[vcf-midatlantic] Culpability and Provenance

Tony Bogan tony.bogan at vcfed.org
Thu Jan 14 19:33:49 UTC 2021

Generally speaking if there’s a hard drive in the machine I see what’s installed/system version and if nothing I’ve not seen before it immediately gets wiped. Having done work for doctors offices to
Maintain HIPAA compliance with both data collection/storage and disposal of old hardware,  I don’t like to dig too deeply through files on machines I get. Even vintage ones!

Floppies I’ll typically see if they are bootable, and occasionally I’ll look at one with an interesting label but primarily it’s format, and if the format takes reuse the disk and if not straight to the circular file.

While some argue to archive everything, hanging on to other people’s data is not for me unless I know I can reach out to them and see if they want it. 

The overwhelming majority of people do not realize that old disks can still often be read or that the computer they dumped at a recycler or left on the sidewalk for bulk pickup may end up in The hands of someone who can get it working. 

As recently as a couple weeks ago I reached out to someone who had gotten rid of iPads from several generations ago (first gen and ipad 2 and 3 etc) that ended up in my possession.

She was understandably surprised to receive my email (I’ve sent the same one to others before as an introduction) 

Since then she not only disabled the find my iPhone feature and allowed me to wipe the tablets but has since asked how to properly wipe some older machines before donating them! Sometimes it works out and both parties are the better for it.


Sent from my iPhone

> On Jan 14, 2021, at 11:14 AM, Dean Notarnicola via vcf-midatlantic <vcf-midatlantic at lists.vcfed.org> wrote:
> I can empathize with the provenance aspect of retaining the files. I deal
> with data privacy and retention issues professionally and they can be
> tricky to navigate. There are many more personal and medical data privacy
> laws these days, and those may vary state-by-state.
> You may desire to archive those files, either for posterity, research
> purposes or perhaps to try to contact someone to whom you may think the
> files hold some importance. However, by doing so you accept the
> responsibility of being a custodian of that information and should act
> accordingly. If you feel you cannot, or are not willing to do so, then the
> responsible action is to destroy the data.
> My default is to ask the person I’m acquiring computers and media from if
> they would like me to return any data found, and if not, I assure them I
> will immediately delete any existing personal files (I don’t necessarily do
> this for OS or application files.) If I am unable to ask, then I use my
> judgement.  As an example, I picked up an Atari 800 from a gentlemen in San
> Diego that was owned by his brother (sadly passed.) His brother had been a
> programmer and EE and there were many files with BASIC, ASM and other code
> in them. I didn’t find out until I returned home with the system, and it
> was too late to contact the brother as it was a Craigslist listing, by then
> removed. I deleted what appeared to be personal writings, a resume and some
> other text files that had no technical information in them, but I kept the
> code snippets.
>> On Thu, Jan 14, 2021 at 10:42 AM Jeff Salzman via vcf-midatlantic <
>> vcf-midatlantic at lists.vcfed.org> wrote:
>> Hello group,
>> Recent discoveries brought me to post this mostly philosophical message and
>> question about what we do as collectors when we come across data stored in
>> or with our acquisitions.
>> For example, I have owned my Kaypro 10 for about five years. I bought it
>> from a fellow collector in Chicago when I was at VCF MW at the time I
>> acquired it. Since that time, I have only powered it up about 10 times.
>> Each time was more for just making sure its hard drive would still spin up
>> and boot, and for poking around my only operational CP/M machine.
>> Just recently, I decided to actually look at the files that were stored on
>> it. It had WordStar installed, and the drive was cluttered with many files
>> without extensions on their names. Assuming they were WordStar files, I was
>> able to open up a number of those files. Most of them were actual Will and
>> Testament documents for a number of people in the Chicago area around 1990.
>> I assumed this Kaypro was once owned and used by a lawyer at that time.
>> Another thing I discovered, and this one has some interesting impact on the
>> device's potential provenance, was a file called RESUME. The file was a
>> WordStar document in that it started with several lines of "dot-commands"
>> identifying it as such. The interesting part is that it was a resume of a
>> U.S. Robotics co-founder and V-P, as discovered in the work history listed
>> in the resume. Yes, THE U.S. Robotics company that made the modems many of
>> us drooled over owning back in the day.
>> So I asked myself... why would this file be on this computer, in WordStar
>> format, if the machine wasn't also owned by the person in question? That
>> leads me to wonder if this Kaypro was also owned by said Founder of USR.
>> This Kaypro may have changed hands several times before I acquired it. It's
>> still a bit of a mystery. After all, it's not like people simply emailed
>> files between CP/M machines as readily as we do now. Plus, someone as
>> computer literate as a computer hardware tech founder might actually be one
>> to write their own resume in a word processor on a CP/M system. Besides,
>> you can certainly understand my feelings and thoughts over the potential
>> provenance of the machine.
>> Those two examples aside, I want to address the opinions of others about
>> the possession of random and potentially personal data found on machines we
>> acquire.
>> This Kaypro has a number of Will and Testament files on it, a few legal
>> drafts, and of course, that resume. So this brings up the philosophical
>> discussion of culpability. Do we, as collectors of these systems, have a
>> certain responsibility to the disposition of data found on our
>> acquisitions? While many laws have been made over the decades governing
>> personally identifiable information, how much of the responsibility to
>> identify and "secure" sensitive data falls on us collectors who acquire our
>> computers through sale or trade vs. the previous owners who decide to get
>> rid of their computers.
>> Before I go on any further about my thoughts, I'll end the intro of the
>> discussion here, for others to offer their input, before I get any deeper
>> into my thoughts on what I have and what I could/should do with it.
>> Looking forward to your respective opinions.
>> Jeff Salzman

More information about the vcf-midatlantic mailing list