Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

Gutmann, Andreas and Warner, Mark (2019) Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems. In: Privacy Technologies and Policy: 7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings. Lecture Notes in Computer Science (11498). Springer, pp. 45-58. ISBN 9783030217518

[img] Text
Gutmann, Warner - Fight to be Forgotten AAM.pdf - Accepted Version
Restricted to Repository staff only until 8 June 2020.

Download (1MB)
Official URL: http://dx.doi.org/10.1007/978-3-030-21752-5_4

Abstract

A long history of longitudinal and intercultural research has identified decommissioned storage devices (e.g., USB memory sticks) as a serious privacy and security threat. Sensitive data deleted by previous owners have repeatedly been found on second-hand USB sticks through forensic analysis. Such data breaches are unlikely to occur when data is securely erased, rather than being deleted. Yet, research shows people confusing these two terms. In this paper, we report on an investigation of possible causes for this confusion. We analysed the user interface of two popular operating systems and found: (1) inconsistencies in the language used around delete and erase functions, (2) insecure default options, and (3) unclear or incomprehensible information around delete and erase functions. We discuss how this could result in data controllers becoming non-compliant with a legal obligation for erasure, putting data subjects at risk of accidental data breaches from the decommissioning of storage devices. Finally, we propose improvements to the design of relevant user interface elements and the development of official guidelines for best practice on GDPR compatible data erasure procedures.

Item Type: Book Section
Uncontrolled Keywords: Privacy evaluation, Data erasure, GDPR, Cognitive Walkthrough
Subjects: G400 Computer Science
G500 Information Systems
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Paul Burns
Date Deposited: 24 Sep 2019 09:08
Last Modified: 11 Oct 2019 13:19
URI: http://nrl.northumbria.ac.uk/id/eprint/40826

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics


Policies: NRL Policies | NRL University Deposit Policy | NRL Deposit Licence