论文信息 - Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

A long history of longitudinal and intercultural research has identified decommissioned storage devices (e.g., USB memory sticks) as a serious privacy and security threat. Sensitive data deleted by previous owners have repeatedly been found on second-hand USB sticks through forensic analysis. Such data breaches are unlikely to occur when data is securely erased, rather than being deleted. Yet, research shows people confusing these two terms. In this paper, we report on an investigation of possible causes for this confusion. We analysed the user interface of two popular operating systems and found: (1) inconsistencies in the language used around delete and erase functions, (2) insecure default options, and (3) unclear or incomprehensible information around delete and erase functions. We discuss how this could result in data controllers becoming non-compliant with a legal obligation for erasure, putting data subjects at risk of accidental data breaches from the decommissioning of storage devices. Finally, we propose improvements to the design of relevant user interface elements and the development of official guidelines for best practice on GDPR compatible data erasure procedures.

Mark Warner | Andreas Gutmann

[1] Craig Valli,et al. A UK and Australian Study of Hard Disk Disposal , 2005, Australian Computer, Network & Information Forensics Conference.

[2] Bradley Glisson,et al. Investigating Information recovered from Re-sold Mobile Devices , 2010 .

[3] Marita Franzke,et al. Usability evaluation with the cognitive walkthrough , 1995, CHI 95 Conference Companion.

[4] Rick Spencer,et al. The streamlined cognitive walkthrough method, working around social constraints encountered in a software development company , 2000, CHI.

[5] Craig Valli,et al. The 2008 analysis of information remaining on disks offered for sale on the second hand market , 2009 .

[6] Patricia A. H. Williams,et al. An investigation into remnant data on USB storage devices sold in Australia creating alarming concerns , 2017 .

[7] Stacey R. Finkelstein,et al. Recommendations Implicit in Policy Defaults , 2006, Psychological science.

[8] Craig Valli,et al. The 2009 analysis of information remaining on USB storage devices offered for sale on the second hand market , 2009 .

[9] Mojtaba Al Fardan,et al. Is your data gone?: measuring user perceptions of deletion , 2016, STAST.

[10] Christophe Kolski,et al. State of the Art on the Cognitive Walkthrough Method, Its Variants and Evolutions , 2010, Int. J. Hum. Comput. Interact..

[11] Will Luers. The Social Machine: Designs for Living Online , 2016, Leonardo.