27 June 2007

Should Computers Have Internal Hard Drives?

We are entering the dawn of the era of "e-discovery" and identity theft. Right now, the industry norm is for people to do a great deal of work on a general purpose computer used in a business or home. Typically:

These computers have an internal hard drive. This internal hard drive is the primary locus of both executable programs and data while the computer is used. This is supplemented by data stored primarily on a server or on the Internet, often supplemented by temporary files containing the same made locally on an internal hard drive. Removable media are largely used to (1) install computer programs on internal hard drives, (2) as a "sneaker net" that moves data from one computer to another without transmitting it over a computer network, and (3) as a general backup of data.

Does this make sense?

It is perfectly feasible to place all of a computer's user installed data and executable programs on removable media, ideally, the executable progams on one removable medium, and the data on another. Why would someone want to do this?

1. Removable media are much easier to secure against theft or disaster. You can put a few disks in a single small locked drawer, rather than securing an entire office, and if fleeing a flood or hurricane, you can fit everything essential in your glove compartment or purse.
2. Inadvertent data transfers/security breaches accompanying hardware transfers would disappear.
3. This makes it much easier for a single user to seamlessly use multiple computer hardware stations.
4. This largely eliminates privacy concerns involved in having multiple users share the same hardware.
5. This makes it easier to troubleshoot whether you are dealing with a hardware or a software problem, which is otherwise often quite difficult.
6. This makes it easier and cheaper to take greater precautions with hard to replace data, than with easy to replace hardware.

Also, in business and large organization applications, employees could be given one "read only" removable medium, with things like applications and perhaps company policies. The company could keep a single copy of this for archival purposes while being able to truthfully say, when faced with an information disclosure request, that there dozens or hundreds of other read only disks don't need to searched.

Indeed, in businesses and large organizations, it might be helpful for work stations to have no ability to store data after a computer is turned off locally at all. Everything would be stored, as a matter of engineering possibility, only on the central server, where, in turn, all data would be stored in a removable form of media. Employees could have password protected personal files on the server, to control their own cyberspace, but not a personal off network hard drive space. Then, faced with a subpeona, for example, a custodian of records for the organization could search a single removable media device and accurately report that everything in the possession of the company had been reviewed and disclosed. Compliance would simply be a matter of creating a partial backup, and popping the medium upon which the disclosures were made in the mail.

3 comments:

Dave Barnes said...

Without an internal drive where would I store my porn?

John Homes said...

I keep track of removable media (not all of its porn) using a $39 product called Datacatch Librarian www.datacatch.com which addresses the "on what media is my porn stored" issue.

Anonymous said...

Andrew, you know me from engaging you on other forums on legal ethics issues (tiltawhirl on ColoradoPols & PeteSmith on ColoradoConfidential). I am a computer forensics examiner and provide e-discovery consulting for small to mid-size firms. The model that you describe in your article has, in essence, been around for years. More than a decade ago, if memory serves, Citrix (still in business) was a platform where Windows workstations were dumb terminals (no hard drives) and loaded up a one-instance-at-a-time operating system, which ran in volatile RAM and which was initially booted up over the thicknet. This model is, of course, still possible in offices and using, perhaps, better software, like VM Workstation. VMWare, in fact, is now used to create an array of virtual servers to meet a company's evolving needs and, which allows the sysadmins to scale up and down the CPU, memory and hard-drive allocation afforded to each virtual server. However, as a centralized (versus distributed) system, the success of the model depends on the core (the server side) being up at all times. Without fault tolerance and redundancy, if the server side is down, everyone is down.

As a side note, they do currently offer thumb drives with the entire bootable O/S on them. They are compatable with any machine, I assume, running an Intel or AMD x86-type processor and, which has sufficient RAM. I assume that the O/S writes to the page file (therefore assumes the presence of a hard drive).