Posted on Monday, November 27th, 2006 | Bookmark on del.icio.us

Herding sheep

by Jeff Nathan

Last week I came across an eWeek article describing a new laptop locator that promises to help companies avoid costly disclosures in the event a laptop is lost. And, let’s face it, a lot of laptops are lost or stolen, including government and military. This new laptop locator offers an obvious twist on an existing market; once a laptop reported as stolen is connected to a network it “phones home” to report certain system level activity and (according to the manufacturer) can completely delete all data remotely.

The product offering seemed quite reasonable until I read further and noticed it’s being pitched as a means to simply avoid disclosure. Presumably, the idea is that deleting the data prevents disclosure. Unfortunately, this is a leap of faith for a number of (hopefully) obvious reason.

When a laptop is stolen by a petty thief as a crime of opportunity, deletion is a reasonable approach to avoid disclosure. However, all the press covering stolen laptops are doing an excellent job of telling criminals what they’ve been missing when they steal a laptop. When a laptop is stolen to mine information or a petty criminal simply realizes there’s another cash opportunity, they can easily remove data from the laptop without ever being subject to the “Data Deletion Process” as described by the manufacturer.

Whether by removing the drive and connecting it to another computer or simply copying the data to another drive the data can be retrieved. IT Professionals and hobbyists have already documented all the steps necessary.

When used to prevent disclosure of a breech, it seems as though this product and others like it will protect consumers from only the most ignorant criminals. If the data is copied by removing a laptop’s hard drive or a Knoppix bootable CD is used to access the disk, the data access isn’t accounted for by the laptop locator.

Particularly in the case of a laptop locator with remote deletion capabilities, it might be in the best interest of a criminal to sell a stolen laptop the laptop without reinstalling it after mining data. Once the data has been remotely deleted and a third party potentially arrested, the affected company is lulled into a false sense of security and all those pesky consumers won’t be any wiser that their personal information has been stolen.

This entry was posted on Monday, November 27th, 2006 at 11:10 am and is filed under Arbor Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment