lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050331182444.GA30442@navigo.com>
Date: Thu Mar 31 19:36:23 2005
From: rara at navigo.com (Rachael Treu-Gomes)
Subject: Secure Data Deletion Idea?

For starters...

Other than the standard difficulty of proving a negative...
("Prove to me you didn't read this book."  "Prove to me
you didn't keep this data."  "Prove to me you're adequately
following HIPAA/SOX/GLBA/etc regs regarding privacy where 
appropriate on data that you don't have but had, that may 
or may not have contained sensitive information. subject 
to privacy laws...")

Questions as to willful disregard and accomplice spring to
mind in cases where a company is being paid to launder and
destroy evidence.  You could probably write a contract 
releasing you from liability, to the tune of,"...the client
asserts that all data being submitted for destruction is
legally eligible for destruction and the service provider 
assumes no responsibility for..."

...but that's hardly "no-questions-asked."  

ymmv,
--ra

-- 
rachael treu-gomes                        rara at navigo dot com
             ..quis custodiet ipsos custodes?..
(this email has been brought to you by the letters 'v' and 'i'.)

On Thu, Mar 31, 2005 at 10:23:40AM -0800, John Blood said something to the effect of:
> I know there are a lot of people that want to comment
> on this....
> 
> I'm thinking about what the possibilities for a secure
> data deletion business would have in the United
> States.  What are the legal ramifications of providing
> a no questions asked data wiping service to businesses
> and individuals (using tools like DBAN, Erase, etc). 
> It's understood about data not being totally "gone" no
> matter how many times it is erased, blah blah blah,
> but are there any constraints that would prevent such
> a business from flourishing? 
> 
> 
> 		
> __________________________________ 
> Yahoo! Messenger 
> Show us what our next emoticon should look like. Join the fun. 
> http://www.advision.webevents.yahoo.com/emoticontest
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ