Chapter Fifteen. Sanitization and Usability
DELETION POSES A FUNDAMENTAL QUANDARY TO SECURE USABILITY. On the one hand, users would like to be able to undo their mistakes—to undelete files after they have been deleted accidentally. On the other hand, users would like to know that sensitive data is actually removed from a disk when they delete it—removed so that it cannot be recovered by an adversary.
Anybody who has a paper shredder lives with this quandary. If you get one of those preapproved credit card offers in the mail and you don’t need it, you can always just throw it into a recycling bin. If you change your mind and decide that the 0% introductory rate might help you finance a new laptop, you can always pull the offer out of the bin and fill it out. Of course, these preapproved offers can also be used by crooks in the commission of identity theft: if you are really sure that you don’t want to take out that new credit card, you’re better off shredding the offer and perhaps even the envelope in which it came. The best paper shredders make it easy for you to inspect the chad to make sure that the information is no longer intelligible. Some companies that care about their data security let their employees throw whatever documents they wish into recycling, but the paper is then shredded before it is given to a waste hauler.
Today’s computers use the metaphors of folders, files, recyclers, and paper shredders frequently to describe how information is stored and erased, ...