speak) and so may no longer have needed the footage.
Still rude not to acknowledge.
"Kind of makes a person wonder what the hell they actually do..."
Mostly struggle with vastly depleted numbers of actual beat coppers. Where I live the nearest plod is based 12 miles away, we don't see one in the area for months at a time. We do have a PCSO, however. HIs beat is "south Sussex".....
My Doctor pointed out that he didn't care about the laptop, but the case included a prescription pad (which could be used to obtain drugs), and his home address (which would make his home a target for drug-seeking crime), and that if there was a home invasion, his family would be very unhappy.
That was sufficient to get the police interested in his small crime. They watched the footage, recognized the person involved, went around to his house, recovered some of the material, and warned him off.
In fairness to the Police, they get some very odd requests for crime numbers resulting from the Insurance companies' love of them. I had a ridiculous one - I had my camera stolen while in Buenos Aires. Didn't realize it had been stolen until too late to do anything practical and I had no desire to get mixed up with Argentinian police (I worked for the UK government at the time). Got home and started a claim on my travel insurance. "Have you got a crime number?" they asked. I pointed out that I didn't, and they asked me to ring the local (UK) police to get one! I duly did so - and had a good laugh with the police officer I spoke to, who expressed great willingness to go to BA to investigate the crime! But he was obviously used to similar silly requests, and I got my crime number, out of which I got a rather better camera than the one I had stolen!
I had a few things nicked when living as an impoverished student in one of the rougher areas of Birmingham. Insurance asked for a crime number, local police said they would get round to it eventually - which they did after the riots in 85. A grizzled old copper turned up at my door with the crime number and the advice to have a look for my purloined hifi amplifier in the local pawn shops. That was it.
Quite sound (pun intended) advice. I had some quite valuable books stolen in Portsmouth, I didn't bother with the police, just went almost literally around the corner to the nearest antique/second-hand bookshop, recognised my books, pointed out to the shopkeeper (fence) my signature inside each one, and issued a few brisk threats involving physical harm and property damage. My books were grudgingly returned.
A previous post of mine:
You may be surprised to hear it, but there was some research done a while ago about how long "volatile" memory holds its contents after being unpowered, and in many cases, it's long enough to take a RAM module out of the machine and plug it in elsewhere and read the contents. Cooling with nothing more than canned compressed air extends the read time, and something like dry ice or liquid nitrogen makes it last orders of magnitude longer.
PDP-8e w/ASR-33 Teletype/paper-tape reader/paper-tape punch, 4Kwords of core memory. BASIC fits into 4Kwords with space left over. Then we got an upgrade: an additional memory board with 4Kwords of static RAM, and an upgraded BASIC. The new, extended BASIC does not fit into 4Kwords, so we leave the computer running overnight, with a large sign reading "!! DO NOT UNPLUG !!" over the power socket on the wall.
Fuckwit janitor unplugs the computer, which was on a wheeled cart, every damn night, and we then spent 40+ minutes toggling in the RIM loader, reading in the BIN loader, then reading in extended BASIC at 10 half-words per second, every damn morning.
I'm not sure how much a 1980s bank branch float would be, but it might stretch to "new life" money, but that's actually pretty hard to get to.
Places that don't extradite tend to be expensive to live in (especially if they know you're hiding), and people who come up with these Great Schemes tend to have issues with impulse control and managing money.
I have a former customer (an IFA), wanted by interpol, happily living in Dubai. They 'only' nicked about £2m (a few years ago), so we're pretty sure they'll run out long before we forget about them.
When I worked in a bank in the early 90s, the ATMs alone held enough cash to buy a decent family home with change left over for a brand new car, especially if it was a bank holiday weekend when the two ATMs *had* to be stuffed full of cash and we still crossed our fingers that they wouldn't run out of cash.
Add in the cash for branch business, plus foreign currency and travellers' cheques and it was a lovely sum.
But... we knew that there were checks and balances (no pun intended) and that you would always, always get caught.
Of course, it didn't stop some people trying and every so often we'd receive internal memos as a deterrent more or less naming individuals who had been caught pilfering even small amounts.
So, a life-changing sum? Certainly - but life-changing in the sense of Her Majesty paying your board and lodgings for a few years.
Not one of my workplaces but someone entered a cheque deposit amount for a client into the accounting software. They missed off the first digit of the amount. Therefore £100k became £00k plus some pence and no one immediately spotted it. When they did the Sh!t hit the fan and an investigation was launched. On further inspection the “1” key was found to have an intermittent fault on that keyboard. Employee was partially* cleared but keyboard taken out back and shot. *partially because they should have double checked the amount.
Places that don't extradite are a poor plan. Well, unless you want to spend the rest of your life in e.g. Dubai and never leave. Much better to disappear somewhere nice, create a new identity, and launder the cash. Done like that you need much, much less to be life-changing. Move to the US, change your name, set up a small business with the cash you nicked and you won't need to work hard, for example - a lot better than being a branch manager.
3 bedroom apartment in Rio would set you back half a million today. In the 80s a million would have gone a lot further..But this is hardly a mansion. Next you'd have to make the cash buy. safely. Then on top of that you'd need protection. Including paying off the police, I'd assume. Add normal day to day living costs for the rest of your life, with no pension, no NHS, so you'd better not get ill .£4m ( the value of £1m in today's values) isn't going to get you that much luxury living for maybe several decades.
Many years ago, I took the view that living off the interest was too risky*. So I decided that you needed to be able to live off the interest of the interest. At that time, savings accounts were generating roughly 10% per annum, so I reckoned on £4million being about right. 10% of £4 million being £400,000, and 10% of £400,000 being £40,000. Since that calculation, inflation has meant the starting capital should now be roughly £12 million.
Unfortunately, I knew of no way I could get hold of the necessary amount (I am neither criminal- nor business-minded, nor play lotteries) so I've been a wage slave for longer than I'm comfortable with.
It is certainly possible to live comfortably on much less, but I set my sights on a reasonably luxurious lifestyle - not needing to work being the greatest luxury. Of course, morally, living off the sweat of other people's brows would make me a parasitical rent-seeker, so I try to assuage my moral shortcomings by supporting policies that help the Gini coefficient for both wealth and income approach zero.
*Essentially, by spending all the interest every year, you are eroding the value of the capital sum by the inflation rate each year (the real, inflation adjusted value goes down). At some point, that means the value of the interest is less than a comfortable annual income. That can happen surprisingly quickly. If you take the approach that the interest rate will approximate the inflation rate, then you preserve the real value of the capital sum each year, whilst 'creaming off' the interest on the interest. Eventually this strategy will fail, as interest rates lag inflation, but over a lifetime I reckoned that was a reasonable risk to take. If you have not lived with high inflation, you might not realise how nastily it bites. Of course, you can eat into your capital, but then you have to hope it lasts your lifetime.
This is much discussed in the FIRE circles and research (based on mainly US data) indicate that with a portfolio of 60% stocks (index tracker) and 40% government bonds, you can spend up to 4% of your total forever.
Of course this is before tax, there have been periods you had to go to 3.5% (starting late sixties) and skips over the difficulty of investing a few million you got your hands on by unconventional means.
If you don't plan to have a family, living off the interest of the interest means that, when you die, there is big pile of money that will eventually be claimed by the State.
I see no reason to let the State get the money - it wastes enough as it is.
If you go to a place where your lifestyle costs you $5000 per month, you have twenty years ahead of you before having spent the capital. Interest comes on top, which will likely give you a few more months.
Back in the day, your costs would likely not have been so high, especially if you move yourself to a country where the cost of living is much lower.
Adjust your capital span accordingly.
These days, the Euromillion lottery hands out a minimum of €18 million to the top winner. Even if I try and push my lifestyle to the €10K/month bracket (you can only eat one Beef Angus steak per meal, after all), that still gives me 150 years of capital.
Forget living on the interest, you're just creating more problems instead of solving the most important one : having fun.
"If you go to a place where your lifestyle costs you $5000 per month"
You film it, put it on YouTube, and turn your small fortune into a large one by keeping the kiddies living vicariously through you furiously clicking away.
I was about to suggest there might be a '...and where did you get this from?' conversatoin.
But I suspect if you've enough money that kind of inconvenient customer/banker interaction can be avoided.
Also, if you've got a few mil, you'd probably pay a decent crooked accountant to invest the money. I expect it's only poor chumps like us that have to deal with bank interst rates these days.
(Same AC here)
You're not entirely wrong, though the math is obviously going to vary a lot with available interest rates. However -
People who nick $2m are rarely going to be able to do that. Not because banks won't deal with them, we know they will, but because they have impulse control problems that lead to them getting into fraud in the first place.
They'll buy a nice house - cash, obviously - and then that's 500k gone on the principle. They'll buy a very nice car, then crash the thing. They'll buy a nice car for the spouse, and then one for their /other/ partner. They'll get suckered into a 'guaranteed winner' of an investment, buy a yacht, or get into Warhammer.
Every thing they do cuts into that principle, and burns down their income.
Because, end of the day, the smart money doesn't do illegal fraud, you find a nice legal one and just keep doing that.
Let's assume that you get that (frankly unrealistic) 3.5%, your $71K (around £50k) isn't going to be going up with inflation. With inflation at about 10% at the moment, the value of that £50k is going to decrease pretty rapidly, to the extent that in a decade or so, it's probably not even going to pay your rent (you didn't use that $2M to buy property, so you're on-the-run and renting).
For example, even at 5% inflation, the real value of that £50K p/a is going to be a little under £30k after ten years. If you assume inflation goes down by 1% each year (currently at 10%, next year 9% and so on), which is an optimistic assumption, it's just over £28k in ten years time.
Also, good luck finding a high-interest bearing account into which you can put $2M, no questions asked, and from which you can withdraw the interest with nobody tracking you down and freezing your assets.
A bank in Jersey (the sort that had numbered accounts and an understanding attitude) back in the day.
One of the directors and the head cashier disappeared at the same time. So did a book of counter cheques.
Cue interpol and an international manhunt. They turned up a week later after a relaxing bit of rumpy-punpy oblivious to everything. The cheque book had fallen down the back of the filing cabinet
Anon, of course.
Background was a 9BUSD turnover international company, publicly listed. The share, if I recall correctly was tanking to the point, after the facts, I remember it was almost every day claimed to be, depending on whether it was an odd or even day of the month, "the highest rise" or "the highest fall" of the index. LOL. Yes, share value was pure white noise, depending on a single investor's sneeze ...
I was once summoned by top mgmt to investigate the CEO's email, for all backups in the past. A lawyer would come personally to pick up all gathered data.
So I spent one month+ restoring every backup from years before, after rebuilding a mail system (complex feat, the solution was phased out for years).
In the end, I was able to recover a fair share of data (50 %), but nothing was found that I heard of, by the lawyer.
I had the time to briefly look at the emails, and saw this bollocks CEO was spending a fair share of time planning for his kids' career. Not really a surprise the company had done so bad during his 25 years tenure !
Hopefully, the company is now mostly recovered, but this was a scary insight into some dodgy CEO life ... And I've stopped investing in any share ever since.
... some forensic auditing at a garage, following parts being ordered from suppliers, to receipt, and booking out to workshop or bodyshop jobs. And then proving that the parts were not for the make/model of vehicle in the workshop/bodyshop. This was then used in the court case of the mid-management employee that was ordering/stealing the parts to order.
The system was old enough that it printed out an audit trail of transactions at the end of each day, so the actual w**k was wading through stacks of printouts taller than the PFY that I was.
Eliminating the impossible! ----------->
Short answer is that the answer is often yes, but sometimes no. And if your backups are only kept a short time before being replaced with newer ones, the issue is moot.
Where it's a no, that's usually covered under "valid reasons for processing" - like "we can't use your data for anything right now, but there's a process to recover it if the police/HMRC ask for it, and we're required to be able to do that".
Note that not everyone has those obligations - the rules for healthcare and finance are very different, f'rex. The GDPR is built to flex around such rules and laws.
Under UK data protection legislation, the data subject has the right for incorrect data about them to be corrected, or, if data is correct, but retention by an organisation is harmful or distressing, they can get it deleted. However, there is always a consideration of the effort involved in compliance. So data could be corrected or removed from online storage, but left in offline backup tapes, and only deleted from those were they to be used for a restore of data at some, unspecified, future date.
Of course published data (such as newspaper articles) cannot be deleted or corrected in the original issue, so retractions and apologies are more appropriate.
> left in offline backup tapes, and only deleted from those were they to be used for a restore of data at some, unspecified, future date
Would they need to keep a separate store of all the data that needed to be deleted at that future date, so they knew what they were looking for?
I had that request from a customer when GDPR came in; please delete all the data that you hold on me and this request once complied with. What could be so sensitive? The kitchen that we supplied to the builder of their 4 bed executive box on an estate somewhere. Sure pal, hang on while I destroy all my backups too...
"The kitchen that we supplied to the builder of their 4 bed executive box on an estate somewhere."
Unless the customer (house purchaser) placed the order and thus was also instructing the builder, it would seem on what you say the customer (who brought the kitchen) was the builder. Not sure if delivery address, if that of a private individual, on a B2B transaction falls under GDPR.
"but left in offline backup tapes, and only deleted from those were they to be used for a restore of data at some, unspecified, future date."
Assuming that the original removal is part of an accessible and usable transaction file ready to be run against a backup might be a bit optimistic :-)
It may well be a required function, but I'd be willing to bet a lot of recovery strategies, disaster or otherwise, neglect that. There will most likely be an inherent assumption that there will be missing data, not additional data when restoring a backup.
"Assuming that the original removal is part of an accessible and usable transaction file ready to be run against a backup might be a bit optimistic"
If, a big if in the case of email, but not necessarily so in case of ordinary transactional operations, if the data is in a good DBMS with a good DBA looking after it then it should be expected.
Eee, when I were a lad, many aeons ago (before GDPR), we did some backups to WORM drives. Not easy to delete some records from them.
As other posters point out, you can devise encryption schemes that allow you to 'forget' how to decrypt data keyed to an individual: assuming each individual has one or many unique IDs which have a list of encryption keys for the actual records linked to them, you 'simply' delete the list of keys, making all records inaccessible. The key management problems are not trivial.
To be honest, I quite like immutable records. I don't want, for example, details of my pension contributions to vanish into the ether; or indeed records of entry to the UK on HMT Empire Windrush. What I don't want is people using them for nefarious purposes: the right to delete is solving the wrong problem, when what you want is to be able to trust people not to abuse personal information. Gaol terms for people/directors of companies abusing that trust, rather than fines that can be written off as 'the cost of doing business' might get people taking things more seriously.
>It does make me wonder how to cope if you have data that falls under GDPR or similar laws. If a customer wants you to delete their account, do you have to go through all the backups and remove it there too?
if its encrypted then can just delete the key and its effectively gone. no key no recovery, obviously don't backup the key, just keep a highly available process for duplicating the key with perhaps a 30 day delete life on all keys marked for delete before they are truly irrecoverable.
That would require a separate encryption key for each natural person. An interesting option to implement on a database system backup.
As others have suggested, if a system contains personal data that can be removed as part of a GDPR right to deletion request then the restoration processes need to take that into account so the data is not subsequently restored and used.
And to answer the argument "but if you delete all personal data you have to delete the deletion request", GDPR allows retention of personal data that you have a legitimate use for. An audit trail of requests processed is a reasonable reason to hold identifiers to ensure restoration processes are compliant.
The problem with complex legislation like GDPR goes back to the manager issue outlined above.
You have a complex legislation, requiring a reasonable amount of effort to read and understand, which has to be implemented before a deadline. You're the responsible manager, do you take the time to learn and understand it, along with your daily work, or do you just look at the headlines, and do the actions that you know will make you compliant even if they're actually pretty blunt. (Remember it's scarey sounding too, with words like 'legal' used a lot in conversations around it).
Hence the 'delete everything' mantra.
Similar thing with the cookie popups, as I understand it, the actual law mandates they're not obtrusive and are dismissable with a single click (equating to 'reject all), yet how many of them actually get further than 'show a cookie popup'.
In a previous job turned up for a shift with a bunch of police that wanted to talk to me - scared the crap out of me.
Turns out, they wanted to listen to a voice recording of a particular line (lots of dealer lines & also some switchboard lines were recorded) and management told that to come to the building and I'd do it but didn't tell me that they were arriving.
These were analogue tapes that had something like 48 lines recorded and the tapes ran for 24 hours at a time.
Anyway, I ran thru a tape over a time period for one particular external line whilst they listened (and obviously I did too).
What transpired was there were some bomb threats being phoned in to reception, in listening to a scratchy recording, could hear a woman in the background and a child, it was one of the managers in the midsts of a mental breakdown phoning in bomb threats. Don't know what actually happened to him in the end. I was asked by the police about what I thought I heard.
Have had to listen in to a bunch of other dealer conversations which included hearing the sex lives of several of the dealers - oops!
People really should keep their work and private (sex) lives separate. One organisation was being sued and the consultants' work diaries were under legal disclosure obligation. Unfortunately one of the 'consultants' used it also to record his 'night time' activities, with star ratings and intimate details. So that had to go through a legal redaction process before release to the opposition's legal team.
I implemented a chat logging system for dealing terminals used by our traders and had to go trough some real logs to get everything working correctly.
The amount of futilities and all kinds of banter logged in those chats dwarfed real work by 100 to 1, I would say. Just confirms the saying that (most) traders are nothing but expensive desk jockeys!
The day after the summer 2005 London terrorist bombings, many organisations were asked by the gentlemen in soft shoes to retain their email backups for the previous 30 days.
Five years later on of our operators phoned the system team to ask if an old mail box could be restored. Not from last month, not last year but yonks ago. We found it, and we also established that the tape was still readable
I remember a request from our support team asking if we could help a customer who was still using a very old version of our software, which required a license key, but after a hardware repair the system ID had changed and the license didn't work. We had long since dropped the licensing stuff and no longer had a license team to generate new keys.
Digging back through email from 10+ years previously I was able to find both the license generation utility and the master key (which I shouldn't officially have had, but was given to do testing & filed away "in case it might be useful"). That earned me a beer or two.
>You just need to be extra careful when and to whom you disclose you have it...
You also need to be careful about storage, particularly if the information just so happens to fall under some act of Parliament and so under different circumstances could earn you a vacation hosted by HMP...
I've had some old requests. One company wanted an explanation a couple of years ago of ~$10k of due payments that were showing up in a report as not having been paid; we had to restore a system we'd decommissioned in 2015 to investigate what had happened to them, but the payments they were asking about were from the 2008 kind of era, so you'd think they could have asked a little earlier. (The big one that was almost all the total was paired with an equal negative amount which was also showing unpaid; most of the others had been paid, but the invoice had been transferred to from a subsidiary to their main company, so it didn't get picked up properly in the data update that got the payment information out of the old system. I think in the end they technically owed us a bit, but we obviously weren't going to press them for it.)
I was less successful when we had a legal request (for a court case) to recover all payments made to a certain vendor ever. We could give them back to ~2006 OK, but before that payment information would have had to be dug out of our (current - 3) system, which was an Access database with a custom front end. Which I was reasonably familiar with, and which I'm pretty sure were backed up to offline storage (they were backed up initially to our fileserver, and some years later we had a big push to archive unused stuff off the fileserver to offline storage), but neither I nor anyone else I asked who'd been around in that sort of era could work out where those archives actually were now, or if they still existed.
I once collated the email chain of an employee who was discussing, with a group of colleagues at other banks, how they could set up an insider trader ring, corner the market and make themselves lots of money. Part way through the discussion as they were getting into implementation detail one of them made the point that perhaps they shouldn't be discussing it using their work emails as they can't be deleted and would be the smoking gun. The others ignored this sensible suggestion and carried on while he tried to make out it was all a joke and seeking their mobile numbers so he could privately shut them up. He "might" have been the only one with a job the next day.
one of our rivial companies had the company secretary divert funds from the company account to his personal one.. was a fairly large sum of money when he was found out.
Walked away with about 80% of what he stole after the company dropped charges.
Amazing what can happen when you alledgedly know about the owner's tax evasion scheme.......
I was sole admin for a sizeable manufacturer back in the early 00s, and one day I was "invited" to the boardroom to confirm to the directors that I couldn't read their email. "Of course I can," I said, "I'm the network admin". They were horrified. "But you don't have permission!" Who sets the permissions? I rejoined. After much huffing and puffing on their part I simply said "Mike, your best defence is that I don't think your email will be very interesting. But I'm starting to wonder if that's true..."
My first job out of college involved a similar discourse, but at a smaller scale.
I do not remember the specifics of the conversation now, but it involved the president/CEO, Senior VP/CFO, Controller, and VP of engineering, oh and my boss the director of IT. Whatever the specific question was, I replied I can access any and all information on the the network, it's my job to protect it. My boss confirmed and calmed the Cs concerns. After the meeting at a local watering hole, one of the Cs said something like "I can't believe we did not realise your level of access." to which I responded, I thought background checks were part of my hiring. Laughs all around, tab was covered by the CEO, I was invited to many more after hour meetings at the watering hole.
Similar when I was the site admin for *everything* and the MD asked that I configure things so that not even I could see his or his secretary's files.
After carefully and slowly explaining how impossible that was he did back down but I still jumped ship not long after that. If they won't trust the site admin they are not worth working for.
Apart from anything else, despite the metaphor of an "envelope" around an email, we all know it's more like a post-card and anyone with access, legitimate or otherwise, at rest or in transit, could read that email if there's no encryption. Most users have no clue how email works and are happy to send all sorts of confidential, sensitive or otherwise private details via email.
Used to look after a purchasing system for a major UK council back in the days when they had council houses and needed to maintain them. Mainframe system that just worked, raise the order, process the goods received notes, pay the supplier, off the lads go to fix what needed fixing. System was how all their tools, materials etc were sourced. However you could circumvent the system by buying something, up to the value of £100, from any available source, and then raising a local purchasing order afterwards. Idea was if the lads were, for example, fitting a new bathroom and halfway through the job dropped and broke the toilet cistern they could just grab a new one from the nearest DIY place and do the paperwork later.
Turns out someone was using local purchase orders to buy electric showers which they then fitted as a cash in hand weekend job. Easy money. Until the business asked 'can you identify who has raised a local purchase order?'. Answer was yes, shortly after that someone was at best looking for a new job, at worst explaining themselves to the Plod. Never new exactly what course of action was taken, but I did get a very nice half case of assorted single malt whisky for Christmas that year. Apparently the local suppliers liked to drop gifts off with the purchasing manager when chasing contracts, and he wasn't a drinker. Lucky me.
The machines were setup in the company's *********. There were a ******* of investigators from the ***** *****. I was there to ******* systems after ***** was ********. During the process ******* of the investigators ****** with *******. I "overheard" the ****** with ***** and suggested ****** to be able to ***** the *****. So to make a ***** story *****, I saved the *** by giving the investigators the **** they ******* to ********* the *********. These guys though just **** did not **** the way ***** blokes do. All I got for ******* their ***** was a *** on the ***** and a *****. I would tell more but the **** of **** prevents me from **** that *****.
This is the reason why many "delete" functions won't actually delete data but only flag the record/email/whatever as deleted. Of course, this functionality is usually known only to certain parts of IT. Same with corporate shredders; some will not actually shred stuff but send it to a "secure" container which is checked before the documents are actually shredded.
On the other hand: some companies have recently started to implement supposed "retention periods" after which all email gets auto-deleted. It's supposedly to avoid sensitive information leaks, but some suspect that the real reason is that having such a policy means that you won't be able to provide evidence that no longer exists.
> some suspect that the real reason is that having such a policy means that you won't be able to provide evidence that no longer exists.
Courtesy of Gates' Microsoft after incriminating emails came up during discovering when they were being threatened with break up (it all eventually went away when they paid off the winning party at the best election).
Gates was quite explicit about implementing the auto delete and the reasons why.
"On the other hand: some companies have recently started to implement supposed "retention periods" after which all email gets auto-deleted."
Yes. Because courts have held that going through your records and deleting/shredding old documents in the face of imminent litigation is itself an offense. However, doing so based on a previously established schedule is acceptable.
It's not good practice, but I have had to pull out emails going back years from my personal PST archives answering queries about the precise details of the set up of multi-year high-value contracts.
As for why I had personal PST archives: the corporate email solution used centralised Exchange, with limited disk space. Auto deletion of email at the end of a retention period had been put in, mainly (as far as I could see) to control the huge amount of server storage being taken up by email. People were using it as a documentation archive. the official document management 'solutions' brought in over the years had all turned out to be uniformly dreadful, so people voted with their tried and battle tested approach: saving everything in email.
I pointed out (using the ingenious argument of a previous somewhat maverick manager) that the cost to the company of my time going through my old emails pulling out relevant documentation and putting into the umpteenth revision of the centralised document mismanagement system was far more that simply letting me store some PST files on some (suitably encrypted) USB drives. So this was allowed, while other colleagues cursed the email retention policy.
These days, corporate lawyers would put the kibosh on it: leaving potential evidence open to discovery is to be avoided. And GDPR regulations (if applicable) are clear on only keeping (personal) data as long as there is a good reason for it, and no longer. But my personal offline archive saved some corporate bacon on more than one occasion. I would certainly be a fan of a well-structured document/data management system with free text search (and regexes) but I must admit that going into my email archive and looking at all the emails to such-and-such a company in the specific time period leading up to contract signature, and emails to and from bid team members in the same period was very easy, and often enlightening. Internal emails also tended to be informative regarding why certain contentious clauses were written the way they were.
This was many years ago, and things are done differently now, often with good reason, but future historians will probably curse us for deleting the good stuff.
I think that that highlights one of the problems of Exchange. It is so often used as a substitue to do "X" where "X" is some sort of records keeping system, or documentation system.
Our entire sourcing department used to use their Exchange mailboxes to store ALL their interactions with suppliers. Massive trees of folders that would more often than not cause Outlook to fall over. Massive problems with covering holidays and personnel changes as huge (for the time) data sets were moved.
This one department used about 80% of the Exchange space with 2% of the personnel. We started recharging departments by weighted mailbox size, at which point they moved the mailboxes to the local hard disk (PST files). Exchange problem solved but another nightmare scenario presents itself.
The correct solution is of course a CRM or SRM product. We even had JDE modules for this.
IT was nearly as bad but we adopted Wikis, then Confluence as the tool of choice for the documentation task as soon as they became moderately viable. The rest of the company is moving over to Sharepoint online. However, mostly they just use word files and convert to PDF and publish that. Not realising that these could be all versioned properly with an audit trail - or perhaps that is what they DON'T want.
(Need Riker and Picard double facepalm here)
I always kept my old emails. I would save a PST yearly, with all my sent and received emails for the year. My boss asked me questions often enough, which I was able to answer by going back to my archived emails, that I felt the practice was worth continuing (even though the process is fairly cumbersome).
Corporate "retention" policies are fine, but personal archives can be quite useful, so I look out for myself first.
On our email system, the default retention period is 7 years. Other stuff, in special categories has longer or "never" retention periods depending on the legal rules surround the data. 7 years for "everyday" non-sensitive emails seems more than long enough and is most likely a legal minimum.
"the real reason is that having such a policy means that you won't be able to provide evidence that no longer exists."
This is not terribly well thought out.
If A has retained their copy of the exchange and knows that B has a retention period which has now expired A has B on toast if so needed. There's no way that B can ascertain for themselves whether what A presents is a true copy let alone contradict it if need be.
This is not terribly well thought out.
If A has retained their copy of the exchange and knows that B has a retention period which has now expired A has B on toast if so needed. There's no way that B can ascertain for themselves whether what A presents is a true copy let alone contradict it if need be.
That is a problem for the legal eagles, not for the bean counters.
Not me directly, but, 1990s, one of my colleagues got called into a customer who were having some severe stock problems. Customer was a building supplies firm that also had trade counter. The problem was profits were down, sales were showing down, staff were sure stock was going missing as they were buying more than they were selling, but a stock take was not showing anything missing, and the cash in hand was balancing up.
The system we had supplied was a standard sales order processing system, not designed for retail use. For the trade counter, they were raising an order against a dedicated account (unless the customer had their own account) then printing the invoice immediately, which the customer would take to another window with a cash till behind to pay it and have it stamped before being allowed their purchases.
The tills audit roll was jammed, but no worry, they knew how much was supposed to be in the drawer because the end of day report from the SOP system indicated totals by payment method.
After some diagnosis, my colleague worked out what was happening.. One particular user would make sales as normal, then later when it was quiet, go back into the system, find a cash sale, cancel the order, and destroy the copies of the invoice and picking list. As a consequence, this would remove the value from the day's cash total, and he'd go to the till and remove that exact amount. The reason he'd not been caught earlier was he'd also been going into the stock system and writing off the relevant stock as damaged. So, everything tallied up, and none of the usual daily and monthly reports indicated how much stock had been written off..
What nobody at the customer knew, including our thief (whom helpfully did all this whilst logged in as himself) was that the system had an activity log file. Normally it was ignored, not being business critical, but in this case proved invaluable to identify exactly what had been happening, in what order, and by whom. And despite being purged, their regular backups provided plenty of older copies to show it had been a problem for a while.
My colleague got a day in court as an expert witness, and the thief got his dues..
Customer also got the till fixed, and ensured they checked the audit roll totals matched what the computer said they should have..
AC because I think he was asked not to tell..
Most probably because the amount of "damaged" stock wasn't in the main reports and not looked at very often because it's normally quite low and after all, who would steal the damaged stock? The waste skips would have been the most obvious indicator of an increase in damaged stock, and obviously that wasn't changing in a noticeable way. It was quite a clever fraud really and may not even have been discovered if the thief had kept the "damages" lower. But, of course, greed. It works, so let's take even more!! The downfall of many thieves and fraudsters.
It's surprising how bad things can get before a small business realises something's wrong. I vaguely remember one occasion when the owner was called, either by his bank or his accountant and told just how bad things were. This was a small supermarket. Hidden CCTV was installed. It showed at least one till operator not ringing up purchases, covertly rolling pound notes (before the pound coins!) on her thigh and passing them on to another member of staff.
Ha. Yes. I had a relative who ran a cafe. He was always having money troubles, could never seem to make a profit. We looked into it... He didn't even have a till, just a cash drawer. His entire accounting process was to count up the cash at the end of the day, and he let anybody take payments whilst he was in the kitchen... I'm surprised he had anything in there at all by the end of the day. We offered to buy him a till, install cctv, anything to help, but no, he trusted his girls... Wouldn't even keep hold of the order slips so we could try to start to work out what was going missing. He went bankrupt eventually, lost the cafe, the staff lost their jobs, and his wife left shortly afterwards. Bloody idiot.
I customarily used to setup Netware so that Filer could retrieve deleted files. One evening one of my clients was ringing me asking to run a restore on a backup as they had deleted some crucial file or other. I always went for the Filer undelete option first because successful restoration of a backup is, of course, dependent on when that backup was taken. Knowledge of the application used to update or delete was also necessary. For instance, if this was a database of some sort then potentially other updated files had to be recovered too. In some cases the detective work involved wasn't worth the effort.
Quite often I've been asked to write financial applications where some kind of solid baseline is needed to anchor the figures in order to cover my backside. An example was a client who had bought an American* accounting system. They often complained that it had no bank reconciliation feature, so I volunteered to write one. I searched in vain for an audit trail within the package to base my calculations on, but there was no such thing, so I had to generate one from scratch every time and compare with the previous one prior to any reconcilation that was needed. Any disparity and my utility would refuse to run. After this system had been up and working for a while they came up with the dreaded data inconsiustency message. Turned out that they had deleted tranactions in the accounts package, and my software had detected this. No criminal intent here, I must emphasise, but I had to amend my software to roll back, report telling the operator that a transaction that impacted a reconciled transaction had occurred, and that everything subsequent to that transaction had to be re-reconciled.
Which took me back to the client's original request for a reconciliation facility. "So THAT explains why sometimes the totals that did match up no longer don't." Basically anyone in the organisation could delete a transaction, and there was no record of it anywhere.
* I doubt whether this could be marketed in the UK with this kind of vulnerability to undetectable deletion. Surprised the IRS allows it though.
I’ve seen a complete delete feature twice: One, Apple’s “Time machine” allows you to remove a file from all backups. Two, Perforce, the source code control system, has a command “obliterate” if I remember right, that will remove a file completely from source control. Very useful if you commited all your passwords by mistake, or if you have a megabyte video and someone checked in the 4GB original.
Re: Ahem: There is a third (or fourth) group. Those who manage but have no understanding of what it is that is being managed.
Which leads to :
Re: I once had a file ( a prospective lawsuit) where the clients owned 50% of the shares of a restaurant business which was actually run by the owners of the other 50%. My clients Group 1, put up 80% of the original investment. Group 2 ran the place. Group 1 lived in Vancouver, BC. The restaurant was at York University near Toronto, so Group 1 had little hands-on capability. Group2 consisted of dad, mum, 2 adult sons and adult daughter.
Since Group 1 was so far away and "'did nothing to run the place", Group 2 decided that they did not have to treat them fairly or account properly for the operations and could rip off the business. In part, the ripping off was an income hiding scheme.
Group1 was suspicious but did not know quite where to start. We started with disclosure requests under the Shareholders Agreement, for an accountant to look at things. They basically had no choice but to co-operate with us in disclosing the financial documents, cash transactions and credit transactions. We actually used a guy who had been a trouble-shooter and forensic manager for a couple of fast food chains. We told them he was an accounting student/intern. In fact he knew more about the business than any of the actual accountants.
We found out that students could use their student ID card as a credit card (about 60% of weekday transactions and 80% of Sunday morning events.
We soon determined that group 2 had been substituting in a 'spare' cash register on Sundays. The cash sales from that register did not appear in the account system, and we were told that the place was 'not even open' on Sunday mornings (which was a lie).
They had NO idea that every student id transaction run through the card reader was recorded with the University and, of course, easily recovered. (The University effectively operated as the merchant service provider for the cards as well as the issuer.)
They had NO idea that the cash registers produced a 'z-tape' recording *every* transaction. They had NO idea that the student ID card transactions were also recorded in the register as credit transactions (as would Visa/Mastercard transactions).
Since they had NO idea, they had boxes and boxes of old z-tapes (think: the equivalent of backup tapes). The registers were quite sophisticated for the time, so the z-tapes recorded that the order was a burger at $x or a cheeseburger at $x+1. It also broke down the 'combo' orders into the constituent parts (for inventory purposes).
And so we knew that the steaks which were ordered every week, NEVER got sold to a customer.
They had some idea that they needed to balance the cash deposits at the bank, so the Monday morning deposit only included Saturday's cash. Sunday did not exist. It turned out that Dad had a separate account at a different bank which got the skim. (No idea what story he told them there about the cash he deposited. Would likely ring money-laundering bells today.)
They could not hide the cheques from the University paying off the student credit card amounts, but claimed that the extra was Sunday afternoon and that, because of staffing problems, they did not take cash on Sundays.
In the end we never did issue a Statement of Claim. We reconstructed the financial history as best we could for the past 2 years and figured out roughly how much had been skimmed and inventory stolen. (Oh yes, son #1 was selling stuff out the back to another restaurant for his own skim. Mom and Dad did not know about that. And I think that daughter was blackmailing her brother for a cut!)
And then, we had a Sunday meeting where we laid out our (reconstructed) history of their frauds. After a while we left to let them talk. We were four walls and 3 doors away and could hear the kids at Dad: "We told you it wouldn't....". And Dad "But I don't understand...How did they know"
It was the only time in 40 years where I heard the opposing lawyer tell his clients to settle *in my presence* or he was going to ditch them.
A settlement satisfactory to my clients was soon reached and there was an entirely new crew in place on Monday and my clients ended up owning 100% of the shares. I got an entirely satisfactory bonus.
Takeaway: A manager who does not understand what he is managing is a disaster waiting to happen.
Secondary takeaway: That keyboard with a key for every item on the menu, is NOT there just so 'Mister-Want-Fries-With-That?' can actually serve you, but more importantly, so the franchisor knows exactly how many orders of fries were sold. Any efficiencies in order transmittal to the kitchen, and service delivery are merely nice adjuncts for the franchisee. Follow the money.
A manager who does not understand what he is managing is a disaster waiting to happen.
In management circles there is a belief that management is a profession in its own right. So, explicitly they don't need to know anything about what-ever-it-is that the people they manage are doing. I know this because a well regarded management consultant we used to have meetings with told us so with pride.
My late father otoh worked his way up from a machinist to managing a factory and could do anything from the accounts to quality control. I know which I'd trust to run a business
When I worked on the employee service desk for a large British retailer, I was once asked to remote in to a IBM 4680 terminal and watch the transactions go through, whilst CCTV observed the same terminal. A certain shop worker was making refunds, but to balance the cash drawer, she would slip herself a £10 or £20 here and there during a real transaction, and slide a Polo mint (‘Lifesavers’) from one pile to another to keep track of her gains. By making refunds, and sliding then Polos back to pile 1, at the end of the day they all had to be back there to balance the drawer.
I was once the IT manager of a now defunct taxi company in New Orleans, USA.
One day I got a call from a police detective on a Monday afternoon, enquiring if he could look at the tape of our outside security cameras on the side street. Someone had been murdered a block away the previous Saturday night.
I said "sure," and arranged for him to come down. When he arrived, I pulled up the footage, only to discover that the cameras did NOT HAVE INFRARED. So about 10 cameras were taking video all night. Of nothing. The previous IT manager was apparently a total idiot.
I had to replace all of the outdoor cameras, which involved climbing a 20' ladder. Did I mention that I REALLY don't like heights. Yeah. It was a fun job.
Biting the hand that feeds IT © 1998–2022