The biggest data security lesson from Hillary Clinton’s doomed presidential campaign
The “race” for the White House is one of the longest, most draw-out events in the world calendar, but as of today it is finally over. Confounding political “experts”, polling companies and the mainstream media, rank outsider Donald Trump has beaten Democrat candidate Hillary Clinton to become the 45th President of the United States of America.
In a campaign marked by bitter attacks and insults, one story simply refused to die – and many pundits think it may have actually handed the keys of the White House to Trump.
The email scandal
During her tenure as Secretary of State (2009-2013), Clinton’s team put together a privately maintained email server. This system was then used to conduct official government business – including discussion of sensitive classified information.
Because the private server was not officially sanctioned, it was not protected by any of the usual defences applied to government IT systems. A later review by the State Department found 2100 emails that were “classified” – and insufficiently protected from hacking or theft.
Clinton’s decision to “delete” thousands of emails compounded the issue. Claiming that all “work related” messages remained intact, many experts questioned whether embarrassing messages – or those that provided genuine proof of wrongdoing - were deleted to prevent discovery.
Despite the case against Hillary being opened and closed three times in total, the story never truly died. Her choice to deliberately flout the rules regarding IT security helped to create distrust in her character – and that hurt her badly at the polls.
When “deleted” doesn’t mean “gone”
The problem with simply deleting files is that they are relatively easy to recover. There are dozens of low-cost tools available that can retrieve files that have been deleted – sometimes even years after the event.
When you “delete” a file on your Windows or Mac PC, it is simply marked as deleted so that the space it consumes on your hard drive can be re-used when required. Until it is overwritten, the file still exists – even if you can’t see it. Which means that with the right tools you can get that data back.
But even if you’re not the US Secretary of State trying to cover your alleged misdeeds, you do need to delete data securely. In the UK the Data Protection Act expects your business to dispose of personal data when no longer required – and it has to be done in such a way that that data cannot be recovered.
So how is data removed permanently?
There are three main ways to ensure data cannot be recovered – and each is best suited to a particular scenario:
1. Secure file deletion software
Secure deletion software removes files and then overwrites the disk space they occupied – often multiple times to make recovery difficult (but not impossible). Although quick and simple, these tools are best suited to deleting small numbers of non-sensitive files at a time.
Truly secure file deletion requires more extreme measures.
2. Secure disk formatting
A basic disk formatting operation tells your computer that it can overwrite any part of the hard disk used to store information. It doesn’t actually remove anything.
Secure disk formatting software is like the secure file deletion software on steroids. It “deletes” all of your files, then overwrites the entire disk several times with random data. The process is slow and intensive, but very effective for preventing file recovery. It is best suited to instances where you plan to reuse your computer hardware.
3. Disk shredding
The most effective way of preventing data recovery is to physically destroy the hard drive. Data can be destroyed in seconds by exposing drives to extremely strong magnetic forces, or through an industrial shredder that slices through the drive and it components.
Taking this approach is incredibly effective – but it’s only suitable for scenarios where you have no intention of reusing the disk. It is also the method that Hillary Clinton should have used if she was serious about disposing of dodgy emails completely.
Don’t forget your data in the cloud
With all the local copies of your data destroyed you need to remove any copies you may have stored in a cloud service, such as Dropbox or Google Drive. If you have file syncing software installed on your computer, files are copied to the cloud automatically.
How thoroughly this data gets removed is decided by the cloud provider so it is important that you fully understand and agree with their data management policies before uploading sensitive data. Otherwise those “deleted” files may still be hanging around somewhere like a smoking gun.
Get some help
Secure data deletion is relatively simple – once you understand the principles. So if you’re serious about putting sensitive data beyond recovery it’s important to use the right tools.
You never know – it may just help you become the President of the United States!