When Deleted Data is Recoverable
Does clicking delete really do what we think? In many cases, no. In his case study “Complete Delete,” Simson Garfinkel explores the phenomenon of remnant data on different systems like backups, caches and old devices. Modern devices prioritize accessibility at the cost of privacy.
Remnant Data
“Information is hard to delete, but information is hard to retain”
Multiple systems create copies of data when it is being written and read. Because of this, remnant data is often recoverable even after a user deletes it. For example, information on storage media is often not really deleted until it is overwritten with something else. Since storage media is increasing in size, sometimes information is never overwritten and still accessible.
Information Permanence
To approach this issue ethically, developers must be more transparent with users about how their data is stored. More companies should begin using a more secure system like AFPS. I think there should be more disclosure about where additional copies are stored. For example, if I delete a file on my computer that has been backed up, maybe it should direct me to the backup and tell me the file still exists there. There should also be more disclosure BEFORE a user creates something, like if there are copies of your data on an external system, a photos app should warn you before you are able to use the app.
There are definitely disadvantages of making deletion more permanent. Personally, I don’t know that I’ve ever recovered a recently deleted photo, but I definitely have used Time Machine backups on several occasions. I don’t think that law enforcement access is a valid reason to not fully delete content. I understand the concern but I think people’s privacy is more important.
Cryptographic Erasure for Photographs
I don’t know how I feel about cryptographic erasure for photographs. I have an affinity for photographs, since I both take photos with a digital camera and collect vintage photographs. I don’t think that modern photographs are that different in some aspects than physical media. For example, I’ve collected several tintype photographs that were created as early as the Civil War. Tintypes are some of the most fragile photographic artifacts because they are created by exposing collodion to silver nitrate and light on a plate of iron. They are vulnerable to cracking and bending and the image can flake off easily. Despite all these things, some photographs have survived over 150 years. Modern photographs both feel more fragile and more durable. On one hand you can just click delete and you no longer see the photograph in your library. But realistically it is likely it still exists somewhere.
I think it would be very difficult to incorporate complete cryptographic erasure of photographs while allowing easy access to editing and publishing them. As soon as you post a photo or send it to a friend, it is outside of your control. Copies can be saved, screenshotted and shared. I like the idea of cryptographic erasure especially for more sensitive data, but I don’t know that is feasible for everything. I don’t know that I would want to live in a world where every photo I take is so inaccessible.
Law Enforcement
US policymakers want the government to be able to monitor us by accessing encrypted content to prevent crime but don’t want to be vulnerable to attacks by other governments. I don’t think both of these things can exist at the same time. Personally, I don’t think law enforcement access is a valid reason to weaken encryption, but even if it was, you would be creating a backdoor for other governments to threaten the security of Americans.
Final Thoughts
How do we protect privacy while preserving history? This article made me think about some of the downsides of irreversible deletion. What if your phone is stolen and someone deletes everything from it? Ideally, you’d want to get your data back. I think there are potential cases where complete erasure could be a bad thing because it is making it easy for us to forget.