Michael Gove is reported to have been using his private email account and won’t reply to emails sent to his official address. There are so many reasons why this is a bad idea. Here is my (almost certainly incomplete) list just in case the Rt. Hon. Michael Gove happens to pass by:
- It’s not based in the UK. In fact, Google pride themselves in not telling you were the data is held (just try finding out);
- Google is a US-headquartered company. As per Microsoft’s announcement, the US PATRIOT Act seemingly trumps EU and UK data protection law, even if the data was in the EU;
- You can’t encrypt the emails at rest;
- There’s no guarantee that the data will be there tomorrow, as this example from Yahoo amply demonstrates;
- While Gmail allows you to turn on HTTPS and a form of two-factor authentication, these are optional and probably turned off;
- The foreign governments are alleged to have already hacked into Gmail;
- On occasion, email accounts have been mixed up, where one person reads someone else’s mail;
- These emails may not be retrievable under the Freedom of Information Act.
You only risk what you don’t value. If Mr. Gove believes the emails he receives and send to be of such low importance to put them at this sort of risk, is he the best person to be a cabinet minister?
I want to a presentation by Robert Thibadeau on Thursday last week, who was talking at an ISSA UK Chapter meeting, relating to Advanced Persistent Threats (APT), specifically where an attacker is able to modify some part of the pre-boot code, prior to an Operating System being loaded. The thrust of the discussion was about encrypted hard drives being a part of the armoury against these types of attacks, along with Trusted Platform Modules (TPMs).
As we all know, the standard practise of secure erasure for hard disks is to overwrite every sector seven times.
And then there was this nugget of information that I found highly interesting: this won’t work on Solid State Drives (SSDs). The architecture of these drives is determined by the underlying memory technology. Each “sector” on an SSD can only be written to about 1,000 times. In order to deliver a decent lifespan on the more expensive drives, therefore, the drive actually contains significantly more storage than stated on the packaging, with all data going through a load-balancer, to distribute the “writes” across the drive.
This means that it is very difficult to use a process involving overwriting data as each sector may actually be in a completely different place each time you try to overwrite it.
Robert’s proposed solution to this is to encrypt all data on SSDs, regardless of whether they’re in mobile devices or not. This way, the data can be rendered unreadable simply by erasing the encryption key.
It’s worth considering and factoring in to asset disposal processes.