SharePoint Libraries Non-Compliant

 

If you have data that falls under FDA, HIPAA or similar compliance, you know that records have to be protected from tampering. The so called integrity verification is usually implemented for electronic records through checksumming, also called hashing [see An Introduction to Computer Security: The NIST Handbook]. As long as the binary file is not changed the checksum stays the same. If you change even one byte, the checksum will be different. So this is an easy proof for the record that travels between different storage media, as long as its CRC, MD5, SHA-1 or whatever chosen hash value travels with it.

Everyone would expect from Microsoft’s statements here that all uploaded files will NOT be changed. This information there is a bluff. At least for many Microsoft Office files, as well as MSG and probably more (extensive testing needed) you can be sure that they ARE changed, i.e. invalid/void as electronic evidence.

Here an example with license files in MSG format, ouch!

You can check this for yourself: create a folder with Office Files, sync it online (upload) and from other computer sync it offline (download). Now compare the sizes. They are different.

This problem is discussed for quite a while, recently, in 2013 or even in 2010 and it’s a huge surprise that no large company has mounted legal challenges to this already. Or are large companies really “compliant”?

So be careful: DON’T trust any single legally relevant electronic document to SharePoint Library, respectively OneDrive for Business. Keep them on your local file server!

PS: This article is based on a personal experience. Unfortunately I cannot publish more screenshots of my forensic research because of company non-disclosure agreement. But in a court I can prove every single word from this article 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s