Seeking Accord

By Mark Hachman  |  Posted 2004-10-01 Print this article Print

NAID held a teleconference with its members Thursday to try to resolve differences between those who favor physically destructive methods and those who favor software wiping. No accord was reached, Johnson said, although the industry organization will try to reach a consensus through an exchange of position papers and rebuttals before Nov. 29, when the NAID board will make a final recommendation. "My sense is that were not going to say that there will be no role for software wiping," Johnson said. Instead, perhaps each of the methods would be assigned a level of risk, he said. Overwriting a hard disk a single time either with other files or with random bits of data is not good enough, as latent magnetism can reveal some or all of the information contained in the file, according to software vendors.
The 5220.22-M specification advocates writing every sector on the disk several times with nonrandom and pseudorandom data. Security expert Bruce Schneiers own algorithm writes the drive as many as seven times with the same pattern, using different values with each pass.
That means software vendors must in effect self-certify. George Pecherle, a spokesman for Oradea, Romania-based EAST Technologies and its Eraser products, explained it this way: "Chapter 8 of the DOD 5220.22-M National Industrial Security Program Operating Manual (NISPOM) defines a method that is approved for sanitizing magnetic disks: Overwrite all addressable locations with a character, its complement, then another character and verify," Pecherle wrote in an e-mail to "Thats exactly what the DOD-compatible methods from our products do—actually one of them does it three times, so it is three times more powerful that the actual standard, and this method is approved by the U.S. NSA. "Any wipe routine that implements the U.S. DOD specifications defined in the DOD 5220.22-M standard is called U.S. DOD-compliant. And because our Eraser products have such wipe methods, it means they are U.S. DOD-compliant." Office Depot and Hewlett-Packard teamed up to offer free PC recycling. Click here to read more. Redemtech Inc., based in Columbus, Ohio, charges $6.25 to $20 per base unit at its largest accounts, according to Bob Houghton, president and chief executive of the company. Like some of its competitors, Redemtech developed its own software utility to handle the DOD-spec overwrites. "Based on our audits of conventional data destruction, one out of four hard drives still has data on it," Houghton said. Because data is overwritten bit by bit, software overwriting of data is more destructive than physical shredding, he said. Any drive that is nonfunctional, however, must be physically destroyed, Houghton said. Likewise, NAID believes that any drive with more than 10 defects on it also must be shredded, NAIDs Johnson said. While the debate on data destruction will rage on, recyclers also have begun complaining of a chilling effect the practice has had on the traditional practice of recycling, which can either include reducing a PC to scrap or refurbishing it and reselling it to Third World countries, low-income families and others in need. Recyclers complain that erasing the data completely off of a disk also erases with it the licenses to the software that was installed on the machine, meaning that there is no way to mine the discarded PC for software in the same way recyclers can strip out component parts and resell them for a profit. Leonard Duke, a customer relations manager at ComputerCorps, said the recycler can easily source low-cost sound cards and modems from Internet vendors, but that software is another story. The problem is that many people still have a need for an old Pentium II PC, but the hardware wont run the latest operating systems, such as Windows XP. "The licenses we had from Microsoft were mailed to us," he said. "We were able to get beta licenses for a while with Windows 95, but you cant get those anymore. With [Windows] 98, we havent been able to get those for last four to six months. Its hard work trying to keep up. We feel that [Windows] 98 was one of the better OSes." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Be sure to add our Security news feed to your RSS newsreader or My Yahoo page


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel