Sale of Magnetic Data Tapes Previously Used by the Government
Presents a Low Security Risk (21-SEP-07, GAO-07-1233R).
The federal government widely uses magnetic tapes for data
storage and data recovery. According to allegations made by a
magnetic-tape company official, federal agencies are selling used
magnetic tapes containing sensitive government data to companies
which then resell them to the general public. While this is not
an illegal practice, Congress is concerned that magnetic tapes
containing sensitive government data have become available to the
public in this manner. There is no general legal requirement that
the government erase all data on all magnetic tapes before
disposing of them. However, the National Institute of Standards
and Technology (NIST) has issued guidelines that instruct
agencies to properly sanitize magnetic tapes with certain kinds
of sensitive data before they leave agency control. In its
guidelines, NIST defines sanitization as the general process of
removing data from storage media, such that there is reasonable
assurance that the data may not be easily retrieved and
reconstructed.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-1233R
ACCNO: A76570
TITLE: Sale of Magnetic Data Tapes Previously Used by the
Government Presents a Low Security Risk
DATE: 09/21/2007
SUBJECT: Accountability
Data recovery
Data storage
Data storage devices
Federal agencies
Government information
Information security
Information storage and retrieval
Information technology
Magnetic tapes
Risk assessment
Risk management
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-1233R
* [1]PDF6-Ordering Information.pdf
* [2]Order by Mail or Phone
United States Government Accountability Office Washington, DC 20548
September 21, 2007
The Honorable Joseph I. Lieberman
Chairman
The Honorable Susan Collins
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate
Subject: Sale of Magnetic Data Tapes Previously Used by the Government
Presents a Low Security Risk
The federal government widely uses magnetic tapes for data storage and
data recovery. According to allegations made by a magnetic-tape company
official, federal agencies are selling used magnetic tapes containing
sensitive government data to companies which then resell them to the
general public. While this is not an illegal practice, you are concerned
that magnetic tapes containing sensitive government data have become
available to the public in this manner. There is no general legal
requirement that the government erase all data on all magnetic tapes
before disposing of them. However, the National Institute of Standards and
Technology (NIST) has issued guidelines that instruct agencies to properly
sanitize magnetic tapes with certain kinds of sensitive data before they
leave agency control. ^[3]1 In its guidelines, NIST defines sanitization
as the general process of removing data from storage media, such that
there is reasonable assurance that the data may not be easily retrieved
and reconstructed.
We focused our investigation of this potential security risk by attempting
to determine whether the companies identified in the allegations are
purchasing used magnetic tapes from the federal government and reselling
them and, if so, whether we could recover data from used tapes that the
companies had resold. In conducting this investigation, we spoke with
representatives of five companies and visited two of these companies. We
obtained used magnetic tapes and tested them to see if any data could be
retrieved. To test the magnetic tapes for data, we used a combination of
commercially available equipment that a standard magnetic tape customer
would own as well as specialized diagnostic equipment. We did not
investigate all existing magnetic tape companies in the United States, but
focused on the five companies referred to us in the allegations. We did
not attempt to validate whether the companies we investigated disclosed
all of their business with the federal government. Furthermore, we did not
attempt to contact agencies to determine whether they sold tapes or to
determine whether they complied with NIST guidelines when selling used
magnetic tapes to companies. We did meet with NIST officials to discuss
their guidelines for media sanitization. We performed our investigation
from March through August 2007 in accordance with the quality standards
for investigations as set forth by the President's Council on Integrity
and Efficiency.
^1According to its Web site, NIST is a nonregulatory federal agency that
promotes U.S. innovation and industrial competitiveness by advancing
measurement science, standards, and technology in ways that enhance
economic security and improve quality of life. For this report we referred
to NIST, Guidelines for Media Sanitization, Special Publication 800-88
(Washington, D.C.: Sept. 2006). These guidelines do not apply to
classified data.
In summary, we could not find any comprehensible data on the used magnetic
tapes we tested. We obtained these tapes from the only company (of the
five we investigated) that told us it resells tapes purchased from the
federal government. Officials at this company told us that, before
reselling used tapes, most of them are sanitized using a process known as
degaussing. The degaussing process completely destroys any data on a tape,
preventing data recovery. However, the company told us that its process
for sanitizing tapes differs when reselling certain high-capacity-storage
tape formats. These formats contain a feature called a servo track, which
cannot be degaussed without rendering the tape unusable. Consequently,
tapes with servo tracks must be sanitized using a less thorough process
known as overwriting. The company also told us that it strips the labels
from used tapes before sanitizing them and that it was therefore
impossible to determine whether any used tape sold by the company had
originated with the federal government. Keeping this in mind, we obtained,
from the company, four magnetic tapes with servo tracks and eight without.
It is important to emphasize that there was no way to know whether we had
obtained tapes that originated with the government--our intent was to test
whether the tapes containing servo tracks could contain data after
overwriting. We could not find any comprehensible data on any of the tapes
using standard commercially available equipment and data recovery
techniques, specialized diagnostic equipment, custom programming, or
forensic analysis.
Background
The federal government has used magnetic tapes for data storage for over
50 years. Magnetic tapes are typically housed in cartridges or cassettes
and accessed using a tape drive. Although current computer disk technology
provides a viable storage medium for most applications, magnetic tape
continues to provide the government with an inexpensive means of backing
up mid- to large-sized mainframe systems in the event of a disaster or
system failure. The evolution of magnetic tape has seen the creation of
new tape formats, which has led to increased data storage capacity, speed,
accessibility, and other innovations. See figure 1 for an example of
different magnetic tape formats.
Figure 1: Examples of Standard Magnetic Tape Formats
Source: GAO.
Since some companies still manufacture magnetic tapes, government
agencies, businesses, and individuals can purchase new tapes that reflect
the latest innovations in magnetic tape technology. Used tapes may also be
purchased at a discount price from many of the same companies that sell
new tapes. A substantial secondary market exists for used magnetic tapes
in the United States. Before a company resells a used tape on the
secondary market, the company typically processes the tape and certifies
that it can be reused. There is no standard definition of a certified
tape. However, to ensure that used tapes are free of data when they are
resold, companies use two basic methods for sanitizing a magnetic
tape--overwriting and degaussing. While overwriting involves layering
randomized alphanumeric characters on top of the original information,
degaussing destroys the original information entirely. Overwritten data
may still be recoverable through forensic analysis. Alternatively, when a
magnetic tape is degaussed, the carefully arrayed magnetic particles
representing the data are scrambled. This renders the information on the
tape completely unrecoverable.
There does not appear to be any general legal requirement for federal
agencies to sanitize all data on all used magnetic tapes prior to selling
them to the public. According to NIST, agencies have four options for
sanitizing used magnetic tapes depending on the sensitivity of the
information contained on them. These four options are disposal,
overwriting (also called clearing), degaussing (also called purging), and
physical destruction. Disposal is the process of simply throwing away a
used magnetic tape without any special disposition given to it. According
to NIST, some magnetic tapes can be simply thrown out if disclosure of the
data would have no impact on organizational mission and would not damage
organizational assets, result in financial loss, or result in harm to any
individuals. If an agency determines a magnetic tape contains data that
would meet any of these criteria and could potentially have a negative
impact if disclosed, NIST guidelines recommend that tapes be degaussed or
destroyed before leaving an agency's control. Tapes that are simply
overwritten may contain data that are still recoverable using forensic
analysis. The final form of sanitization, physical destruction, should be
undertaken due to the high security categorization of the information or
for environmental reasons, and could include disintegration, incineration,
pulverizing, shredding, and melting.
Results of Investigation
All five companies we investigated sell products to the government.
However, only one company out of the five disclosed that it resells tapes
purchased from the federal government. According to documents received
from this company, they bought tapes from agencies including the National
Oceanic and Atmospheric Administration, the Federal Reserve Bank, and the
U.S. Air Force. They then resold the tapes on the secondary market. It was
outside the scope of this investigation to determine what kind of
sanitization process, if any, the tapes had undergone prior to leaving
their agencies of origin--in other words, we do not know whether agencies
followed NIST guidelines before selling their used tapes. According to
officials at the company that buys tapes from the government, it sanitizes
most tapes using the degaussing process before certifying and reselling
them. However, its process for erasing tapes differs when processing tapes
that contain servo tracks. These formats (e.g., LTO2 and 9840 tapes)
cannot be degaussed without rendering the tape unusable; tapes with servo
tracks must be sanitized using the less thorough overwriting process.
Furthermore, company officials told us that they strip the labels from
used tapes before sanitizing them and that it is therefore impossible to
know whether any used tape purchased from the company had originated with
the federal government.
To find out whether tapes sold by this company could contain recoverable
data, we obtained and tested 12 used tapes from this company. ^[4]2 It is
important to emphasize that there was no way to know whether we had
obtained tapes that originated with the government--our intent was to test
whether the tapes containing servo tracks could contain data after
overwriting. While four of these tapes--two LTO2 and two 9840
tapes--contained servo tracks, the others did not. The first phase of our
test was to use standard commercially available equipment to read the
tapes. We could not find any data on the tapes using this method.
Continuing with commercially available equipment, we then used several
standard data recovery techniques and commands to attempt to access data
on the tapes. After 2 days of work we could not find any data on the tapes
using this method. The final phase of our test was to use specialized
diagnostic equipment, custom programming, and forensic analysis. After 5
business days, we were able to recover small amounts of data (including
information related to graphic files) from the four tapes containing servo
tracks-- LT02 and 9840 tapes. The data we recovered were incomprehensible
and we could not confirm whether or not any of the tapes had originated
from the federal government based on the data. We are aware that further
work could have been performed to attempt to recover data from these
tapes, however, this work would
have represented a very expensive, intensive effort spanning months and,
potentially, years.
2We obtained a total of 12 tapes--2 of each of the LTO2, 9840, 3480, 3490E,
3590, and 3590E formats.
Conclusion
Based on the limited scope of work we performed, we conclude that the
selling of used magnetic tapes by the government represents a low security
risk, especially if government agencies comply with NIST guidelines in
sanitizing their tapes. Even if some data were recoverable from some tape
formats that had been overwritten to preserve their servo tracks, the data
may not be complete or even decipherable. Generally this investigation
does raise some questions about the lack of oversight regarding the
sanitization or disposal of used magnetic tapes by agencies. However, the
scope of our investigation was not large enough to project our conclusions
beyond the tape formats we investigated.
This report will be available at no charge on our Web site at
[5]http://www.gao.gov. If you or your staff have any questions about this
report, please contact me at (202) 5127455 or [6][email protected]. Contact
points for our Offices of Public Affairs and Congressional Relations may
be found on the last page of this report. GAO staff who made major
contributions to this report include John Ryan, Assistant Director; Monica
Perez Antatalio, Paul Desaulniers, Matthew Harris, Hal Lewis, Andrew
McIntosh, Kevin Metcalfe, and Kristen Plungas.
(192240)
References
Visible links
5. http://www.gao.gov/
6. mailto:[email protected]
*** End of document. ***