Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« Burmese Government Seizing UN Hard Drives | Main | Cheap Cell Phone Jammer »

October 9, 2007

Mesa Airlines Destroys Evidence

How not to delete evidence. First, do something bad. Then, try to delete the data files that prove it. Finally, blame it on adult content.

Hawaiian alleged Murnane -- who was placed on a 90-leave by Mesa's board last week -- deleted hundreds of pages of computer records that would have shown that Mesa misappropriated the Hawaiian information.

But Mesa says any deletion was not intentional and they have copies of the deleted files.

"He (Murnane) was cruising on adult Web sites," said Mesa attorney Max Blecher in a court hearing yesterday. Murnane was just trying to delete the porn sites, he said.

EDITED TO ADD (11/6): In the aftermath, the CFO got fired and Mesa got hit with an $80 million judgment. Ouch.

Posted on October 9, 2007 at 2:02 PM14 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Max BelchOctober 9, 2007 2:51 PM

> How not to delete evidence.
The cover-up they attempted seems kind of logical. How should they have deleted the evidence?

Spot MainOctober 9, 2007 3:21 PM

So we're never allowed to delete our browsing history, cookies, etc.?

John DaviesOctober 9, 2007 3:38 PM

Interesting to compare this story with the previous entry about the UN spending the weekend deleting files.

Here's hoping that the UN's backup strategy is not as good as Mesa.

Bruce SchneierOctober 9, 2007 4:03 PM

I believe the Mesa file deletion happened after the court order requiring them to turn the data over. It's a crime.

I'm all for deleting browing history, cookies, etc, at regular intervals, and have my computer set up to do it automatically.

Bruce SchneierOctober 9, 2007 4:04 PM

"Here's hoping that the UN's backup strategy is not as good as Mesa."

Deleting data is actually very hard.

JosephOctober 9, 2007 4:12 PM

"I believe the Mesa file deletion happened after the court order requiring them to turn the data over."

That's the key point. Deleting files at will is fine. Doing it after you have been ordered by a court to provide those files is not.

JojoOctober 9, 2007 4:22 PM

Here's an article on e-discovery (legal issues) worth reading:

http://www.ciostrategycenter.com/...

Sum Dum GuyOctober 9, 2007 11:52 PM

Ain't that the way it always is - haole stealing from the hawaiian!!!

Steve ParkerOctober 10, 2007 2:54 AM

"But Mesa says any deletion was not intentional and they have copies of the deleted files."

Given that they admit they have backups of the deleted files, they can't be claiming that they have accidentally lost any data.

4kb and uphill both waysOctober 10, 2007 10:00 AM

This month's ;login: has an article by Alexander Muentz on IT aspects of preparing for litigation.

jayhOctober 10, 2007 10:23 AM

I love the pornography defense.. a kind of plausible deniability??

Some years ago someone suggested that private steganographic messages be hidden in porn files, as it would make a good cover for secretively downloading and keeping lots of images.

KashmarekOctober 10, 2007 5:28 PM

And when all of that fails, check into rehab. To hide, presumably.

Guitar ManOctober 21, 2007 11:08 PM

Actually, there are laws that require the maintenance of specific types of records for business and legal purposes.

So you can't delete some records at all.

For example, the Federal Government must backup and keep ALL emails, written documents, and electronic documents forever.

If you work for the Feds, you have no secrets on your computer.

There is also the issue of recovery. Good techs with the right tools and software can recover data at least as many as 10 to 20 generations back or more.

That is why file scrubber software often writes patterns over and over thousands of times to "clean" a hard disk. Usually bits of 1's and 0's in various patterns

Exactly how many layers that can really be recovered is dependant on the current state of the art technology.

The top of the line stuff is likely classified and in the hands of the government. The NSA, CIA, or the Military.

EduardoJuly 24, 2008 1:29 PM

It's funny that they spoke out of both sides of their mouth... 1st John O says we keep copies then we don't have copies.
Could the data have been so damning that they decided to let Murdane take a fall because better one than all?

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier