Reader Comments on Aardvark Daily 31 July 2002
Note: the comments below are the unabridged
submissions of readers and do
not necessarily reflect the opinions of the publisher.
From: Daniel For : Right Of Reply (for publication) Subj: Sensitive files Part of my job involves overseeing the repair of PCs for a local computer manufacturer. During the course of such repairs, often it is necessary to go to extraordinary lengths in order to preserve customer data; for instance, if there is a hard drive with bad sectors or seek errors. During the course of such repairs, sometimes it is necessary to attempt to open files to see if any are damaged or corrupt. Given the vagueness of some end-user fault reports or indications as to what data must be preserved or where such data is stored on the drive, you can therefore appreciate why sometimes such measures are undertaken. The usual inexperienced answer to such statements is "use a drive cloning utility", but these utilities will often fail to complete the copy properly if there is a fault of a sufficient magnitude with the drive. Recently I encountered a situation involving one of my technicians and a customer's machine containing child pornography. This was discovered accidentally after the technician selected the contents of a folder named "Work Reports" and accidentally "executed" the files, rather than selecting the copy option to transfer them to a new drive. I immediately telephoned the police and the customer was prosecuted. Should I have turned a blind eye? In the case of the school principal with pornography on his work computer, I would question the validity of defending in any way, shape or form a person who chooses to view or download pornography on a work computer. What they do with their own computer is their own business, but using a work computer would be at best deemed "inappropriate" by most reasonable people. As for sensitive and confidential records being easily accessed by technicians or third parties, one might suggest that if there are files of such a nature stored on a computer then it would be prudent to protect or encrypt these in some way to provide at least a minimum level of protection against these being accessed by third parties. If people choose not to take such measures or raise the issue of security with the appropriate person (IT staff, equipment vendor, support agent) then the consequences should rest with them. Ignorance, as they say, is no defence. Casting dispersions, however unintentional, might be better tempered in the future with a little less sensationalism and a litte more realism. Aardvark Responds I'm certainly not trying to defend anyone who might choose to engage in illegal practices using their PC -- and least of all material such as kiddie-porn. The principal/porn example was simply cited as an example of how careless many people have become in respect to allowing sensitive data to leave their premises. If the principal wasn't smart enough to remove his smut, what chance that other sensitive material was protected from prying eyes? The main thrust of today's column is to wake people up to the fact that sensitive information stored on their PC may no longer be confidential if they're getting that machine fixed by someone of unknown repute. Your suggestion that sensitive data ought to be encrypted might sound good but the average PC user just doesn't have a clue how to go about encrypting their files and, even if they did, would probably find it exceedingly frustrating to have to decrypt then re-encrypt them each time they were accessed. Even if data were regularly de/encrypted, there's still the chance that a PC will fail while being used -- thus still leaving potentially sensitive data in a human-readable form. Perhaps the lack of easy encryption is the fault of software vendors who should consider building it into their applications? From: Dominic For : Right Of Reply (for publication) Subj: I'll be thanked for this! As today's column could have a pivotal effect on the conscience of those involved, I'd like to offer this idea: Download and install a "reminder" application that daily reminds you of something on the computer you stored a while ago and which you want to store elsewhere, like say a floppy disc. Try www.cnet.com for a good start. From: Mark Ross For : Right Of Reply (for publication) Subj: Have Your Say feedback Is the temporary Internet Files folder considered a confidential area of the PC would be my question I suppose; it is the easiest place to find out where people have been surfing... You raise some good points though... I personally am very concerned about protecting my data and have been looking into getting a biometric device (http://www.dooraccesscontrol.com/biometric_mouse.htm) that can be used as the encryption mechanism for the private/personal folders on my systems... From: Steve For : The Editor (for publication) Subj: Porn and Jobs What people fail to take into account when these storys come out is that the person in question may have had a valid reason for actually having the material on their PC. Simply because it is there - does this mean that you are at fault ? Maybe the principle was investigating reports about other teachers/students that had this material (fair enough, someone else should be notified of this incase it was ever brought into the public eye) but I know, from my own job, that at times your work PC can have objectionable material on it, not because YOU were interested in it but because it was part of an ongoing investigation. Currently I am trying to repair a broken news server, one of the key groups that people browse for are the erotica groups, as a result, I have had to subscribe to these groups to ensure that articles are being updated, in other instances we have had people complain about the material in groups being illegal, again, I have to subscribe to investigate - does this mean that I should be dismissed ? Oft times the media does not infact paint the full picture of what is going on, I can defend myself should it come up because of my technical bent, can the same be assumed of a principle of some school that just happened to get his name tarnished and is unsure as to how he should proceed ? From: Fuzz For : The Editor (for publication) Subj: files on HDD This raises the question of what happen when a school, or any fund-driven organisation, is given a computer from recycled parts. Any files wiped off the hard drive may leave fragments or the whole file behind as they may only have had the FAT table re-wrtten. Some institutions amy already have objectionable material on them and not even realise it yet.Hit Reload For Latest Comments
Now Have Your Say
Home | Today's Headlines | Contact | New Sites | Job Centre | Investment Centre