2015-07-21

The Data Deletion Myth

Unless you're one of their users, you probably chuckled when you heard AshleyMadison.com was hacked. After you had your laugh, I hope you realized there's a bigger issue that affects us all. Yes, it's about privacy. But it has nothing to do with hacking. It's about data--and the near inability to delete it.

To recap, the AshleyMadison hackers claim the company's "full delete" service--which promises to fully erase a user's profile and all related data, for a fee--is bullshit. They say AshleyMadison never really deletes the data, and you get nothing for your money.

As a database administrator, I have a pretty good idea of what happens to data after it is acquired. It gets backed up on a regular basis, often every hour or less. * For really big companies, it might be as frequently as every few minutes. Soon after the data is backed up, it gets replicated (copied) to an offsite location. Within minutes, there are three sets of data in two physical locations. Over the weekend, the data gets backed up again. This time to a more long-lasting media (ie. tape), then shipped to Iron Mountain. Ten days later, a developer has to fix a website bug and needs a copy of the original data (because he/she can't reproduce the bug in their "test" environment). A month later, the data is provided to the feds because of a court order, or given to the public via a Freedom of Information Act request. I think you get the picture.

How could someone possibly "delete" that data? Copies of data beget other copies of the data. Trying to delete it is a game of digital whack-a-mole. What if AshleyMadison really did "delete" the data before they got hacked? Do you think they got all of it?

Maybe you were never an AshleyMadison user. And maybe you don't care. But you should. Your personal data gets loaded into data systems at every turn. A grocery store clerk scans your drivers license to "verify your age" whenever you buy beer or wine. A brick and mortar retailer asks for your zip code at check out--and you give it to them. Law enforcement agencies track you while "looking for the bad guys". Your Android phone automatically uploads your pics to Google's cloud.

Go ahead and laugh at those poor saps that got busted for visiting a morally questionable web site. But know this: your personal information is regularly disseminated. And the moment someone else gets a hold of it, you completely and utterly lose all control of it.


SHARE