Portable Data Storage

posted 03/24/06


There's no denying the convenience of today's portable data storage devices, and the ability to carry around huge - perhaps ridiculously huge - volumes of data in one's pocket or purse. With that conveince, however, comes a significant and often overlooked degree of security risk, and a tendancy towards extraordinarily poor user discipline.

My first computer, back in 1987, was a Commodore VIC-20. It could store an astonishingly small amount of data on it's cassette deck, which used regular audio cassettes. The media was cheap, and could be bought anywhere, but I don't believe the actual storage format was anything like standardized, nor - to the best of my knowledge - were the BASIC programs one wrote portable to other makes of computer. It was also a deucedly inconvenient way to save 512KB or so of data; we did a lot of rewinding, fast-forwarding, re-recording, and flipping of cassettes back then.

Within a few years I had an 8088, with one, and later two, floppy drives. When 1.44MB disks (and drives) came out, it was amazing; who could possibly create 1.4 megabytes of stuff they needed to store, let along the 14.4 megabytes a box of ten disks would hold? Macintoshes couldn't read IBM floppies, IBMs couldn't read Mac floppies, and I neither know nor really care what the Amiga people did with their data. Aside from operating-system compatability, once you moved away from plain ASCII, file formats were nothing like standardized - and even plain ASCII could be a problem, with the way some systems handled things like carriage-returns.

That was then. Today, the floppy is pretty well obsolescent, and it's early gee-whiz replacements - Zip and Jaz disks, and the like - are still around but far from widespread. Nowadays, staggering volumes of storage - gigabytes of data - are available on flash drives, thumb drives, jump drives, and portable hard drives. It's certainly progress - but it's not necessarily a good thing.

In the heyday of floppies, there was no real reason to carry personal data around. Oh, a student might carry a term paper or a book report around on a floppy, and business people might haul around reports or those 8-bit pie charts we all thought were so neat, but there was virtually no real danger if a floppy were lost, because little if anything of real import ever left the home or office on them. Too, so many programs used proprietary data formats that merely having a floppy full of data didn't necessarily mean someone else would be able to decipher it. Besides, not that many years ago, nobody used laptops as their main computers, and PDAs were at least occasionally synced with a desktop machine. Today, that's not necessarily the case, which is unfortunate.

The most basic threat of losing data is just that - actual loss of data, and/or the media it's stored on. Until a few years ago, people didn't keep original data on laptops or PDAs (or floppies, or Zip drives, or whatever else). They hauled around copies of stuff, updating and syncing it with their "real" computers on an at least semiregular basis. Now, though, many people enter original data directly into their PDAs, or only own a laptop, and thus are hauling around - if they don't have any backups anywhere - original and irreplacable data.

Whether that data has any actual value - for most people, their accumulated megabytes of chat logs, instant messages, lackluster digital photos, music files, and emails sent and received have little to no value to anyone other than themselves, and that's probably more sentimental than anything - if it's lost, it's lost for good. Oh, it may be inconvenient, having to ask all your friends for their email addresses and IM numbers, but it's nothing more than an inconvenience.

A lot of people are hauling around stuff a lot more valuable than chat logs, though... and if you're having an affair, discussing criminal activity, engaged in political activism, or doing any number of other things, and have personally-identifying information amid the data, the discovery of those chat logs, emails, and instant messages could be quite painful. Blackmail is an ugly, unpleasant experience.

This danger is a result of poor user discipline, plain and simple. If someone breaks into your home and steals your computer, you can, to a certain extent, be forgiven for losing every last byte of your data. If you forget that data on the seat of a bus and never see it again... you've nobody but yourself to blame.

Pretty much every computer made in the last eight to ten years has a USB port. External hard drives can be had for $1 per gigabyte of storage, and USB 2.0 (standard on most machines made since 2000) has fast enough transfer speeds to actually be readily usable for storage. For under $100, most people can backup every byte of data on their computer and hide it in a sock drawer; there really isn't a good excuse for losing all your original data, whatever it's objective value.

Just because you have backups doesn't lessen the dangers of losing, or rather, potentially disclosing, damaging or valuable personal information. The best way not to lose compromising information is, rather obviously, not to carry it around with you in the first place. There is no reason whatsoever to be carrying around your TurboTax files for the last six years everywhere you go, every single day of the week. Sure, it's neat to have a record of every email you've sent or received since high school, and it can be really nostalgic to see who you were writing to, and what you were discussing, five years ago. But why on earth are you dragging that around everywhere?

I have a simple rule of thumb with regard to portable data - if you don't know what it is you're carrying around, you don't need it. Make a list from memory, as detailed as possible, of everything you're carrying around with you. Programs, documents, media files; everything. Then go thru your laptop, portable drive, or PDA file by file, directory by directory; you may (or may not) be surprised just how much you're hauling around that you couldn't list. If you couldn't remember it was there, it's almost certainly not important enough to risk losing. Truth be told, if you couldn't remember you had it, it's almost certainly not important, period. Invest the price of a concert ticket in an external drive, keep your personal stuff on there, and leave it at home.

A corrolary of sorts is that if you wouldn't want the data to be published on the internet for the whole world to see, you probably shouldn't be carrying it around, at least unencrypted. If it really is important - you're taking financial information to your stockbroker or financial advisor, or you're transporting proprietary business data - encrypt it, and look into biometric security.

If you're honest and objective, the amount of data you actually need to be hauling around with you is probably surprisingly small. Likewise, the amount of actually irreplacable data you have is likely a lot less than you think.

All the programs and data I would ever possibly need to have at hand when away from home - including "portable" versions of the Firefox web browser and the AbiWord word processor (both from portableapps.com), encryption and security utilities, and a fair amount of other stuff - takes up less than 64MB of space. My irreplacable data - every webpage and article I've written in the last decade or so, savefiles for every game I've played in the last couple of years, my PGP keys, business information, financial information, and so on - comes in just under 100MB. The stuff that's irreplacable but I could live without - various logfiles, archived emails, screen captures, old source code, and so on - take up a couple hundred megs; it'd fit on a CD.

My main computer has more than 300 gigabytes of storage; most have a lot less. Yet, after eight years using the same system (with a lot of upgrades along the way), all my really important, important, and sorta important data takes up less than a gigabyte. Yet, in every sense of the term, that important data - about one percent of everything on the computer, and even less of the total capacity - has more value - objectively and subjectively - than all the rest combined.

After you lose your laptop, PDA, or thumb drive is not the time to start wondering what data a potential blackmailer or identity theft may have just gotten their hands on. Security isn't flashy or exciting or fun, but it's also not very useful when it's reactive. An hour or two every month or two is all it takes to be proactive. Compared to the potential cost of not taking a few basic steps... what have you got to lose?


Back


All Contents of BUGGRIT.COM are (C) 2002 - 2006 M. Gilday. All Rights Reserved. No portion may be reproduced in whole or in part without the express written permission of the owner.