Actually, Clinton Should Have Destroyed Her Phones Better
Following Friday afternoon’s FBI release of documents about Hillary Clinton’s private email servers, Julian Assange, CNN, and Donald Trump have all railed against the revelation that her aide smashed two of her 13 private BlackBerrys with a hammer in an attempt to destroy them. Trump, with his usual talent for avoiding nuance, summed up the criticism: “People who have nothing to hide don’t smash phones with hammers.” But ask a few security and forensics experts, and they’ll tell you Clinton’s mistake wasn’t destroying the devices. If anything, it she should have wrecked them more thoroughly.
Whether you’re a Secretary of State with a phone full of classified documents or an average sext-sending citizen, data removal is a crucial security step before you let a device leave your control or recycle it. And security experts agree there’s at least one surefire way to be certain that data is truly removed and unrecoverable: kill the hardware. “You destroy that certain piece that’s storing the critical information, and there’s little chance you’re going to get it back,” says Eric Brown, a lab manager at the forensic data-recovery firm Flashback Data. “It doesn’t matter how much money you throw at it or how much experience you have.”
If Clinton had in fact used a federally-issued Blackberry like President Obama does, it might well have been destroyed after she used it, too. In accordance with a 2012 General Services Administration bulletin, all agencies must either recycle or donate used electronics for reuse. The State Department abides by that policy, too; if Clinton had been using State-issued devices, they would have gone through a similar, if more standardized, process of data deletion. A State Department official explained in a statement to WIRED that “department security policies mandate that all electronic devices are cleared of sensitive or classified information prior to reuse or disposal.” Some devices are wiped and reused, in other words, while others are destroyed as part of the recycling process.
There are plenty of ways to approach data destruction through software-based deletion or overwriting. But hardware destruction has the advantage of simplicity; An amateur might not be certain that a software deletion tool has rendered data unrecoverable against advanced forensic techniques, given that it is sometimes possible to restore “deleted” data. In mechanical hard drives, for example, the system may mark data as deleted but leave it in place until it is overwritten by new inputs. But smash storage hardware to small enough bits, and not even the cleverest forensic techniques can put the data back together coherently. “You can easily physically destroy things,” says Brown. “You just need to make sure you’re thorough in doing it.”
The real issue with the Clinton staff’s practice of destroying her Blackberrys is that question of thoroughness. The same staffer who bought and set up Clinton’s server told the FBI that of the 13 BlackBerry smartphones Clinton used while at the State Department, there were “two instances where he destroyed Clinton’s old mobile devices by breaking them in half or hitting them with a hammer,” according to the FBI’s report. In a situation like Clinton’s, there’s no way to know whether breaking a device in half or wailing on it with a Ball-Peen actually destroyed the memory chip holding the phone’s data. “Destruction doesn’t always mean destroyed,” Brown says.
On the question of transparency rather than security, none of this should let Clinton off the hook entirely. It’s still not clear whether her efforts to eliminate her data were motivated by the desire to conceal information as her critics imply or dedication to information security—or a bit of both. But given that Clinton was relying on a handful of aides with limited resources to act as her entire IT infrastructure, it was the right idea from a security standpoint to attempt to destroy the devices rather than letting them sit exposed in a local Goodwill, says Jonathan Zdziarski, an iOS forensics expert and security researcher. He says the FBI report “shows that [Clinton’s aides] were very serious about wanting to destroy the content, but very inexperienced with how to do it.”
Like Brown, he questions whether the destruction techniques cited in the FBI report would be enough. “Smashing a device is effective, but if you leave that storage chip intact and it can be transplanted then you’ve done nothing.” Zdziarski says he would rely on digital erasure using a secure wipe protocol as a first step before he resorted to physical demolition. But if he were looking to wreck a BlackBerry, his own tactics would include “a blender and fire.”
Clinton’s approach to her phones and their disposal, in other words, may have fit with her overall track record for handling sensitive data, which FBI director James Comey has himself described as “extremely careless.” But the worst screwups she and her staff made, like setting up her private server outside the federal government’s protection and losing a backup of those emails on a computer sent through the mail, were moves that threatened to let sensitive data leak, not make it disappear. Friday’s FBI release even showed that one of Bill Clinton’s staffers, who was using the same private email server, was actually hacked and had her emails and attachments accessed by that intruder.
Clinton clearly committed some gross errors in judgment in her IT decisions. But having her aides bust out a hammer wasn’t one of them. If anything, it should have been a jackhammer.