Following Friday afternoon’s FBI release of documents about Hillary Clinton’s private email servers, Julian Assange , CNN , and Donald Trump have all railed against the revelation that her aide smashed two of her 13 private BlackBerrys with a hammer in an attempt to destroy them. Trump, with his usual talent for avoiding nuance, summed up the criticism: “People who have nothing to hide don’t smash phones with hammers.” But ask a few security and forensics experts, and they’ll tell youClinton’s mistake wasn’t destroying the devices. Ifanything, it she should have wrecked them more thoroughly.
Whether you’re a Secretary of State with a phone full of classified documents or an average sext-sending citizen, data removal is a crucial security step before you let a device leave your control or recycle it. And security experts agree there’s at least one surefire way to be certainthat data is truly removed and unrecoverable: killthe hardware. “You destroy that certain piece that’s storing the critical information, and there’s little chance you’re going to get it back,” saysEric Brown, a lab manager at the forensic data-recovery firm Flashback Data. “It doesn’t matter how much money you throw at it or how much experience you have.”
IfClinton had in fact used a federally-issued Blackberry like President Obama does, it mightwell have beendestroyed after she used it, too. In accordance with a 2012 General Services Administration bulletin , all agencies must either recycle or donate used electronics for reuse. The State Department abides by that policy, too; if Clinton had been using State-issued devices, they would have gone through a similar, if more standardized, process ofdata deletion. A State Department official explained in a statement to WIRED that “department security policies mandate that all electronic devices are cleared of sensitive or classified information prior to reuse or disposal.” Some devices are wiped and reused, in other words, while others aredestroyed as part of the recycling process.
There are plenty ofways to approach data destructionthrough software-based deletion oroverwriting. But hardware destruction has the advantage of simplicity; An amateur might not be certain that a software deletion tool has rendered data unrecoverable against advanced forensic techniques, given that it is sometimes possible to restore“deleted” data. In mechanical hard drives, for example, the systemmay mark data asdeleted but leave it in placeuntilit is overwritten by new inputs. Butsmash storagehardware to small enough bits, and not even the cleverest forensic techniques can put the data back together coherently. “You can easily physically destroy things,” says Brown. “You just need to make sure you’re thorough in doing it.”
The real issuewith the Clinton staff’s practice of destroying her Blackberrys is that questionof thoroughness. The same staffer who bought and set up Clinton’s server told the FBI that of the 13 BlackBerry smartphones Clintonused while at the State Department, there were “two instances where he destroyed Clinton’s old mobile devices by breaking them in half or hitting them with a hammer,” according to the FBI’s report. In a situation like Clinton’s, there’s no way to know whether breaking a device in half or wailing on it with a Ball-Peen actually destroyed the memory chip holding the phone’s data. “Destruction doesn’t always mean destroyed,” Brown says.
On the question of transparency rather than security, none of this should let Clinton off the hook entirely. It’s still not clear whether her effortsto eliminateher data were motivated by the desire to conceal information as her critics imply or dedication to information security―or a bit of both. But given that Clinton was relying on a handful of aides with limited resources to act as her entire IT infrastructure, it was the right idea from a security standpoint to attempt to destroy the devices rather than letting them sit exposed in a local Goodwill, says Jonathan Zdziarski, an iOS forensics expert and security researcher. Hesays the FBI report “shows that [Clinton’s aides] were very serious about wanting to destroy the content, but very inexperienced with how to do it.”Like Brown, he questions whether the destruction techniques cited in the FBI report would be enough.“Smashing a device is effective, but if you leave that storage chip intact and it can be transplanted then you’ve done nothing.” Zdziarski says he would rely on digital erasure using a secure wipe protocol as a first step before he resortedto physical demolition. But if he were looking to wreck a BlackBerry, his own tactics would include “a blender and fire.”
Clinton’sapproach to her phones and their disposal, in other words, may havefitwith her overall track record for handling sensitive data, which FBI director James Comey has himselfdescribed as“extremely careless.” But the worst screwups she and her staff made, like setting up her private server outside the federal government’s protection and losing a backup of those emails on a computer sent through the mail , were moves that threatened to let sensitive data leak , not make it disappear. Friday’s FBI release even showed that one of Bill Clinton’s staffers, who was using the same private email server,was actually hackedand had her emails and attachments accessed by that intruder.
Clinton clearly committed somegross errors in judgment in her IT decisions. But having her aides bust out a hammer wasn’t one of them. If anything, it should have been a jackhammer.
