Legality of drive wiping

[bradmcmahon at gmail.com (Bradley McMahon)]

First I am not a lawyer.

If you are not being prosecuted for a crime but they suspect that data on
your machine may hold evidence then it is their responsibility to get a
subpoena and seize the machine. I think to slap you with anything they would
have to prove that you were aware of said data and said
data actually existed. If they can slap you with that, then I would be more
worried about being charged as an accessory to the crime. I find it really
hard for them to slap an individual for this unless they for sure the data
is on your drives and you intentionally deleted the data.

If you are being prosecuted for a crime, I believe if the police or who ever
doesn't seize your computer(s) within a decent amount of time and with out
alerting you then it's their own damn fault.

Jennifer Granick from the EFF gave a talk at noisebridge that answers
questions that are similar. here is a video of it:
http://blip.tv/file/2949647

-Brad



On Mon, Jan 11, 2010 at 11:59 AM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> Hi all,
>     I'm working on a new article that tries to answer the following
> question:
>
> When is expunging data valid to keep avoid e-discovery costs or protect
> personal privacy, and when would it be considered "destruction of evidence"?
> Is having set policy of "records are delete every x days," or "free hard
> drive space is wiped nightly" enough, or is more required?
>
>     The above question is phrased from the stand point of a business, but I
> must admit I?m more interested in the answer from an individual standpoint.
> For those not in the know, wiping a drive after an investigation had begun
> (or if you have a reasonable expectation to believe a legal investigation it
> about to begin) is considered ?Destruction of evidence? or ?Spoliation of
> evidence?. Once an investigation is likely to begin, you have what is known
> as a ?duty to preserve?. Two likely outcomes if you are found to have caused
> spoliation of evidence are: 1. Prosecution under criminal statues concerning
> destruction of evidence (check with a layer in your jurisdiction). 2. The
> judge may slap you with a ?spoliation-based adverse inference?, which
> basically means a statement saying that since you destroyed evidence, it is
> likely there was something incriminating there, and the court should assume
> it would have help your adversary?s case. Now all that said there are
> exceptions made for data that has been removed because of normal, routine
> processes.
>
>    I can think of many valid reasons for wiping a drives freespace
> routinely:
>
> 1. Protect privacy from others with physical access.
> 2. Fear that the machine might be stolen.
> 3. Donating the machine.
> 4. Reallocating the machine to someone of a different security level.
>
> But would that hold up in a court case? I'm having problems finding case
> law. I'd imagine no matter what your reasons, prosecuters will try to get a
> ?spoliation-based adverse inference? judgment against you if any drive
> wiping had been detected. Anyone have experience with this, or know a case
> where someone did drive wiping for privacy reasons, but the prosecution
> tried to make it seem like destruction of evidence that may never have been
> there in the first place?
>
>
> Adrian
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100111/1f354149/attachment.htm