Arbitrations/a20090301.1
- Case Number: a20090301.1
- Status: closed (need an ack from Philipp Dunkel)
- Claimants: CAcert Board
- Respondents: Philipp Dunkel
- Complaint: CAcert disk destruction procedure has changed compared to the CAcert Board decision
short description of the complained
- Relief: destruction of the disks completed
- Case Manager: Guillaume Romagny
- Arbitrator: Guillaume Romagny
- Date of arbitration: 2009/03/01
Arbitration request from Philipp Dunkel :
The following events occurred the evening of the 28th of February 2009: Following the instruction from the board to destroy the Vienna disks and backups, Matthias Gassner and Oliver Maklott brought the disks from their secure location which had been managed by Matthias Subik. The sealed boxes were examined and declared to be untampered. The boxes were unsealed, in preparation for wiping and destroying. These Disks used to be the web-server disks as well as the signing server disks (later joined by backup disk from p.gühring) (To the contents of the disk can testify those that packed them in the sealed boxes and opened the seals only) After the containers they were sealed in were opened, it was discovered that three of the drives (from the signing server) were SCSI drives rather than the expected IDE drives. There was no equipment at hand to wipe these drives and all attempts to get that equipment in a timely manner (i.e.: that same night) failed. A separate but related issue is that the procedure to wipe critical drives was being proposed and modified at the time from a full 35-pass wipe to a single wipe, in the situation where the wipe was being done by the same members who did the destruction. At this point we discussed the options available and considered how to proceed. Present were at that time: Philipp Dunkel Ian Grigg Oliver Maklott Matthias Gassner Oliver Maklott and Matthias Gassner stated that the drives could not be returned to the secured location before Tuesday at the earliest. Since the drives could not be returned to a secure location, and because 4 eyes oversight of the security was not a reasonable alternative, the drives were entering a state of potential compromise and possible breach. Therefore, I as senior person present, decided that an emergency action was called for. 1. The disks would be physically destroyed. 2. The remnants of the disk platters would remain with me pending a decision on what to do with them by an arbitrator. 3. I would then file this dispute against myself and ask an arbitrator to evaluate the situation and rule to either confirm the actions or commit us to further remedial actions We then proceeded to destroy the drives by opening them up using a power cutter and using a power drill to destroy all the chips on drive controllers. The disk platters themselves were removed and their surfaces were destroyed using the power cutter and the platters cut in half. This process was witnessed by Ian Grigg, Philipp Gühring, Oliver Makalott, and Matthias Gassner. Furthermore the destruction of the disks was video-taped by Ian Grigg who is now in possession of the tape. As I now have the platters in my possession I would urge an arbitrator to be appointed the soonest and request an immediate ruling as to the disposition of these platters. Philipp Dunkel
Arbitration on March 2nd 2009 10h53, extract of the hearings between Guillaume Romagny and Philipp Dunkel. Ian Grigg is an observer.
preliminary comments :
Philipp Dunkel brought the issue to arbitration. I decided that the Claimant is CAcert Board as the Board agreement was not fulfilled properly, Philipp Dunkel as owner of the remains of the hard disk is the respondant of the case. We have to figure out if the destruction process was correct and what to do to correct/complete the Board agreement.
All other people commited in the process are considered to be witness of the case and are discharged from any involvement.
<Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : your report seems clear to me <Philipp Dunkel, Respondant> The first order of business is to have a decision on what should happen with those disk platters, since I'll get tired of carrying them around with me. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : the only way is to distroy the platters, what technical options do you propose ?(acid, fire) <Philipp Dunkel, Respondant> I believe that for all intents and purposes these platters are destroyed as in their information cannot be recovered. But I am not the person to decide that this is so. One thing you could do is just declare that the platters have been destroyed and that they are free to be disposed. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : please can you describe the way the platters are currently ? <Philipp Dunkel, Respondant> The are halved. And their surfaces have been sanded away with a power tool so that as far as I can tell there is no magnetized surface left. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : do you mean the platters have been cut into 2 pieces and there is no more magnetic surface remaing ? <Philipp Dunkel, Respondant> Yes that is what I am saying. Actually some have been cut into more pieces. <Guillaume Romagny, Arbitrator> So I can say as Arbitrator that the remains of the hard disks are no longer usable and the former datas on the disk are lost. So you can throw the remains of the disk to an appropriate disposal facility. <Philipp Dunkel, Respondant> You could say that. Are you saying that? <Ian Grigg, witness> what is "an appropriate disposal facility" ? <Philipp Dunkel, Respondant> Ian, please comment on the factuality of my statement as witnessed by you! <Ian Grigg, witness> I witnessed the platters cut in two. I also witnessed the substantial sanding of the platters. It was commented by Philipp Guering that some parts of the platters escaped the sanding process. <Philipp Dunkel, Respondant> Could you describe the parts that "escsaped" <Ian Grigg, witness> from my observation, there were spots of maybe 1cm squared <Philipp Dunkel, Respondant> Did the platters get hot during the process? (As heat does have an effect as well) <Ian Grigg, witness> ah good point, the platters did get hot during the process, too hot to touch <Guillaume Romagny, Arbitrator> ok, the remaining surface is small enough to consider the datas unusable. And after, the final disposal of the disk the case is closed/ <Philipp Dunkel, Respondant> Ok so what are your orders as to the disks? And what are your orders as to the process we followed. But that is up to you. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : put the disk in a garbage disposal I prefer 10 or 20 km far from you when you have the opportunity to go around from your place. <Philipp Dunkel, Respondant> So if I take the platters to Hannover Germany (900km from where they were destroyed or where I live) and throw them in the trash there it would be OK. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : I think the process of destruction of the disk is appropriate to ensure that the CAcert datas cannot be retrieved any longer. Once you have disposed of the remaining of the disk, you are freed from commitment regarding to the destruction of the disks <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : the longer is the better to drop the remains of the disk, it is up to you to choose the place, the longer from your home place is the better to my mind. <Philipp Dunkel, Respondant> Thank you. <Philipp Dunkel, Respondant> May I attempt to get an expert opinion from data rescue people at CeBit (computer fair) as to the suitability of the destruction for future operations? <Philipp Dunkel, Respondant> As I am going there tonight (arriving in the Morning) this would be something that can be done in short order. <Guillaume Romagny, Arbitrator> Ian Grigg, witness : ok I meant : please dispose the platters as much as possible in different place far from you. After : Case Closed. Please ack when you are done. There is no emergency so you have enough time to complete the task. <Ian Grigg, witness> nod <Guillaume Romagny, Arbitrator> The procedure you have follow seems fine but if you think we could do better for later destruction, please ask advice. <Guillaume Romagny, Arbitrator> Ian Grigg, witness, Philipp Dunkel, Respondant : Thanks for you attention and help. <Ian Grigg, witness> thank you. <Philipp Dunkel, Respondant> I think that the procedure of physical destruction could be suficient for the future. So I want to get input from more knowledgeable people whether it is. <Guillaume Romagny, Arbitrator> Philipp Dunkel, Respondant : ok fine !
Conclusions :
The destruction process was appropriate under the circumstances. So, the destruction of the disks is validated & acknowledged to the CAcert Board.
- The platters are to be disposed of in a regular garbage disposal at least 10km from known residence and office and better if they can be split in different places.
- Philipp Dunkel will be freed from commitment regarding to the destruction of the disks after disposal of the remains of the disks.
CASE CLOSED when Philipp Dunkel confirms the disposal of the platters.