'Erased' personal data on agency tapes can be retrieved, company says

Personal and sensitive government data -- including employees' personal data -- on magnetic tapes that federal agencies erase and later sell can be retrieved using simple technology, according to an investigation conducted by a storage tape manufacturer. The findings contradict a report released by the Government Accountability Office last year that concluded such data was irretrievable. From March through August 2007, GAO investigated if data could be retrieved from used magnetic tapes that federal agencies sell to commercial tape companies in the United States. Magnetic tapes are widely used by federal agencies, particularly for backing up data stored on large systems in the event of a disaster or system failure. The sample of tapes that GAO obtained came from such agencies as the Federal Reserve Bank, the Air Force and the National Oceanic and Atmospheric Administration. According to its September 2007 report (GAO-07-1233R), GAO concluded it could not find "any comprehensible data on any of the tapes using standard commercially available equipment and data recovery techniques, specialized diagnostic equipment, custom programming or forensic analysis." Selling used magnetic tapes is not illegal, GAO pointed out, and if agencies follow guidelines set by the National Institute of Standards and Technology for erasing all data, the risk of theft is low. "Based on the limited scope of work we performed, we conclude that the selling of used magnetic tapes by the government represents a low security risk, especially if government agencies comply with NIST guidelines in sanitizing their tapes," GAO concluded. "Even if some data were recoverable from some tape formats that had been overwritten to preserve their servo tracks, the data may not be complete or even decipherable."

But representatives from Imation, a magnetic data storage tape manufacturer in Oakdale, Minn., reviewed the used tapes examined by GAO. Using a tape drive, a standard personal computer and standard programming language, Imation reported being able to access bank account numbers, employee information, travel expense reports, audit procedures and results, employee savings plan balances and international tax benefits documents.

The results prompted Congress last week to ask GAO to reopen its investigation into agencies selling used magnetic tapes.

"If federal agencies are selling used magnetic storage tapes on the open market with this level of recoverable sensitive data available to anyone with minimum technical skills or equipment, we should all be alarmed and demanding greater accountability from federal agencies engaged in such sales," wrote Rep. Betty McCollum, D-Minn., in a letter to GAO in which she asked that the investigation be reopened. "The result of the work conducted by Imation clearly challenges the earlier GAO conclusion that used tapes represent a low security risk.… The fact remains that substantial amounts of highly sensitive government and personal data of citizens may be circulating in the open market on 'recertified' used tapes."

McCollum has called for GAO to identify which federal agencies resell tapes and confirm that all sensitive information is properly erased. She also has asked GAO to find out the processes used to ensure that sensitive data is fully erased, the standards for certifying that tapes are erased and the systems in place to monitor the dispositions of tapes by agencies or contractors. She asked for recommendations on how to improve oversight of such dispositions.

GAO could not be reached for comment.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.