Mesa Airlines Destroys Evidence

How not to delete evidence. First, do something bad. Then, try to delete the data files that prove it. Finally, blame it on adult content.

Hawaiian alleged Murnane -- who was placed on a 90-leave by Mesa's board last week -- deleted hundreds of pages of computer records that would have shown that Mesa misappropriated the Hawaiian information.

But Mesa says any deletion was not intentional and they have copies of the deleted files.

"He (Murnane) was cruising on adult Web sites," said Mesa attorney Max Blecher in a court hearing yesterday. Murnane was just trying to delete the porn sites, he said.

EDITED TO ADD (11/6): In the aftermath, the CFO got fired and Mesa got hit with an $80 million judgment. Ouch.

Posted on October 9, 2007 at 2:02 PM • 14 Comments

Comments

Max BelchOctober 9, 2007 2:51 PM

> How not to delete evidence.
The cover-up they attempted seems kind of logical. How should they have deleted the evidence?

John DaviesOctober 9, 2007 3:38 PM

Interesting to compare this story with the previous entry about the UN spending the weekend deleting files.

Here's hoping that the UN's backup strategy is not as good as Mesa.

Bruce SchneierOctober 9, 2007 4:03 PM

I believe the Mesa file deletion happened after the court order requiring them to turn the data over. It's a crime.

I'm all for deleting browing history, cookies, etc, at regular intervals, and have my computer set up to do it automatically.

JosephOctober 9, 2007 4:12 PM

"I believe the Mesa file deletion happened after the court order requiring them to turn the data over."

That's the key point. Deleting files at will is fine. Doing it after you have been ordered by a court to provide those files is not.

Steve ParkerOctober 10, 2007 2:54 AM

"But Mesa says any deletion was not intentional and they have copies of the deleted files."

Given that they admit they have backups of the deleted files, they can't be claiming that they have accidentally lost any data.

4kb and uphill both waysOctober 10, 2007 10:00 AM

This month's ;login: has an article by Alexander Muentz on IT aspects of preparing for litigation.

jayhOctober 10, 2007 10:23 AM

I love the pornography defense.. a kind of plausible deniability??

Some years ago someone suggested that private steganographic messages be hidden in porn files, as it would make a good cover for secretively downloading and keeping lots of images.

Guitar ManOctober 21, 2007 11:08 PM

Actually, there are laws that require the maintenance of specific types of records for business and legal purposes.

So you can't delete some records at all.

For example, the Federal Government must backup and keep ALL emails, written documents, and electronic documents forever.

If you work for the Feds, you have no secrets on your computer.

There is also the issue of recovery. Good techs with the right tools and software can recover data at least as many as 10 to 20 generations back or more.

That is why file scrubber software often writes patterns over and over thousands of times to "clean" a hard disk. Usually bits of 1's and 0's in various patterns

Exactly how many layers that can really be recovered is dependant on the current state of the art technology.

The top of the line stuff is likely classified and in the hands of the government. The NSA, CIA, or the Military.

EduardoJuly 24, 2008 1:29 PM

It's funny that they spoke out of both sides of their mouth... 1st John O says we keep copies then we don't have copies.
Could the data have been so damning that they decided to let Murdane take a fall because better one than all?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..