Ashley Madison breach a painful reminder of online data's permanence
The is undoubtedly alarming to the millions of people who used the site that encouraged听extramarital affairs 鈥 especially to any customers who paid to have their data scrubbed from the site.
If you believe听the apparent听attackers 鈥 the individual or group calling itself the Impact Team 鈥 Ashley Madison retained听customers' names and addresses even after they paid $19 for a "full delete" of their details. After the Impact Team posted听some Ashley Madison user info听online earlier this week, the company 听and said it "does in fact remove all information related to a member鈥檚 profile and communications activity."
Regardless of who is right in this case, the Ashley Madison breach highlights听a stark reality when it comes to controlling personal information shared online: Truly deleting it takes more effort than dragging a file to a virtual trash can.
"You don鈥檛 have any good way to ever ensure that that data is gone," said Doug White, a digital forensics expert听who also teaches at Roger Williams University.听
Auditing a site鈥檚 deletion claims can be nearly impossible, Mr. White and other experts said. Even if the site says it will delete user data, there is no sure way for customers听to check if the data is permanently gone.
Furthermore, requesting a complete data scrub can be complicated for customers.听As Ars Technica听, many users found that the process to delete their听profiles and information on Ashley Madison was complicated and confusing. The "full delete" service offered by the site includes erasure of a user鈥檚 profile, private messages, profile, site history, photos, and other personally identifiable information.听
But even when users request that data be removed from websites, companies have little incentive to actually erase it, said Andrew Sudbury, cofounder of the online privacy company Abine. He said full deletion of user data is听not a common practice among Web companies because it has become so easy to store lots of information in cloud servers and there's little legal pressure for full data deletion. Plus, he said,听customer data is a goldmine for companies that can analyze and sell it for additional revenue.听
Full data deletion is also a labor intensive process. For instance, a site such as听Ashley Madison would need to remove the information from every server the data exists on, including backup servers. This can be complicated if the company does not keep a thorough inventory of the kinds of information stored and where it is housed. Even after the information is "deleted" from a server, to truly ensure it is erased will mean writing over the data.
One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user鈥檚 data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place听the customer's data exists.听That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.
The Ashley Madison breach is "also a good case of, 鈥楧on't retain more data than you need,' " Hoffman-Andrews wrote听in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.
When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.
Even on personal computers, deleting data takes a more effort than dragging听a file to the trash, emptying it, and calling it a day. Users must go a step further to eradicate the file. While the you can鈥檛 see the file anymore, White, who also teaches at Roger Williams University said, the information can still exist on the hard drive.
"Someone with piece of forensic software can find it and theoretically recover it depending on how many times you鈥檝e written things to the disc, how many pieces of information have been stored now since it was deleted,鈥 he said.
To ensure the file is destroyed, specialized software must be used to find the physical location of the information on the hard drive and write over it with new information at least once. According to White, more security conscious users might write over the file hundreds or even thousands of times.
When it comes to giving out personal information to any websites, experts urge consumers exercise caution.听White recommends supplying a website with a fake name and address if possible, and have a credit card that is only used for more trusted sites.
听
