The Mystery of the Lost Notebook

By Larry Seltzer  |  Posted 2008-04-22 Print this article Print

When you send your computers out for service, are you sending out your data as well?

Here's the short version of how this story begins: A couple of weeks ago I spilled coffee into my ThinkPad. Yes, I'm a klutz, and it was all my fault, even though I was stressed out.

Amazingly, the notebook continued to run and most of the keys still worked. I immediately started a full system backup (I use Windows Home Server for this, an outstanding product I recommend highly) and I separately copied the My Documents folder, where I keep all my data, to the server. Luckily for me I also have seven other computers here.

The notebook is about 18 months old, so I called up Lenovo service, which, it seems, is still run by IBM. (This fact alone was immediately reassuring.) The support rep confirmed what I had hoped, that when I bought the notebook I bought the "screw-up" policy that they call the "Lenovo Protection Service." They were going to fix my computer! I'll never again buy a notebook without such a policy. They sent me a shipping box via DHL. I put the notebook in it and shipped it back the next day.

That's when things went wrong, and when I started to think about the security implications of my predicament.

The Set-Up

I had shipped out my notebook without wiping the drive first. Even though I knew I had a full backup, I decided it was not worth it to clear the drive.

In an enterprise things are different; my understanding is that it's common to have a standard policy in large organizations that all such computers are wiped clean. If you don't have such a policy, you should. After all, in a well-managed enterprise, data should rarely be stored solely on a desktop or notebook computer, and reconstructing it on a new drive should be a straightforward process. But I'm a one-man enterprise here and I don't have such facilities.

eWEEK's Ryan Naraine has put together a top 10 list of must-have free security tools. Click here for the slide show. 

The package was supposed to go to IBM in Memphis the next day. Instead, the next day DHL's tracking system showed it in Ohio. The day after that it finally got to Memphis ... and was promptly shipped to Nashville. This is when I started calling DHL and asking what &%^$ was going on. Unfortunately, it was Friday and they basically told me nothing would be happening before Monday.

On Monday they admitted that they had a problem and instituted a "dog search" of the warehouse in Nashville, where the package was last seen. My feelings were a mixture of rage and anticipation over what kind of new, high-end notebook I could get out of Lenovo to replace mine.

The Punch Line

Less than an hour after DHL admitted to me that the package was lost, I got a call from IBM to tell me that the notebook was repaired and that I should have it back the next morning. They had replaced both the keyboard and system board. The next morning it did indeed arrive in perfect working order, about a week after I had shipped it out. My respect for Lenovo and IBM remains as strong as my disdain for DHL has become.

Yes, DHL had delivered the notebook but didn't realize the fact. The next day a DHL investigator called once again to tell me that they were still looking for the package, and I filled them in on its location. I still wonder what happened when the package was delivered; surely the box was scanned at that point. What happened to that data?

And it's possible that, while it was "lost," someone imaged my hard drive or broke into it and stole data, but I'm going to assume that didn't happen and that this is a happy ending. From now on I drink my morning coffee from one of those travel cups with a sip-hole in the top.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's blog Cheap Hack.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel