Extending the use of computing devices is critical if we are to create more sustainable consumption. We can divert waste from landfill and reduce the energy it takes to extract materials and build new devices, if we can lengthen the life of the devices we already have or find new ways to use its components.
I think most of us try to recycle our devices and are happy to pass along those that have outgrown our needs. But what if its reuse poses a risk to you? Hard drives can pose such a risk and, as such, often have their lives and usefulness cut short.
What do you do with your hard drive, which often houses all of your intellectual property and sensitive information, when you are done with it? How do you make sure your information isn’t found and used by someone else? Just deleting the information off of it doesn’t mean it’s gone, it is not too difficult to get the data back. (Something I am often thankful for when I delete a file by accident, but which opens up a huge risk when you really want to get rid of the information.) Even when your hard disk is corrupted or physically damaged, all is not lost. just do a quick search on hard disk recovery and you will find a whole host of sites and solutions that can help recover information.
It’s no wonder that organizations that can afford them have “disk drive chippers” that completely destroy a hard drive once it is no longer needed, so that no data can be recovered from it. Others go a more conventional route and use what a colleague of mine calls “Fred Flinstone” or “Young Dr. Frankenstein” techniques – you get the picture.
But wouldn’t it be more sustainable if we could extend the life of that device? What if there was a reliable way to permanently erase the data on it without having to shred the device? Just because the model is no longer of use to you, it is very likely it would suit the needs of someone else. We could divert that device from landfill for a little while longer. Then, because we have a way to erase the data, we could explore recycling and reusing the components to further reduce waste.
This is something that has been done with cell phones and copiers; they often receive an extended life in the hands of those who find an older model perfectly suitable. (I know I have donated my cell phone in the past; you can check outhttp://charityguide.org/volunteer/fifteen/cell-phone-recycling.htm to find organizations in your area who have needs.) But is this safe to do now?
In the past, phones were only used for voice calls – the data potentially exposed consisted of your phone book. Remove your SIM card and you could be fairly sure that future users would not find anything personal left on your phone. Today’s smart phones have the computing power of many desktops; they are being used to conduct our business and personal lives. Ever search the Web? Take a photo? Check your bank account? Pay a bill? Read your email? Download a file? Think of all the data that is potentially on your smart phone stored on the hard drive that now sits on that phone… how do you make sure that it is gone when you are done with the phone? Does this mean we are back to destroying the device? Again, it would be great to know that we can reliably erase the data, so the device can be used by someone else.
Same thing with photocopiers; over the past five to seven years, most copiers are networked to a variety of computing devices and each have a hard drive that records all the information that is copied, printed, faxed or scanned. Since most organizations don’t want to spend the capital to buy a copier they lease it from a provider (which also enables them to offloading the repairs and maintenance). When the lease is up, the copier provider will come, delete the data, and send it off to another customer. But we have already mentioned that simply deleting data doesn’t mean it is gone. So these copiers can provide a wealth of information to those who know to look for it. (Check out http://www.identitytheft.com/article/are_photocopiers_a_risk this site to get some tips on how to protect yourself when using a copier). Again, this doesn’t make it a sustainable solution.
So what can you do? As an organization, you
- Need to first put in place a proactive data leak prevention program; because only after you are sure you can identify all the potential risks, can you put the processes or technologies in place to mitigate them.
- Consider using a disk management program that adheres to any of the eradication standards used by many international governments and military (such as DoD 5220.22, Gutmann method, Schneier Standard, AFSSI 50220, NAVSO P5239-26, VSItR, AR 380-19, GOST P50739-95, Crypto-secure Random Data.
- Ensure you can securely delete data from hard drives, including “locked” or “in-use files.”
- This requires overcoming some operating system limitations that exist to ensure continual operation – which is what you want when you are using the system, but not so great when you want to get rid of the data.
- So, make sure you are able to delete all the different file systems from all the different operating systems you have on the device.
- You also want to make sure that you can eliminate “zombie-data” stored in the recycle bin or in the blank space of the hard drive.
- You can download software that enables you to erase hard drives, such as Active@KillDisk or LSoft Technologies. They write over the data, because deleting and reformatting the drive doesn’t actually delete it.
- Note, data that has been written over only one or two times can be recovered; however, it takes expensive equipment to do. So unless you are expecting a super sleuth or crime lab to want to read your data, you are probably safe.
- If in fact you are worried about professionals taking the time to get at your data (you probably have bigger problems than I can imagine!), experts recommend rewriting the data seven times to make sure it is unrecoverable.
- Make sure you pay attention to those files that are “locked” or “in-use” and “zombie data”- you don’t want to leave them on the drive.
- Something to think about is the ability to remotely initiate and manage an erasure, so that if your phone or computer is lost, you can delete the data as soon as it connects to the network.
- Some operating systems have a “kill pill” feature that allows you to remotely erase and lock it, make sure it’s enabled.
Once the hard drive no longer poses a risk, it can be reused. The goal is to promote a more sustainable way to use technology, so we can reduce our impact and drive change on a global scale.