Don Kerns asks, in light of the removal of Secure Empty Trash for SSDs in El Capitan, about a repair operation he needs for his brand spanking new Mac:
My concern is providing the laptop to the service center with admin password or temp admin privileges as this appears to give them full access to my FileVault encrypted drive. It appears the only feasible way (other than securely wiping entire drive) to prevent admin access/copying my data is to delete certain software (Dropbox, LastPass, etc) and then secure erase the associated data folders. Is there a way to provide the service center with access to the MacBook Pro but not my confidential data stored on the laptop?
Unfortunately, there’s not. As Don recognizes, if you create a separate account, but give that account administrative privileges that will be needed for testing and diagnosis, that administrative account can effectively see any files on the decrypted drive while the computer is running. It takes slightly more effort than just logging in, but they’re all available.
Don started in absolutely the right way, which is to use FileVault from the beginning with an SSD. Because of the way an SSD’s management software distributes wear evenly to prevent premature failure of parts of the drive, you can’t be sure that none of your data is recoverable by a determined-enough party.
I consulted Rich Mogull, a security expert, who writes for Macworld and TidBITS, and he noted:
Due to how SSD drives work, you can’t reliably erase all the data on them. Thus your best option is to always enable FileVault since you then don’t need to worry since encrypted data won’t be recoverable without the key, so data still isn’t recoverable once deleted.
He also agreed with Don’s concern and my assessment, that only wiping the drive and reinstalling OS X will provide the privacy Don wants:
When sending a Mac to a service center, if you can’t remove the drive and ask them to use a temporary one they have for troubleshooting hardware, you should make multiple backups (to be safe), then reformat the drive without using FileVault. Let them do their work and then you can restore your data to a FileVault encrypted drive when you get it back.”
In my experience, when I’ve had a problem with a new-ish laptop, within the first few months, the odds of getting back the unit with the hard drive intact are very low, so you’re probably not making that much more work for yourself in the end: you’ll want to make a backup (or two) anyway, and you’ll need to restore if they replace the drive or the entire laptop.
Sign up for CIO Asia eNewsletters.