Conrunner Logo

What Do You Do If The Computer Is Stolen?

Some thoughts on data security for conventions.

David Bell

1: Introduction

Over the last year, I have been a member of three conventions which have stored their membership lists on a computer, and lost the data. There is no point in naming them; but if the cap fits it won't fall over deaf ears [1]. While I wouldn't call myself a hacker, in the traditional sense of the term, I've been fiddling around with computers, both hardware and software, for long enough to be able to discuss the problems, and some of the answers. My current hardware is an IBM-compatible, with no hard disk. The principles are the same, whatever the machine, but at times I will be mentioning IBM-specific problems.

So far as I know, the three cases had very different causes. One involved a partial collapse of the organising committee, another theft of a computer system, and the third was a classic hard-disk failure. A few simple precautions would have made a big difference in all three cases. A fourth cause of data loss, which could also affect card indexes and other non-computer systems, is fire.

I don't want to get into the details of the Data Protection Act. There are certain exemptions which may be applied to science fiction conventions. There are also two general rules which apply to all personal data. First, you should not store data that you don't need. Second, you should keep data securely. At first sight, the second rule is easy enough to keep. Nobody else uses your computer, do they? Think about it.

2: Computer Choice

Amstrad PCs are all over the place in fandom. IBM-compatibles are pretty common, and the Apple Macintosh has been seen at conventions. All these are to some degree seen as serious computers. The Atari ST and the Commodore Amiga are also quite capaple of storing a convention membership list. There are two simple questions which must be answered. Can the computer handle the amount of data you need? How easy is it to get at another computer which can read the data? Little else matters, though you should check that there is a printer available which can handle labels. There is little point in having the membership list on a computer if you cannot print the labels for the mailings.

Let's make a simple, approximate, estimate of how much space is needed for data.

200 bytes will store six lines of forty characters. That should be enough for a name and address and a membership number. The lowest-capacity floppy disk that I know of, on a Tandy Model 1, stores 87.5KBytes, which would be 448 records, each 200 bytes long. Well, not all that space on the disk is available to store the data, but all the computers I have named will store at least four times as much data on one disk. Call it at least 1600 names, and remember that figure for later.

I think it is fairly clear that any computer with a disk drive should be able to handle the membership list for a small con, provided the software does not expect all the data to fit in memory. Even an Eastercon is possible. When you start getting to Worldcon size, I 'm afraid that choices start to get limited. A database with around 6000 names and addresses could be squeezed onto a high-density floppy disk, but that format is found at the professional level. If you are talking about a Worldcon you are definitely in the realms of hard disks and purpose-written back-up software, because the data files will probably not fit onto one floppy disk.

So the important question is what to do if the computer becomes unavailable. The simple answer is to use a commonly available machine, and if it comes to a choice between a single high-powered IBM-clone or two Ataris, go for the Ataris. There is one small complication. Apart from older Apple Macintoshes, data on 720KB 3. 5" disk drives can be pretty readily exchanged between different systems. The format for the Atari ST is almost identical to MS-DOS. In other cases, there are programmes which will handle MS-DOS format disks. If that is an option, make sure you test it before you find you have to use it, or re-type six hundred membership forms.

3: The Back-Up Principle

This is the really important part. If the data files will fit onto a single floppy disk, and this is quite possible, backing up the data is easy. It so so easy that there is no excuse for not making a back-up. For machines using MS-DOS all you need is the DISKCOPY routine. There is also a simple method of planning when to take back-up copies. There are two advantages to keeping the data on a floppy disk. First, it can be kept somewhere safe from fire or theft, in this case at the home of another committee member. Second, floppy disks have write-protect tabs, so it takes two consecutive mistakes to accidentally erase a file. The same principles apply to making back-ups of files on a hard drive.

First, get some floppy disks specifically for the convention database. Label them. Format them. If you have a program like EZFORMAT, which also thoroughly checks the disks for bad sectors, use that at its most rigourous setting. If you are a little paranoid, buy branded disks, and reject the whole box for back-up use if any format with bad sectors.

Second, make a complete back-up of your software. Make it from the working disks, not from the master disks. And use the write-protect tabs. It is also worth making a back-up copy of the initial empty database file.

I will assume that our committee-member plans to update the database four times a month, and that he is willing to risk having to re-enter a month's new members. He labels four disks "Rotating Back-Up A" to "Rotating Back-Up D". A fifth will store the working copy of the database, and is so labelled. The first session, he entered the first names on the membership list. He then copies the data file onto the "Rotating Back-Up A" disk. It is worth making a second back-up copy, "Back-Up 1". In the next three sessions he makes back-up copies onto disks "B", "C", and "D".

At the end of session five he copies the data first onto "Back-Up 2", a new disk. He then removes the write-protect tag from "Back-Up A" and copies the data onto that. Assume that he over-writes the previous back-up, though perhaps the files are not yet that big. Again, in the next three sessions he makes back-up copies onto disks "B", "C", and "D".

And so on. It really is that simple. The key point is that "Back-Up l", rather than being kept at his home, is kept by another committee member, and the same with "2", "3", etc. Ideally they should be handed over in person. If they are posted, make an extra copy and arrange to confirm that it has arrived before re-using "Rotating Back-Up A".

You should never need them if you take all this trouble. Of course, the back-ups should be kept in a different room to the working copies. They should be write-protected. And if you have a fireproof safe check if it will protect magnetic data, the critical temperature is far lower than Fahrenheit 451.

If something goes wrong and you lose your working data, never remove the write protect tag from a back-up copy. Always make a working copy from the back-up and use that. If you suspect a virus attack, and most so-called virus attacks are really human errors, either the operator or the programmers, don't do any work on the back-ups until you are sure you can find and kill the virus. Then check with a working copy of the back-up.

Follow this routine and there will be copies of the data held by two committee members, so fire and theft will be very unlikely to affect both. Other problems are guarded against by the rotating back-ups. And you still have the paper files to fall back on.

4: Technical Notes for IBM users

The most common problem with backing-up data on IBM-compatible computers using MS-DOS is that the utilities provided, BACKUP and RESTORE, are highly specific to the particular version of the operating system. Back-up under version 3.20 and you are unlikely to be able to restore under version 3.30, while version 4.01 RESTORE will probably imitate a Norwegian Blue parrot. But if you have files on hard disk which will not fit onto one floppy, you need some sort of back-up utility, and these are free. They do work, but make sure you have a copy of MS-DOS and the utilities you need to reformat your hard drive, and RESTORE, on a floppy disk.

It is possible to recover an accidentally deleted file. Do not write to the disk, as this will possibly over-write the data. Under MS-DOS, the DEL command only changes one byte of the directory entry and modifies the FAT. The data is still on the disk. I use "File Rescue Plus", there are other programs which will un-erase a file. It makes it easier if the file is written in a continuous block, or has only non-deleted files breaking it up. Most file recovery packages also have routines to optimise files, which also makes reading the file quicker, by moving the data into a continuous block. DO NOT USE ANY DISK OPTIMISING OR FILE RECOVERY SOFTWARE UNDER A MULTI-TASKING OPERATING SYSTEM.

I have suggested that DISKCOPY is used to make back-ups of a floppy disk. This makes an identical copy of the original floppy, included deleted files, so use it if you have deleted a file. A more flexible method is to use XCOPY, which only copies files and subdirectories. The copy on the floppy will be optimised, as a side effect. With XCOPY it is possible to copy only files which have been altered since the last time they have been copied, or since a certain date. Look in the manual for details.

There are file archiving utilities which compress files into less disk space. The best have similar features to XCOPY. Make sure that they work, because the compressed file is unreadable. I would suggest PKZIP, which is a shareware package, if you want to try this. Don't confuse this with programmes which compress and expand data every time you write to and read from the disk drive. I am a little reluctant to trust them.

5: Conclusion

It is possible to prevent most losses of computer data by routine and methodical back-ups. Only the largest conventions need to store more data than will fit on one disk, so no special software is needed. What is your excuse?


This page updated on 09 July 1999