Keep your personal data off the market
- 05 May, 2010 23:35
In 2003, author and security pioneer Simson Garfinkel conducted a study of data he found on second-hand hard drives. On eBay, Garfinkel bought the hard drive from an old ATM machine; it held 827 bank account PINs. Another drive he purchased on eBay had previously been owned by a medical center and contained information on 31,000 credit card numbers.
That was seven years ago, and the amount of data found on used or resold machines isn't on the downswing. A study published last year by Kessler International found that nearly half of the drives purchased from eBay contained personal data such as e-mail, photos, and confidential documents.
Data, Data, Everywhere
When Garfinkel did his study in 2003, desktop computers still ruled over notebooks; mobile phones were just phones; and gadgets like USB thumb drives, MP3 players, and digital cameras weren't as common as they are now.
To be sure, hard drives remain a serious data security concern today, but your data may also be in places you may not have considered. Case in point: I recently bought a used Chrysler Town & Country minivan decked out with an array of bells and whistles, including a fancy MyGig entertainment system with a 20GB hard drive for storing MP3s and photos. When I began to load the MyGig hard drive with my vast MP3 music library, I discovered that the drive already contained files that the previous owner had failed to remove.
They were just music files--not even music I like--so no compromise of sensitive information existed in this case. However, had the previous owner loaded the MyGig with personal family photos, it could have been another story.
The point is that data resides almost everywhere these days, and you must be vigilant about removing such data before you part with your PC, other gadget, or vehicle. Though excised data is almost always recoverable to some degree, you can take steps to ensure that the average individual buying your used equipment can't access your old files.
Wipe Your Data
At the moment, PC sales are up, thanks to a rebounding economy and Microsoft's Windows 7. An increase in sales also means an uptick in the disposal of old computers to make way for brand-new ones.
First, you should understand that neither deleting files nor reformatting your hard drive will suffice to eradicate data permanently. Both processes really just remove the information that the hard drive needs to find the data--sort of like smoothing out a dog-eared corner that someone has folded down on the page of a book.
To ensure that your data is removed beyond anyone's practical ability to recover it, you must remove or scramble the data itself, not just the marker that points to it. And that means you need to use a wiping or erasing utility. These tools overwrite every sector of the hard drive with binary ones and zeros, and those that meet government security standards overwrite each sector multiple times for added protection.
Tools like the US$30 CyberCide can completely and securely obliterate the data on your PC or hard drive before you dispose of it. Many such utilities are available, and they employ multiple methods for wiping data--including those that meet U.S. Department of Defense standards for secure data removal. (See more tips on erasing a hard drive.)
Fewer tools exist for other gadgets. Removable storage devices such as SD cards can be plugged into a computer and wiped by the same utilities that work for computers and hard drives.
Devices like the Apple iPhone and the iPod Touch have storage capacities of up to 64GB built in. Before passing on your iPhone, go into the device's Settings and choose General, Reset, Erase All Content and Settings to clear your data.
Members of the latest generation--the iPhone 3GS, and the 32GB and 64GB iPod Touch devices introduced in 2009--have built-in hardware encryption. Select Erase All Content and Settings on these devices to delete the encryption key and render the data useless.
Older iPhones and iPods simply overwrite the data with a series of ones and zeros. The process can take hours, depending on the capacity of the device, but it at least ensures that the next owner of the iPhone won't have access to any of your personal information.
Obliterate the Media
If all else fails, physically destroying the device will generally ensure that no one can access the data on it. Even physical destruction has to be done properly, however, to guarantee that the data cannot be recovered. An entire industry specializes in retrieving information from storage media that has been damaged in fires, floods, or other disasters.
Some firms ensure physical destruction by using a product like the Guardian Physical Drive Destroyer (see a video of this product).
You could just use a sledgehammer, of course, but unless you do a very thorough job, it may still be possible to recover data from the drive platters.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Government to crowdsource broadband speed, quality data
- Airtasker launches insurance for task-based work
- Tony Simonsen to depart Equinix for Avaya MD role
- NBN: Productivity Commission criticises lack of cost benefit analysis
- Fire & Rescue NSW moves to real-time data access with software implementation
Free Wi-Fi for Melbourne
Free Wi-Fi for Melbourne
NBN transit network hits terabit speeds in Toowoomba trial
Government releases 'MyBroadband' data (kind of)
Free Wi-Fi for Melbourne