I was reading today an interesting article in the Globe and Mail regarding how companies deal with their aging and retiring computer equipment. Many thousand computers, servers and peripherals have to be properly disposed to protect the private information of clients and partners against identity theft and involuntary disclosure of information.
It is very encouraging to see major companies protecting our information and supporting various charities by donating these outdated equipment for extending its use or recycling.
What are smaller companies and individuals doing with their old computers and non-functioning storage devices? Many are donated to charitable organizations, handed down to family, friends or, after a deletion of “My Documents” abandoned at the curb…
In general terms, most computer users know that when files are deleted, these are not actually “deleted”. What really happens is that the file name gets tagged as deleted by replacing the first character of the file name to a sigma (σ) and the data blocks become available; however, the data itself and most of the file name remain intact. Undelete software reads the file name table (File Allocation Table – FAT) and presents the user a list of the files that can be recovered, the user will have to supply the first character to restore the chosen file. As more data is recorded in the hard drive the possibility increases that these data blocks containing data for old, deleted files, will be overwritten with new information. That’s the reason why it is so important that a file recovery starts as soon as possible after the deletion and the computer is not used at all and, even better, turned off.
Since the advent of PCs security software has been released for removing information securely from computer media. These applications overwrite the data blocks with random information that completely change the magnetic traces of the original data, blocking, therefore, attempts of data recovery even by law enforcement agencies; hence the term “Department of Defense (DoD) Approved”. The best wiping software will allow the deletion of individual files, directories and the wiping of “free space” (data blocks marked as available but most likely containing information from deleted files (including temporary files like the ones created by the operating system for normal operation, Internet browser caches, opened email attachments, etc.)
A good idea is to do a “wipe” after a disk defragmentation. As it’s a very, VERY, time consuming procedure, it is best to let it run overnight.
Jetico is my favourite company for data security needs; uses algorithms and applications that have been peer-reviewed and, as a European company, it is immune of export restrictions and U.S. government regulation (like PGP was a few years ago). Their wiping product is BCWIPE which fits most needs for consumers and corporations.
There are more specialized tools for wiping the contents of whole hard drives. The computer will have to be configured to boot from a special CD/DVD/Flash Drive, and instructed to securely clean the drive. As it will do multiple passes on the whole disk, it is a very lengthy procedure. For this task I prefer Open Source solutions which make the source code available and have been studied ensuring that there are not security holes, back-doors, and other vulnerabilities.
WARNING: After a secure file deletion, there is no way of recovering the information. Done properly the data will be obscured even for the NSA.
For the destruction of CD/DVD disks many office shredders provide a slot for this type of media and credit cards. For larger volume of disks commercial companies provide services that destroy disks on-site.
Another interesting article was published by ABC News which deals with copying and imaging equipment (like digital photocopiers) which contain a built-in hard drive that stores print/scan/fax jobs for scheduling and recovery. As this equipment gets disposed of, upgraded, maintained, it is less obvious to the consumer how is this data been managed for privacy protection and security. If the equipment is removed from the premises, ensure that the data is properly deleted and get an assurance in writing. You would never allow your file cabinet leaving the office full of files…
Please contact us for your data security needs, including wiping out old hard drives, installing secure deletion utilities and encryption.