Anyone who looked at The Guardian’s website in the last week will have seen a picture of one of the newspaper’s own laptops smashed and in pieces. Why did this Mac have to die?
Hard drive picture from Shutterstock
The article accompanying the photo describes how The Guardian was visited by representatives of GCHQ who, believing The Guardian were using the laptop in question to store files provided by the NSA whistleblower Edward Snowden, demanded that the data on it should either be handed over to them, or destroyed.
The fragments of computer pictured on The Guardian’s website make it clear that they chose the second option. Leaving aside the rights and wrongs of an intelligence agency interfering with journalists, and the fact that electronic data is very easily replicated, was it really necessary to smash up a computer in order to make sure the data was really gone? Well, truly deleting data might be harder than you think.
A standard computer will store your files on a “hard drive”; specifically a stack of spinning disks coated in a magnetic film. This film acts like billions of tiny magnets, each of which can be in one of two positions, representing either a one or a zero. All of your files: documents, pictures, music and movies, are encoded on these disks as sequences of ones and zeros. To keep things organised, the hard drive has a table of contents that indicates which parts of the drive are currently in use and where each file is stored.
Deleting a file only deletes the file’s information from the drive’s table of contents; the ones and zeros that make up the file remain on the drive. Until this data is overwritten, it is easy enough to look at this ghost data and reconstruct the file. An analysis of second hand hard drives from eBay found 40% contained personal information that could be recovered in this way.
A more sophisticated method of removing a file is to repeatedly overwrite the file data with random values and then delete it. This is the standard method of “securely deleting” files used by many businesses. There are many free applications that will do this for you on Windows (for example, Eraser); on a Mac this can be done via the “Securely Empty Trash” option on the finder menu and on Linux you can use the “shred” command.
But even this isn’t guaranteed to destroy the data completely; when viewed under a magnetic force microscope, a tiny magnet on the drive that has recently been switched from a 1 to a 0 will look slightly different to one that has been in the 0 position for a long time. Therefore, with a well-equipped lab, it may still be possible to reconstruct the deleted data. A further complication is that it would have been hard for The Guardian to prove to GCHQ that this procedure had been carried out correctly; showing GCHQ the smashed pieces of a hard drive would certainly have provided more conclusive evidence.
Smashing a hard drive is a sure way to stop it functioning as intended (step-by-step instructions on physically destroying a hard drive can be found here). Companies that specialise in the mass destruction of data will put hard drives through an industrial shredder. But even this may not be enough to ensure the data really is unreadable. Each fragment of disk will still contain the ones and zeros that represent the files, and so with advanced lab equipment they could be read and pieced back together. The Guardian reports that they used angle grinders to destroy their drive, which would have probably fragmented it into pieces too small to read. In which case, we can be sure that the data on the laptop in question is gone.
Justified or not, the complete destruction of The Guardian’s hard drive was the only sure way to be certain that the data was really gone, but many questions remain. For example, the pictures on the Guardian’s website only showed the smashed case and main computing boards, not the computer’s memory and hard drive. So what happened to the actual hard drive that stored the data? Why were parts of the computer that hold no data also smashed?
It’s unlikely that The Guardian or GCHQ will be providing answers to these questions anytime soon. So that leaves us with one final question (originally posed by security expert Matt Blaze): does an AppleCare warranty cover the destruction of a computer due to interference by the secret services? Let’s hope so, because it looked like a nice laptop.
Tom Chothia is Lecturer in Computer Science at University of Birmingham. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.