Sale of Magnetic Data Tapes Previously Used by the Government Presents a Low Security Risk
Gao ID: GAO-07-1233R September 21, 2007The federal government widely uses magnetic tapes for data storage and data recovery. According to allegations made by a magnetic-tape company official, federal agencies are selling used magnetic tapes containing sensitive government data to companies which then resell them to the general public. While this is not an illegal practice, Congress is concerned that magnetic tapes containing sensitive government data have become available to the public in this manner. There is no general legal requirement that the government erase all data on all magnetic tapes before disposing of them. However, the National Institute of Standards and Technology (NIST) has issued guidelines that instruct agencies to properly sanitize magnetic tapes with certain kinds of sensitive data before they leave agency control. In its guidelines, NIST defines sanitization as the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.
In summary, we could not find any comprehensible data on the used magnetic tapes we tested. We obtained these tapes from this company because it was the only one out of five companies that told us it resells tapes purchased from the federal government. Officials at this company told us that, before reselling used tapes, most of them are sanitized using a process known as degaussing. The degaussing process completely destroys any data on a tape, preventing data recovery. However, the company told us that its process for sanitizing tapes differs when reselling certain high-capacity-storage tape formats. These formats contain a feature called a servo track, which cannot be degaussed without rendering the tape unusable. Consequently, tapes with servo tracks must be sanitized using a less thorough process known as overwriting. The company also told us that it strips the labels from used tapes before sanitizing them and that it was therefore impossible to determine whether any used tape sold by the company had originated with the federal government. Keeping this in mind, we obtained, from the company, four magnetic tapes with servo tracks and eight without. It is important to emphasize that there was no way to know whether we had obtained tapes that originated with the government--our intent was to test whether the tapes containing servo tracks could contain data after overwriting. We could not find any comprehensible data on any of the tapes using standard commercially available equipment and data recovery techniques, specialized diagnostic equipment, custom programming, or forensic analysis. Based on the limited scope of work we performed, we conclude that the selling of used magnetic tapes by the government represents a low security risk, especially if government agencies comply with NIST guidelines in sanitizing their tapes. Even if some data were recoverable from some tape formats that had been overwritten to preserve their servo tracks, the data may not be complete or even decipherable. Generally this investigation does raise some questions about the lack of oversight regarding the sanitization or disposal of used magnetic tapes by agencies. However, the scope of our investigation was not large enough to project our conclusions beyond the tape formats we investigated.
GAO-07-1233R, Sale of Magnetic Data Tapes Previously Used by the Government Presents a Low Security Risk
This is the accessible text file for GAO report number GAO-07-1233R
entitled 'Sale of Magnetic Data Tapes Previously Used by the Government
Presents a Low Security Risk' which was released on September 21, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office: GAO:
September 21, 2007:
The Honorable Joseph I. Lieberman:
Chairman:
The Honorable Susan Collins:
Ranking Member:
Committee on Homeland Security and Governmental Affairs: United States
Senate:
Subject: Sale of Magnetic Data Tapes Previously Used by the Government
Presents a Low Security Risk:
The federal government widely uses magnetic tapes for data storage and
data recovery. According to allegations made by a magnetic-tape company
official, federal agencies are selling used magnetic tapes containing
sensitive government data to companies which then resell them to the
general public. While this is not an illegal practice, you are
concerned that magnetic tapes containing sensitive government data have
become available to the public in this manner. There is no general
legal requirement that the government erase all data on all magnetic
tapes before disposing of them. However, the National Institute of
Standards and Technology (NIST) has issued guidelines that instruct
agencies to properly sanitize magnetic tapes with certain kinds of
sensitive data before they leave agency control.[Footnote 1] In its
guidelines, NIST defines sanitization as the general process of
removing data from storage media, such that there is reasonable
assurance that the data may not be easily retrieved and reconstructed.
We focused our investigation of this potential security risk by
attempting to determine whether the companies identified in the
allegations are purchasing used magnetic tapes from the federal
government and reselling them and, if so, whether we could recover data
from used tapes that the companies had resold. In conducting this
investigation, we spoke with representatives of five companies and
visited two of these companies. We obtained used magnetic tapes and
tested them to see if any data could be retrieved. To test the magnetic
tapes for data, we used a combination of commercially available
equipment that a standard magnetic tape customer would own as well as
specialized diagnostic equipment. We did not investigate all existing
magnetic tape companies in the United States, but focused on the five
companies referred to us in the allegations. We did not attempt to
validate whether the companies we investigated disclosed all of their
business with the federal government. Furthermore, we did not attempt
to contact agencies to determine whether they sold tapes or to
determine whether they complied with NIST guidelines when selling used
magnetic tapes to companies. We did meet with NIST officials to discuss
their guidelines for media sanitization. We performed our investigation
from March through August 2007 in accordance with the quality standards
for investigations as set forth by the President's Council on Integrity
and Efficiency.
In summary, we could not find any comprehensible data on the used
magnetic tapes we tested. We obtained these tapes from the only company
(of the five we investigated) that told us it resells tapes purchased
from the federal government. Officials at this company told us that,
before reselling used tapes, most of them are sanitized using a process
known as degaussing. The degaussing process completely destroys any
data on a tape, preventing data recovery. However, the company told us
that its process for sanitizing tapes differs when reselling certain
high-capacity-storage tape formats. These formats contain a feature
called a servo track, which cannot be degaussed without rendering the
tape unusable. Consequently, tapes with servo tracks must be sanitized
using a less thorough process known as overwriting. The company also
told us that it strips the labels from used tapes before sanitizing
them and that it was therefore impossible to determine whether any used
tape sold by the company had originated with the federal government.
Keeping this in mind, we obtained, from the company, four magnetic
tapes with servo tracks and eight without. It is important to emphasize
that there was no way to know whether we had obtained tapes that
originated with the government--our intent was to test whether the
tapes containing servo tracks could contain data after overwriting. We
could not find any comprehensible data on any of the tapes using
standard commercially available equipment and data recovery techniques,
specialized diagnostic equipment, custom programming, or forensic
analysis.
Background:
The federal government has used magnetic tapes for data storage for
over 50 years. Magnetic tapes are typically housed in cartridges or
cassettes and accessed using a tape drive. Although current computer
disk technology provides a viable storage medium for most applications,
magnetic tape continues to provide the government with an inexpensive
means of backing up mid-to large-sized mainframe systems in the event
of a disaster or system failure. The evolution of magnetic tape has
seen the creation of new tape formats, which has led to increased data
storage capacity, speed, accessibility, and other innovations. See
figure 1 for an example of different magnetic tape formats.
Figure 1: Examples of Standard Magnetic Tape Formats:
This is a photograph of various types of magnetic tape formats.
[See PDF for image]
[End of figure]
Since some companies still manufacture magnetic tapes, government
agencies, businesses, and individuals can purchase new tapes that
reflect the latest innovations in magnetic tape technology. Used tapes
may also be purchased at a discount price from many of the same
companies that sell new tapes. A substantial secondary market exists
for used magnetic tapes in the United States. Before a company resells
a used tape on the secondary market, the company typically processes
the tape and certifies that it can be reused. There is no standard
definition of a certified tape. However, to ensure that used tapes are
free of data when they are resold, companies use two basic methods for
sanitizing a magnetic tape--overwriting and degaussing. While
overwriting involves layering randomized alphanumeric characters on top
of the original information, degaussing destroys the original
information entirely. Overwritten data may still be recoverable through
forensic analysis. Alternatively, when a magnetic tape is degaussed,
the carefully arrayed magnetic particles representing the data are
scrambled. This renders the information on the tape completely
unrecoverable.
There does not appear to be any general legal requirement for federal
agencies to sanitize all data on all used magnetic tapes prior to
selling them to the public. According to NIST, agencies have four
options for sanitizing used magnetic tapes depending on the sensitivity
of the information contained on them. These four options are disposal,
overwriting (also called clearing), degaussing (also called purging),
and physical destruction. Disposal is the process of simply throwing
away a used magnetic tape without any special disposition given to it.
According to NIST, some magnetic tapes can be simply thrown out if
disclosure of the data would have no impact on organizational mission
and would not damage organizational assets, result in financial loss,
or result in harm to any individuals. If an agency determines a
magnetic tape contains data that would meet any of these criteria and
could potentially have a negative impact if disclosed, NIST guidelines
recommend that tapes be degaussed or destroyed before leaving an
agency's control. Tapes that are simply overwritten may contain data
that are still recoverable using forensic analysis. The final form of
sanitization, physical destruction, should be undertaken due to the
high security categorization of the information or for environmental
reasons, and could include disintegration, incineration, pulverizing,
shredding, and melting.
Results of Investigation:
All five companies we investigated sell products to the government.
However, only one company out of the five disclosed that it resells
tapes purchased from the federal government. According to documents
received from this company, they bought tapes from agencies including
the National Oceanic and Atmospheric Administration, the Federal
Reserve Bank, and the U.S. Air Force. They then resold the tapes on the
secondary market. It was outside the scope of this investigation to
determine what kind of sanitization process, if any, the tapes had
undergone prior to leaving their agencies of origin--in other words, we
do not know whether agencies followed NIST guidelines before selling
their used tapes. According to officials at the company that buys tapes
from the government, it sanitizes most tapes using the degaussing
process before certifying and reselling them. However, its process for
erasing tapes differs when processing tapes that contain servo tracks.
These formats (e.g., LTO2 and 9840 tapes) cannot be degaussed without
rendering the tape unusable; tapes with servo tracks must be sanitized
using the less thorough overwriting process. Furthermore, company
officials told us that they strip the labels from used tapes before
sanitizing them and that it is therefore impossible to know whether any
used tape purchased from the company had originated with the federal
government.
To find out whether tapes sold by this company could contain
recoverable data, we obtained and tested 12 used tapes from this
company.[Footnote 2] It is important to emphasize that there was no way
to know whether we had obtained tapes that originated with the
government--our intent was to test whether the tapes containing servo
tracks could contain data after overwriting. While four of these tapes-
-two LTO2 and two 9840 tapes--contained servo tracks, the others did
not. The first phase of our test was to use standard commercially
available equipment to read the tapes. We could not find any data on
the tapes using this method. Continuing with commercially available
equipment, we then used several standard data recovery techniques and
commands to attempt to access data on the tapes. After 2 days of work
we could not find any data on the tapes using this method. The final
phase of our test was to use specialized diagnostic equipment, custom
programming, and forensic analysis. After 5 business days, we were able
to recover small amounts of data (including information related to
graphic files) from the four tapes containing servo tracks--LT02 and
9840 tapes. The data we recovered were incomprehensible and we could
not confirm whether or not any of the tapes had originated from the
federal government based on the data. We are aware that further work
could have been performed to attempt to recover data from these tapes,
however, this work would have represented a very expensive, intensive
effort spanning months and, potentially, years.
Conclusion:
Based on the limited scope of work we performed, we conclude that the
selling of used magnetic tapes by the government represents a low
security risk, especially if government agencies comply with NIST
guidelines in sanitizing their tapes. Even if some data were
recoverable from some tape formats that had been overwritten to
preserve their servo tracks, the data may not be complete or even
decipherable. Generally this investigation does raise some questions
about the lack of oversight regarding the sanitization or disposal of
used magnetic tapes by agencies. However, the scope of our
investigation was not large enough to project our conclusions beyond
the tape formats we investigated.
This report will be available at no charge on our Web site at
[hyperlink, http://www.gao.gov]. If you or your staff have any
questions about this report, please contact me at (202) 512-7455 or
kutzg@gao.gov. Contact points for our Offices of Public Affairs and
Congressional Relations may be found on the last page of this report.
GAO staff who made major contributions to this report include John
Ryan, Assistant Director; Monica Perez Antatalio, Paul Desaulniers,
Matthew Harris, Hal Lewis, Andrew McIntosh, Kevin Metcalfe, and Kristen
Plungas.
Signed by:
Gregory D. Kutz:
Managing Director, Forensic Audits and Special Investigations:
Signed by:
Keith Rhodes:
Chief Technologist:
(192240)
[End of section]
FOOTNOTES
[1] According to its Web site, NIST is a nonregulatory federal agency
that promotes U.S. innovation and industrial competitiveness by
advancing measurement science, standards, and technology in ways that
enhance economic security and improve quality of life. For this report
we referred to NIST, Guidelines for Media Sanitization, Special
Publication 800-88 (Washington, D.C.: Sept. 2006). These guidelines do
not apply to classified data.
[2] We obtained a total of 12 tapes--2 of each of the LTO2, 9840, 3480,
3490E, 3590, and 3590E formats.
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site [hyperlink,
http://www.gao.gov] contains abstracts and full-text files of current
reports and testimony and an expanding archive of older products. The
Web site features a search engine to help you locate documents using
key words and phrases. You can print these documents in their entirety,
including charts and other graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
[hyperlink, http://www.gao.gov] and select "Subscribe to e-mail alerts"
under the "Order GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office: 441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov: (202) 512-4400:
U.S. Government Accountability Office: 441 G Street NW, Room 7125:
Washington, DC 20548:
Public Affairs:
Susan Becker, Acting Manager, BeckerS@gao.gov: (202) 512-4800:
U.S. Government Accountability Office: 441 G Street NW, Room 7149:
Washington, DC 20548:
