Overwriting it once prevents software reconstruction of the data, but magnetic analysis of the underlying disk itself can reveal (depending on the voltage returned by the resulting 0 or 1) whether the previous value was (within a degree of certainty) a 0 or 1.
It's a counter argument to the urban legend that says data should be wiped multiple times to be truly deleted.
It's worth noting that with today's disks' PRML channels, the signal is barely there already. It's merely "guessed" at (ML in PRML stands for maximum likelyhood). It's seems crazy that anyone could recover something after it's been overwritten. Maybe in the past, but not any more.
It's a legitimate concern given the potential, but perhaps not a realistic concern.
Consider though, the data is digital, and error corrected, but it is written onto a fundamentally analog medium. By reading the medium you can easily determine the last written data which then lets you determine to a rather high precision the signal that was used to write that data (because it's all digital). That then allows you to subtract that signal from your analysis without leaving a ton of residual noise. Now perhaps there isn't much left after that, but what is left will be designed to be read even in the midst of noise, because it employs error correction. Who knows what the theoretical limit of such detection is with state of the art technology.
The evidence does tend to argue against any similar techniques of data recovery being used in practice anywhere today. Does that mean you should feel safe?
Much of Feenberg's argument here rests on technology. STM, MFM scanning. Image storage and processing. Tens of terabytes of data would need to be captured and processed, etc. Technology is not static though. What is the likelihood that there will be significant advances in STM/MFM scanning in the near future? In image storage and processing? In storage capacities in the ten terabyte range? For all of these it's a near certainty that we will continue to see exponential advances for the foreseeable future.
So perhaps abandoning your hard-drive that has been "wiped" once to the vagaries of the world is a safe bet today. But what happens in 10, 20, 30 years when all of those technologies have advanced remarkably and it is not only possible but perhaps even trivial to recover data on such drives? That is the conundrum.
Generally speaking, if you think your drives have contained material which you do very much wish to remain confidential in perpetuity, it probably makes sense to destroy old hard-drives rather than re-sell them. Though the cost/benefit trade-off may be a bit different if you are a business with a lot of data.
SSDs store data by tunneling charges onto and off of floating gates. I strongly suspect that a TLA entity can recover data from the residual charges just as readily as they can from residual magnetism on a spinning media drive.
Having said that, like many others in this discussion, I'm skeptical of how practical data recovery really is vs. a theoretical issue. I'm guessing that the value of the data has to be extremely high before it would be worth while going to the necessary lengths.
Wait - how automated is magnetic analysis? How much would it cost to recover a gigabyte disk, for example? What about non-spinning disks, are they cheaper or more expensive?
I recently watched a talk from 27C3 [1] about data recovery by the CEO of just such a data recovery firm [2]. (Very interesting with a rough outline of what they do and many cool anecdotes from the field.)
He more or less said that recovering all the data from a hard drive that cannot be read with its read/write head (either the original or a spare) would not be feasible or economical for his company. He said it would take several years. (And that’s without even considering overwritten data.)
When asked what’s the best way to destroy data forever he said that overwriting the data once is sufficient in any case. I take from this that at least his company and presumably other data recovery companies cannot read data that was overwritten once, even in principle (i.e. it’s not just a question of throwing enough resources at it). I have my doubts that the government has capabilities beyond that.
The companies that do it charge several thousand an hour, IIRC. (this was back in the 90s?)
Depending on the non-spinning disk type in question, it can be either more or less secure than the usual magnetic HDD. You've got "flash" but that's just a nice word for any number of highly-differing technologies such as MLC and SLC on the inside. And you have NAND vs NOR techs to consider as well.
Perhaps the security in non-magnetic-HDDs comes from the fact that they're so new to the table, not many specialize in restoring data from them.
I have a script that mounts a tiny ramdisk, fetches a statically compiled shred binary I've compiled, and proceeds to shred each disk attached to the system up to 25 times. I generally use this when decommissioning servers not under my direct control.
What happens if you only overwrite a bit if the bit that was there before writing is different? This way your not overwriting every bit, so guessing at the previous bit can lead you astray. Or is that impossible?
Yeah, I don't think hard drives work like that. You can modally read or write at each head, not simultaneously, and the granularity has to be larger than a bit (maybe a byte?)
It's explained by Niels Ferguson and Bruce Schneier in Practical Cryptography in section 22.10.2, "Magnetic Storage".
Overwriting does not completely destroy old data. You can think of it as repainting a wall with a single coat of paint. You can still vaguely see the old coat of paint under it. The magnetic domains can also migrate away from the read/write head either to the side of the track or deeper down into the magnetic material, where they can linger for a longer time. Overwritten data is typically not recoverable with the normal read/write head, but an attacker who takes apart a disk drive and uses specialized equipment might be able to retrieve some or all of the old data.
They also advocate multiple, random overwrites using fresh data as a best practice at this time.
It seems like that should get harder and harder as the density of disks increases. I wonder how different the ease of recovery is for drives made now compared to when that book was written.
Overwriting it once prevents software reconstruction of the data, but magnetic analysis of the underlying disk itself can reveal (depending on the voltage returned by the resulting 0 or 1) whether the previous value was (within a degree of certainty) a 0 or 1.