I agree with Dave that Apple’s “trade” (Yesterday, Today) — their brand new drive, for your drive full of sensitive information — is bad business. They shouldn’t do it or, if they do, there should be a policy that the drives are erased well (say, for example, DoD grade).
One thing about Dave, though, is that even when he’s right, he finds a way to be wrong.
You have no control over when a hard disk will crash, or any foreknowledge of when it’s even likely to crash. So there’s no way to protect against this kind of security issue.
Let’s assume that his premise is correct (no control or foreknowledge of a drive crash) let’s further assume that once the drive is “un-crashed” all of the data that used to be on it could be read. Even assuming those things, it doesn’t mean there’s no way to protect yourself.
Take a look at the principle: you have to be able to predict a security breach to protect against it. True and false. Arguably, you have to be able to predict (generally) that a breach might happen in the future, but you certainly don’t need to have any warning about specific attacks. If you did, none of our security mechanisms would work.
Dave seems to be fixated on one solution: destroying the data on the drive. In that fixation, he’s ignoring a much easier (and pre-emptive) solution: encryption. OSX comes standard with FileVault. Keep your data encrypted at all times (like you should on a laptop with sensitive information anyway) and suddenly losing your harddrive becomes a much less serious security problem.
It’s still a business/PR problem for Apple, but (as usual) Dave’s amping things up a little bit here.
Official Apple repairs have always been parts swaps. But replacing your own hard drive is easy. Apple even gives every Mac owner a little diagnostic disc so you can see what’s wrong, and if it’s just a hard drive, do it yourself if you like.
But dave would rather have his outburst of indignation, even if he has to pay extra.
I like how Winer acts like he’s ahead of the curve when he states that losing your laptop is a privacy issue. “So far it seems that this is not yet an identity theft concern, but you can’t be sure, and it won’t be long before it is.” So far? Laptop owners have been targeted for theft at airports and car break ins for years.
Someone in the repair business (on Slashdot) explained that the policy is there to limit exposure to fraud. Many vendors send you a new drive with instructions to replace the defective drive. So, they insist you return the defective drive to prove it’s damaged and limit abuse of the repair/warranty process.
So, I imagine Apple applies the same policy to a Store walk-in repair… usually they box up your system and send it off. It looks like they tried to keep Dave happy by doing the repair in the store. They try to avoid settling that expectation.
Applie will probably wish they had quietly given him is drive but Dave Winer would blog about the fact that they did and insist that everyone always gets their drives back… yada, yada.
Apple keeping the drive is a huge exposure for them and I’m aure they make every effort if the drive can be recovered by a benchtech to clean the drive. It’s too risky for a big company to do otherwise. I’m sure the fine print attempts to cover any potential leak. If one of Dave’s servers in hacked he’ll now blame Apple for the damage and time to re-secure the system.
Just touching a computer Dave Winer owns is a liability. I wouldn’t think of helping the guy unless he had something to trade to cover the risks. For Apple they expose themselves to the worst customer you can image. One that “prints bits by the barrel”.
He reminds me of my old man in his old age. Defensive and angry. He should have bought a new computer… but he knows whats coming and wouldn’t.