Home | Today's Headlines | Contact | New Sites | Job Centre | Investment Centre

Reader Comments on Aardvark Daily 31 July 2002

Note: the comments below are the unabridged submissions of readers and do
not necessarily reflect the opinions of the publisher.

 

From: Daniel
For : Right Of Reply (for publication)
Subj: Sensitive files

Part of my job involves overseeing the repair of PCs for a
local computer manufacturer. During the course of such
repairs, often it is necessary to go to extraordinary
lengths in order to preserve customer data; for instance,
if there is a hard drive with bad sectors or seek errors.
During the course of such repairs, sometimes it is
necessary to attempt to open files to see if any are
damaged or corrupt. Given the vagueness of some end-user
fault reports or indications as to what data must be
preserved or where such data is stored on the drive, you
can therefore appreciate why sometimes such measures are
undertaken. The usual inexperienced answer to such
statements is "use a drive cloning utility", but these
utilities will often fail to complete the copy properly if
there is a fault of a sufficient magnitude with the drive.

Recently I encountered a situation involving one of my
technicians and a customer's machine containing child
pornography. This was discovered accidentally after the
technician selected the contents of a folder named "Work
Reports" and accidentally "executed" the files, rather than
selecting the copy option to transfer them to a new drive.
I immediately telephoned the police and the customer was
prosecuted. Should I have turned a blind eye?

In the case of the school principal with pornography on his
work computer, I would question the validity of defending
in any way, shape or form a person who chooses to view or
download pornography on a work computer. What they do with
their own computer is their own business, but using a work
computer would be at best deemed "inappropriate" by most
reasonable people.

As for sensitive and confidential records being easily
accessed by technicians or third parties, one might suggest
that if there are files of such a nature stored on a
computer then it would be prudent to protect or encrypt
these in some way to provide at least a minimum level of
protection against these being accessed by third parties.
If people choose not to take such measures or raise the
issue of security with the appropriate person (IT staff,
equipment vendor, support agent) then the consequences
should rest with them. Ignorance, as they say, is no
defence.

Casting dispersions, however unintentional, might be better
tempered in the future with a little less sensationalism
and a litte more realism.


Aardvark Responds
I'm certainly not trying to defend anyone who might
choose to engage in illegal practices using their PC
-- and least of all material such as kiddie-porn.

The principal/porn example was simply cited as an
example of how careless many people have become
in respect to allowing sensitive data to leave
their premises.  If the principal wasn't smart
enough to remove his smut, what chance that other
sensitive material was protected from prying eyes?

The main thrust of today's column is  to wake
people up to the fact that sensitive information
stored on their PC may no longer be confidential if
they're getting that machine fixed by someone of
unknown repute.

Your suggestion that sensitive data ought to be
encrypted might sound good but the average PC user
just doesn't have a clue how to go about encrypting
their files and, even if they did, would probably
find it exceedingly frustrating to have to decrypt
then re-encrypt them each time they were accessed.

Even if data were regularly de/encrypted, there's
still the chance that a PC will fail while being
used -- thus still  leaving potentially sensitive
data in a human-readable form.

Perhaps the lack of easy encryption is the fault
of software vendors who should consider building it
into their applications?




From: Dominic
For : Right Of Reply (for publication)
Subj: I'll be thanked for this!

As today's column could have a pivotal effect on the
conscience of those involved, I'd like to offer this idea:

Download and install a "reminder" application that daily
reminds you of something on the computer you stored a
while ago and which you want to store elsewhere, like say a
floppy disc.

Try www.cnet.com for a good start.




From: Mark Ross
For : Right Of Reply (for publication)
Subj: Have Your Say feedback

Is the temporary Internet Files folder considered a
confidential area of the PC would be my question I
suppose; it is the easiest place to find out where people
have been surfing...  You raise some good points though...

I personally am very concerned about protecting my data
and have been looking into getting a biometric device
(http://www.dooraccesscontrol.com/biometric_mouse.htm)
that can be used as the encryption mechanism for the
private/personal folders on my systems...




From: Steve
For : The Editor (for publication)
Subj: Porn and Jobs

What people fail to take into account when these storys come
out is that the person in question may have had a valid
reason for actually having the material on their PC.

Simply because it is there - does this mean that you are at
fault ?

Maybe the principle was investigating reports about other
teachers/students that had this material (fair enough,
someone else should be notified of this incase it was ever
brought into the public eye) but I know, from my own job,
that at times your work PC can have objectionable material
on it, not because YOU were interested in it but because it
was part of an ongoing investigation.

Currently I am trying to repair a broken news server, one of
the key groups that people browse for are the erotica
groups, as a result, I have had to subscribe to these groups
to ensure that articles are being updated, in other
instances we have had people complain about the material in
groups being illegal, again, I have to subscribe to
investigate - does this mean that I should be dismissed ?

Oft times the media does not infact paint the full picture
of what is going on, I can defend myself should it come up
because of my technical bent, can the same be assumed of a
principle of some school that just happened to get his name
tarnished and is unsure as to how he should proceed ?




From: Fuzz
For : The Editor (for publication)
Subj: files on HDD

This raises the question of what happen when a school, or
any fund-driven organisation, is given a computer from
recycled parts. Any files wiped off the hard drive may
leave fragments or the whole file behind as they may only
have had the FAT table re-wrtten. Some institutions amy
already have objectionable material on them and not even
realise it yet.



Hit Reload For Latest Comments

Now Have Your Say

Home | Today's Headlines | Contact | New Sites | Job Centre | Investment Centre