Today, a friend of mine shared Tim Cook’s customer letter published days ago on Apple’s website. He argues that recent government’s demands to remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically will make it easier to unlock your iPhone. The government uses 1789 All Writs Act to justify the power to reach into anyone’s device to capture their data. What I want to discuss here is how all this reflects into the reverse engineering world of data recovery.
Encryption
Wikipedia defines encryption as the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. When one wants to recover data from an encrypted media the very first question you will be asked is what encryption scheme has been applied to the media. In most cases factory default algorithm was running the show.
Recently we are seeing drives with the encrypted firmware coming our way all manufactured by Seagate. The only hard disk drive manufacturer to perform data recovery service. Seagate claims that this way user data remains protected even when drive has a malfunction while in fact only the cost to recover data increased. Conspiracy theorists argued this way manufacturer can remotely disable you drive and have it forensically examined in-lab and since they hold all the keys. What about protection or privacy? No way, use drives from WD or Toshiba, they say!
What about them? For the most part Western Digital uses hardware encryption to protect user data while Toshiba uses their own (or former Hitachi way) to encrypt the “user area”.
Traditionally data has been kept “secret” with the key generated from your BIOS. This way data access can be achieved by breaking the key stored in a special area of disk firmware. Today encryption works different way and while many believes can not be broken it is quite opposite. It may take more time and therefore will be more expensive but it can be done. In most cases smaller labs will have to forward this job to a bigger players capable to invest money in reverse engineering. Keep this in mind next time when you want to buy a hard disk.
What about privacy or protection? Does encryption protects my personal data? The answer is yes but with limitations.
Protection
When in 1998 the United Kingdom of Great Britain and Northern Ireland pushed the Data Protection Act 1998 (DPA) in the Parliament they defined the law on the processing of data on identifiable living people. To this day it is the main piece of legislation that governs the protection of personal data in the UK. Information or data privacy usually referred as data protection is basically the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Today most of the countries around the planet have similar laws and regulations governing data protection.
However, it is likely to say there is no such thing as truly private information, unless it exists somewhere outside of any computer network?
Privacy
Privacy concerns exist wherever personal or other sensitive information is collected, stored, used, destroyed or deleted. Today we hear about data privacy issues arising from sources, such as: Healthcare records, financial institutions and transactions, residence records, genetic material, location-based service or web surfing behavior. Information about privacy with My Data Recovery Lab is published here. Most data recovery service providers will have to protect your privacy by law and most of the companies like ours have sometimes rigid standards when it comes for protection of customer’s data or their personal information.
As the challenge of data privacy to utilize data while protecting individual’s privacy preferences and their personally identifiable information remains the areas of data security and information security design, software, hardware and human resources continues to grow at high rate most of us remains skeptical. In the same time laws and regulations related to privacy and data protection are constantly changing. It is an epic struggle that will continue in decades to come.
