Richard F. Sylvestre, a former government contractor who had a top- secret clearance, pleaded guilty on Wednesday to sabotaging computers used to track U.S. Navy submarines.

This is an amazing story. According to this article in the Virginian-Pilot, Sylvestre planted a logic bomb in several navy computers after his company was passed over on a bid. He then fled to Italy.

Apparently, three of the five navy computers used to track submarines were shut down as a result of these actions. If all five had been shut down, the navy would have been blind.

Cases of programmers going rogue and planting logic bombs are widely known in the computer industry. It's easy to forget how much raw power is yielded by programmers and system administrators. We want to trust these people. We need to trust these people. But ultimately, if we wish to protect ourselves and build a truly robust information society, we must develop techniques to minimize the amount of trust required.

Last week Jon Espenschied wrote an article in Computerworld describing 10 significant security risks with today's smart phones. The article, while more than a bit geeky, makes an important point: today's smart phones are general-purpose computers and, as such, they are vulnerable to all the same security problems as other general-purpose computers. Specifically:

They may not be running the code that you think they're running (and that includes viruses, Trojan horses, and the like);

Many of the communications on and off the phone are not properly encrypted, if they are encrypted at all;

If you delete a file on the phone, it can probably be recovered;

It's easy for a motivated hacker to spy on your phone.

Espenschied's article makes good, alarming reading, but if anything, it underplays the risks of mobiles. That's because his article stresses the security problems unique to smart phones but ignores the risks to phones in general.

Back in 2003 I wrote a brief tidbit, "Understanding Cellular Telephone Security and Privacy," for a human-rights group that I was doing some work with. Instead of stressing the risks specific to smart phones, this document stresses the risks posed to any cell phone.

I have spent much of the past eight years of my professional existence working with information that has been inadvertently left behind on disk drives by their previous owners. In 1998, I started purchasing used hard drives sold on eBay; approximately a third of these drives contain significant amounts of confidential information.

In 2003, I published my first significant research paper on the topic, "Remembrance of Data Passed," coauthored with Dr. Abhi Shelat (although at the time, we were just two MIT graduate students). That article discussed our findings resulting from the purchase of 150 hard drives. Since then, Abhi has gone on to other projects, but I've kept at it. Recently, I purchased and imaged drive #1236 (it was filled with personal e-mail).

One of my goals in all of this has been to effect some kind of large-scale social change. A few months after our 2003 paper was published, the U.S. Congress passed the Fair and Accurate Credit Transactions Act (FACT ACT) of 2003. Partly as a result of my research, language was added to the FACT ACT to force organizations to destroy consumer reports on paper or magnetic media before that media is discarded.

Unfortunately, passing the law wasn't enough. First, it has a big hole in it: the implementing regulations specifically exempt companies that collect and resell used equipment. By not making these companies directly responsible for the damage they do, the regulatory bodies basically threw away what could have been one of the most important opportunities for enforcement.

The second problem is that today's computers don't have built-in "self-destruct buttons" for automatically wiping confidential data.

Despite a considerable amount of effort by me and others, we're still seeing large amounts of sensitive information from businesses and governments leak out on discarded machines.

Recently, Wade-Hahn Chan of Federal Computer Week wrote that the Lawrence Livermore National Laboratory, in California, may not be properly wiping information from hard drives before they are discarded.

But in my work, it has become increasingly clear to me that the problem is that programmers and computer designers simply do not think that data deletion is a high enough priority that they should devote serious resources to solving the data-leaking problem.

For example, an Associated Press article by May Wong that ran last week says that many of the new digital photocopiers don't wipe their hard drives after a scanned document is printed.

I use a Macintosh computer, and I've been very pleased with a Mac feature called Secure Empty Trash. However, Apple has added a new feature to its 10.5 operating system called Time Machine. With Time Machine, you can take your computer back in time to before the files that you have securely deleted were deleted, allowing them to be recovered. Does this make sense? It's a problem, and I don't think that Apple is addressing it properly. You can read about this in my recent article , "Complete Delete vs. Time Machine Computing," published in the January issue of Operating System Review .