When British intelligence ordered the destruction of laptops containing copies of Edward Snowden’s trove of stolen files in 2013, the U.K.’s efforts were scoffed at by many as merely symbolic. Now two researchers say an analysis of what is left of those computers raises questions about what it means to delete a file in the digital age.
Within weeks of its first report stemming from Mr. Snowden’s national security disclosures, The Guardian, the U.K.-based newspaper, was ordered by Britain’s GCHQ spy agency to surrender its computers and have those files permanently purged. The paper ultimately obliged, as was widely reported at the time, but not before securing a deal that allowed the destruction to occur by The Guardian’s own staffers in the basement of their East London office, albeit under the direct instruction and supervision of two government agents.
Although the GCHQ’s attempt to rid the planet of leaked security documents has so far been unsuccessful, the same can’t be said about its ravaging of those Apple MacBook Air laptops. Indeed, those machines were sufficiently degraded and left resembling not much more than a mangled assemblage of cracked circuit boards and computer chips. By investigating the methodical deconstruction of the devices, however, researchers Mustafa Al-Bassam and Richard Tynan say they’re more curious than ever about the operations of GCHQ and its “Five Eyes” partners — allied agencies in the U.S., Canada, New Zealand and Australia.
Mr. Al-Bassam, a British security researcher, and Mr. Tynan, a technologist with Privacy International, a U.K.-based organization that promotes the right to privacy, were given privileged access to the smashed laptops earlier this year and presented their findings at a hacker conference near Berlin, Germany, this week.
The remnants are thought to be a first of their kind, Mr. Tynan said, in that a computer that’s been sanitized by GCHQ in accordance with the agency’s classified procedures for destroying top-secret information has never before been left to the public domain.
Details exist as to how other Five Eyes groups go about data destruction, he said during the presentation on Monday, but the U.K. does not publicize its own procedures. Nevertheless, the two researchers were able to deduct that GCHQ’s operations do largely mirror those used by partners like the U.S. National Security Agency, and are far more advanced than just pressing the “delete” key.
“Potentially there could be quite a lot to learn from GCHQ about how to properly eradicate a device,” said Mr. Al-Bassam. “Maybe there are things that they know about other devices that we don’t?” he asked.
The forensics that the team performed revealed that government agencies don’t take risks when it comes to data destruction. Not only were some components on The Guardian’s laptops cut in half, like the CPU, or central processing unit, but British spies instructed less obvious parts of the computer, including battery sensors, touchpads and keyboard controllers, to be utterly destroyed.
“They were very precise,” Mr. Tynan said. “They came in with their shopping list and said, ’Drill this chip; turn it over; drill that chip.’”
Once information that’s classified as top secret ends up on a computer, Mr. Tynan said, that machine will also be considered to be harboring highly sensitive data, as far as GCHQ is concerned, “because there is is no effective way” to truly sanitize by the government’s standards. Keyboard controllers pose the risk of giving an attacker the ability to see a user’s passphrase if successfully reverse engineered, he said. Other unassuming components, like the trackpad that comes standard in Apple laptops, are powered by computer chips that can store megabits of data and also must be destroyed since, in theory, they could be used to covertly hide files.
USB sticks are “almost impossible to adequately sanitize,” Mr. Tynan said, evidenced by what occurred in The Guardian’s basement. According to the researchers, every single chip was removed from each portable drive, and then the parts were ground into small pieces that left a product that seemed “close to dust.”
Not every individual with a personal computer is hoarding government secrets, necessarily. But an analysis of the lengths government agents went to in order to wipe Snowden data from The Guardian’s laptops suggests that the average MacBook owner’s digital deletion practices wouldn’t cut it with GCHQ.
“We all have these devices ourselves,” Mr. Tynan said, “and, in some cases, we may actually need to delete some very sensitive information.” Unfortunately, he added, deletion can sometimes be a matter of life or death. Activists around the globe routinely risk grave repercussions if they’re caught with sensitive information, he continued, pleading, “I really don’t want to have to advise them that the only way to be sure to get rid of this information is to actually start taking out an angle grinder to a very expensive laptop.
“We ought to be able to have verifiable deletion of our information and know that that information is gone, because the consequences there can be highly, highly damaging,” he said.
“GCHQ don’t seem to trust Apple with their top secrets, so maybe we shouldn’t.”
The researchers say that plan to publish more findings in the months ahead. Currently, they are filing requests to learn more about hardware components used by various computer manufacturers and their capabilities.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.