Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    E-Cyclers Embrace Data Destruction

    Written by

    Mark Hachman
    Published October 1, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A growing debate about the security of data has grown to include the computer recycling industry, which is now being asked to verifiably destroy data along with physical components.

      Merely donating old computers to schools, libraries or other nonprofit organizations may become a casualty of the information age. The need to conform to regulations including HIPAA (the Health Insurance Portability and Accountability Act) and the Gramm-Leach-Bliley Act requires financial and other health care institutions to ensure that no confidential data is exposed to public view, something that can occur if naked hard drives are resold to other organizations.

      But the debate is also enfolding more traditional companies, who are just as worried about civil suits as their counterparts are about investigations from regulatory agencies.

      A subset of the debate involves the best practices to destroy data, which can either include Department of Defense-compliant software that overwrites all data on a drive several times or an actual physical shredding of the disk platter itself. That debate may get resolved in November, when the board of NAID (the National Association for Information Destruction) will present its first recommendations.

      More and more, industry sources say, enterprises are looking seriously at the problem. “Five or six years ago, our clients didnt have budgets allocated for this,” said Steve Forbes, a contracts administrator at recycler Gold Circuit Inc., based in Chandler, Ariz. “Now, there are entire budgets that have sprung up for asset disposition and electronic asset disposal.”

      Even smaller nonprofit recycling firms are finding themselves swept up in the data-protection debate. Fortunately for them, the market for data-destruction products has become increasingly competitive, since the DOD does not offer any certification procedures for compliance with the 5220.22-M specification, published by the Defense Security Service, an agency of the U.S. Department of Defense.

      Ron Norton, the owner of Carson City, Nev.-based ComputerCorps, said the nonprofit recycler has chosen a DOD-compliant software utility to wipe the drives before shipping them back into the community. “Data destruction has become much more important to us in the last few months,” he said. A number of the companies donating PCs allow the drives to be reused or resold, but theres “a lot of extreme caution,” he said.

      /zimages/5/28571.gifTo read about a new California law that will boost recycling efforts through a consumer charge per CRT, click here.

      At Gold Circuit, the enterprise-level recycler has 15 technicians who do nothing but wipe hard drives and upgrade systems, Forbes said. Gold Circuits custom-designed DOD-spec software utility can format a 40-Gbyte hard drive in two to four hours, depending upon the speed of the processor, he said. The drive writes to each sector of the drive, including the boot sector that normally is ignored by the OS.

      “Data-destruction services first hit us in the financial sector; at that time, it was kind of a niche,” Forbes said, who said clients had been asking for data-destruction services as early as 1993 and 1994, when the company was founded. “Lately, weve been picking up [data destruction] contracts in the corporate sector.”

      For many recyclers, data destruction has become another service that a recycler can turn around and sell to a client. “Its significantly different than our traditional business,” said Joe Harford, vice president of sales and marketing at Reclamere, based in Tyron, Penn., which also uses a custom DOD-spec software utility to wipe hard drives, while CD-ROMs and tapes are physically shredded. “We manage the equipment, we manage the data.”

      In return, the recyclers provide their own certifications that the data has been destroyed. In addition to HIPAA and the Gramm-Leach-Bliley Act, companies have been asking for liability protection on homeland security issues. But contracts and certifications are negotiated between the recycler and client on an individual basis, with little oversight.

      “I have to chuckle every time I see an ad for a DOD-approved facility,” Forbes said. “There is no such thing as a DOD approval certificate, no HIPAA cert. Even the EPA just puts out guidelines–youre in an EPA-approved facility; they have visited the facility, conducted an audit or tests, but theres no stamp of approval.”

      In certain cases, the certifications are enough. With PCs that come from military clients, however, a representative will typically physically monitor the disk drives as they move through the facility, Forbes said.

      /zimages/5/28571.gifYour old PC can come back to haunt you, Lisa Vaas warns. Click here for her column.

      The question is whether the sensitivity of certain data is worth overwriting with random files or physically shredding, or both. Phoenix-based NAID represents the companies involved in the destruction of data, the majority of which has traditionally been stored on paper and handled by document-shredding companies. But six to 10 companies have joined NAID as firms that handle the destruction of data stored on hard disks, according to Bob Johnson, NAIDs executive director.

      The problem is that two of the most secure methods–erasing data via an electromagnetic field or physically shredding the drive–are unappealing because a recycler can not turn around and resell the drive, Johnson said. The other method, “erasing” data by overwriting it many times, may in fact ignore damaged sectors on a drive. These sectors can contain fragmented or partial files that may contain recoverable information but may be ignored by the host OS.

      Next Page: NAID members try to reach an accord on which method is best.

      Seeking Accord


      NAID held a teleconference with its members Thursday to try to resolve differences between those who favor physically destructive methods and those who favor software wiping. No accord was reached, Johnson said, although the industry organization will try to reach a consensus through an exchange of position papers and rebuttals before Nov. 29, when the NAID board will make a final recommendation.

      “My sense is that were not going to say that there will be no role for software wiping,” Johnson said. Instead, perhaps each of the methods would be assigned a level of risk, he said.

      Overwriting a hard disk a single time either with other files or with random bits of data is not good enough, as latent magnetism can reveal some or all of the information contained in the file, according to software vendors.

      The 5220.22-M specification advocates writing every sector on the disk several times with nonrandom and pseudorandom data. Security expert Bruce Schneiers own algorithm writes the drive as many as seven times with the same pattern, using different values with each pass.

      That means software vendors must in effect self-certify. George Pecherle, a spokesman for Oradea, Romania-based EAST Technologies and its Eraser products, explained it this way:

      “Chapter 8 of the DOD 5220.22-M National Industrial Security Program Operating Manual (NISPOM) defines a method that is approved for sanitizing magnetic disks: Overwrite all addressable locations with a character, its complement, then another character and verify,” Pecherle wrote in an e-mail to eWEEK.com.

      “Thats exactly what the DOD-compatible methods from our products do—actually one of them does it three times, so it is three times more powerful that the actual standard, and this method is approved by the U.S. NSA.

      “Any wipe routine that implements the U.S. DOD specifications defined in the DOD 5220.22-M standard is called U.S. DOD-compliant. And because our Eraser products have such wipe methods, it means they are U.S. DOD-compliant.”

      /zimages/5/28571.gifOffice Depot and Hewlett-Packard teamed up to offer free PC recycling. Click here to read more.

      Redemtech Inc., based in Columbus, Ohio, charges $6.25 to $20 per base unit at its largest accounts, according to Bob Houghton, president and chief executive of the company. Like some of its competitors, Redemtech developed its own software utility to handle the DOD-spec overwrites.

      “Based on our audits of conventional data destruction, one out of four hard drives still has data on it,” Houghton said.

      Because data is overwritten bit by bit, software overwriting of data is more destructive than physical shredding, he said. Any drive that is nonfunctional, however, must be physically destroyed, Houghton said. Likewise, NAID believes that any drive with more than 10 defects on it also must be shredded, NAIDs Johnson said.

      While the debate on data destruction will rage on, recyclers also have begun complaining of a chilling effect the practice has had on the traditional practice of recycling, which can either include reducing a PC to scrap or refurbishing it and reselling it to Third World countries, low-income families and others in need.

      Recyclers complain that erasing the data completely off of a disk also erases with it the licenses to the software that was installed on the machine, meaning that there is no way to mine the discarded PC for software in the same way recyclers can strip out component parts and resell them for a profit.

      Leonard Duke, a customer relations manager at ComputerCorps, said the recycler can easily source low-cost sound cards and modems from Internet vendors, but that software is another story. The problem is that many people still have a need for an old Pentium II PC, but the hardware wont run the latest operating systems, such as Windows XP.

      “The licenses we had from Microsoft were mailed to us,” he said. “We were able to get beta licenses for a while with Windows 95, but you cant get those anymore. With [Windows] 98, we havent been able to get those for last four to six months. Its hard work trying to keep up. We feel that [Windows] 98 was one of the better OSes.”

      /zimages/5/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      /zimages/5/77042.gif

      Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

      Mark Hachman
      Mark Hachman

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.