Helping people with computers... one answer at a time.

Much of the data that we own can be examined by others and it's important to understand both the possibilities and alternatives.

I've read your current article as well as the referenced articles regarding secure deletion, but I haven't seen anything regarding hidden copies of files. Maybe it's just urban legend, but I've been led to believe that Windows places copies of data in locations other than the ones that you see. That even the so-called secure 'wipe' leaves other copies available to trained cyber forensic specialists.

So you've also now made me question the security of my Carbonite backup. Knowledgeable hacks like yourself and certainly law enforcement professionals can access all of my data either by simply downloading or by especially subpoenaing it. Or is that thinking not really 'real'?

This question raises a number of issues that in some ways, all boil down to "Just how paranoid are you?" And I mean that not in a negative way at all.

The fact is that much of the data that we own can be examined by others, sometimes incidentally, sometimes only as a matter of legal proceedings.

In this audio excerpt from a recent Ask Leo! webinar, I'll discuss some of the things that are worth considering if you're at all concerned about the accessibility of your digital life.

... and even if you're not.

Important: I am not a lawyer, and none of this should be taken as legal advice. If you have concerns for which you need an actual qualified opinion, I strongly suggest contacting an attorney.

Listen:
Download the mp3 (5M)

Transcript

I've read your current article as well as the referenced articles regarding secure deletion, but I haven't seen anything regarding hidden copies of files. Maybe it's just urban legend, but I've been led to believe that Windows places copies of data in locations other than the ones that you see. That even the so-called secure 'wipe' leaves other copies available to train cyber forensic specialists.

So also you've now made me question the security of my Carbonite backup. Knowledgeable hacks like yourself and certainly law enforcement professionals can access all of my data either by simply downloading or by especially subpoenaing it. Or is that thinking not really 'real'?

So there's a number of issues that this question addresses and I'll try and take the pieces of them.

Actually, I'll work from the backend up. The concept of a subpoena...first of all, this is one of those areas that varies dramatically from country to country depending on where you happen to live; the laws, the rules, the regulations that you are subject to may be very different from what I'm about to describe.

So, assuming you're in the United States, yes, law enforcement can subpoena access to anything you have, basically anything you have online, they can actually, of course, subpoena access to your computer. The important thing to realize there, of course, that they have to have a reason.

The whole subpoena process implies that somebody has gone in front of a judge and said, 'We have cause to believe this person is doing something illegal and we need to look at their computer or their online records.'

Once that's approved, then absolutely, whatever you have stored online is actually easily available. Most of the online storage providers have a policy that they will typically respond to a court order and give the requesting agency access to the information that you happen to have stored.

So, I say online storage providers - you mention Carbonite which is fine. They're a good online backup solution. There are several of those. But a lot of people don't realize that also pretty much includes anything else you happen to have stored online in this so-called 'cloud'; everything including Gmail, Facebook, Twitter, Flickr or Picasso, Photostreams, whatever. Anything you have or have used online is easy accessible to them once they've got a court order.

One of the solutions...and that includes things like Dropbox, also. I wanted to make sure that was clear. Dropbox, itself, because you have access via the web to the contents of your Dropbox that implies that the administrators at Dropbox can also gain access to those files. We trust them not to, but that also then implies that they can gain access in response to a court order.

Now the traditional solution to this is to encrypt the data that you keep online. So, for example, there are several solutions for Dropbox that automatically encrypt the files before they're uploaded. It adds a level of complexity and actually adds a level of inconvenience when you actually try and use those files but it's one approach.

I don't know if Carbonite itself encrypts the data that's being backed up. I kinda hope that it does, but I honestly don't know. Some backup solutions do; in other words, they will encrypt the data locally on your machine and then upload only the encrypted data which would then render it inaccessible to the administrators or anybody coming at you with a warrant.

I'm currently using Amazon's s3 as a second or third level backup for almost all of my files and when I elected to set that up, I made sure to run everything through an encryption pass before the data was uploaded to s3. Because, once again, it's not that I have anything to hide, but in my case, I also have files from clients, my own personal data; I just don't feel comfortable having it necessarily be 'out there' intentionally accessible to authorities who might come in with a warrant. Again, not that I ever expect them to.

And, in fact, that leads us to the next level and that is that with a warrant, your computer is accessible. I mean, we've heard about this before too where law enforcement officers will come into a suspect's home with the appropriate search warrant and actually take their computers and take them back to their facilities and do whatever kind of analysis that they might want to do including analysis of the files that are visible, for deleted files, etc.

So once again, the only real solution there is encryption. Where you really feel that is something you want to keep truly private, even those kind of prying eyes then you really do need to be looking at Hold This or other kinds of encryption solutions, like TrueCrypt where the data that's stored on the disc is just so much random noise unless you have the password or passphrase to decrypt the volume that contains the data that you're trying to keep private.

Now, there's one final twist to that particular aspect of it. And that is there was a recent case where an individual was...the government attempted to compel an individual to reveal their password so that the data on their computer could be decrypted. Now, I don't know the state of that, but the fact is that is an approach that they are attempting to push through. Right now, I believe the EFF, the Electronic Frontier Foundation, and other organizations who are attempting to maintain civil liberties are fighting that very strongly.

As it turns out, the case in point became moot because the password was finally discovered, but not through any kind of deep analysis. What I heard was a friend of the individual gave the authorities some number of common words that might be associated with that individual. I don't know if they mean by a pet's name or family names and that kind of stuff.

So what they ended up doing was effectively using a semi-brute force attack using the information already related to that person and they were able to just open it up with that added information. So that was kind of interesting and it's another approach that authorities have at least been trying to.

So to go all the way back on that, when you really end up being that concerned about your privacy it becomes a level of to put it to...to use a word that I hate to use because it has such negative connotations that is it really depends on how paranoid you are. It depends on how concerned, how real a threat you think you're under, the degree to what steps you need to take.

In my case, I have encrypted the files I upload to s3 but the files that are all on my servers that are equally' subpoenable' are not encrypted there so it's a trade-off.

The other part of this question is hidden copies of files. I'm not aware of any. To the extent that you run a secure delete, or I'm sorry, a free-space wiping utility (such as you might find in CCleaner - that cleans everything), I believe that's cleanable.

Now, there are some areas on the disc that may contain trace information. For example, somebody pointed out to me the other day the hibernation file. The hibernation file contains an image of your computer's memory, all of it at the time you put your computer into hibernation. Well, depending on what's in memory, there could be some interesting stuff there and there's no real easy way to access the hibernation file or even delete the hibernation file without turning hibernation off.

So, again, if that's something you're concerned about, I would turn hibernation off. Similarly, the paging file can have random bits of information in it that might expose interesting things, if accessible. The solution there too is not necessarily having a paging file. If you've got enough RAM in your machine, you don't necessarily need a paging file and that kind of sidesteps that problem completely.

So, I don't know if that covers exactly what you are asking for but it's an interesting and deeply complex problem when you start talking about truly, truly protecting or absolutely protecting all of the data that you place both online and on your own computer.

As I think Peter is mentioning, 'Just because you're paranoid doesn't mean that they're not out to get you.' Absolutely! And that's one of the reasons that I say that the word 'paranoid' has this negative connotation to it; we tend to think of it in a negative light, but there are absolutely people out there who have very real, very legitimate, very strong concerns about their privacy, their data and I absolutely don't want to minimize that. They are paranoid and they have every right to be paranoid because of the situation they might be living under.

Article C5119 - March 17, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Kevin
March 20, 2012 9:59 AM

Hi All
First of all I have no System Restore or Hiberfill..in fact have very little of that sort of thing..what I do have is a reasonable amount of Ad blocking...Track blocking almost 100% and as regards the article very strong against lack of response to an obvious problem..And def do an Image backup at least once a week (Do blame Leo for that)..But really has saved my butt more than once

Kevin
March 20, 2012 10:24 AM

If really necessary just wipe free space by cclener (or another) usually 3 times is sufficient but use 7 if worried. Should use Ccleaner also after Sandboxie


ron
March 20, 2012 11:01 AM

What about Shadow Copies?

John
March 20, 2012 11:02 AM

There have been several cases where the authorities have attempted to compel a suspect to reveal the password for encrypted hard drives. Leo mentioned one case; in another, the court held the suspect in contempt and the person is in jail pending appeal; in the last case, the court ruled giving a password out is tantamount to self incrimination and did not require the password to be revealed. At this point it depends on the state you live in.

I suppose you can encrypt your drive and have encrypted files within it as truecrypt suggests for plausible deniability, but that requires accessing those files only in specific ways so no trail is left. Probably a bit much of any of us.

ron007
March 20, 2012 7:48 PM

Kevin. Great, you eliminated those 2 points of "hidden" data. That seems to indicate you want to take your data security seriously.

Here is a question for you. Do you use full disk encryption? Or does your Image copy software encrypt your backups? If not one or the other then your data is exposed that way. When the cops subpeona your computer they make it general enough that they vacuum up anything digital. That includes your backups, usb drives, and CD/DVD that even looks to be written on. Heck, if they even have a ghost of an idea that your microwave could have data on it they'll take that too. Here is an example of a search warrant request against a student accused of hacking:

http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-B.pdf

Take a look at what they asked for, they obviously have "boiler plate" text they copy down to cover everything possible: "all objects capable of storing Digital data in any form ... firewalls ... routers ... software ... hardware ... computer passcodes, passwords, and/or protocols". They totally shut this kid down. It happened to be exam time. Talk about s*****d. The basis for the charge was ludicrous, they couldn't prove anything.

Ken B
March 21, 2012 7:30 AM

The original question states "Maybe it's just urban legend, but I've been led to believe that Windows places copies of data in locations other than the ones that you see. That even the so-called secure 'wipe' leaves other copies available to trained cyber forensic specialists."

I have a feeling that this is based on some scare-mongering techniques that I have seen used in "security suite" software packages. One such technique that I've seen (it's been a while, so I don't recall who was doing this) claimed that Windows kept "secret copies" of "everything" that you do on the computer -- every file ever used, every website ever visited, everything of everything, for all time -- and that this software was supposed to "clean up" all those "secret copies".

Of course, we all know that keeping copies of "everything", "forever", is simply not physically possible without infinite storage space. But, the intended victimscustomers weren't mean to think that far, and simply buy because they were scared into it.

Kevin
March 21, 2012 9:30 AM

Alas do not live in the USA..Still we all have to do our very best..So if we all take reasonable precautions it will make all against us far more difficult to execute..Would suggest that there are human ways to combat State ?????

K.Vee.Shanker
March 21, 2012 10:43 PM

I'm (from India) not clear why people should be concerned about legal authorities accessing one's data with a court order. I'm of the opinion that an authority would approach you/your data only on legally valid reasons, especially in USA. Otherwise, there's no reason why should anyone be concerned about that possibility. Unless one believes that any legal authority might invade privacy illegally or has done something illegal to hide, no one should be concerned. So, I'm confused.

I was really surprised that Leo went the extra mile about hiding one's data that I am afraid that he might be construed to be one actually helping criminals. I do not find any statement in the article protecting him against this possibility.

Kevin
March 23, 2012 2:32 AM

Think K.Vee.Shanker raises some very valid points. If you do nothing wrong you should have nothing to fear from the State. My own concerns apply only to Cyber criminals and to those who would secretly invade my privacy


Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.