IT recycling: In most cases, it’s laudable. But look what happened when the McCain-Palin campaign, as part of the process of closing up shop in the wake of the presidential election, unloaded a bunch of Blackberries at a bargain price of $20 each to any takers.
A Blackberry at $20? Who wouldn't be a taker?
Under any set of circumstances this is a great deal, but what makes this great deal an exceptional one is the fact that these Blackberries, made available to anyone with $20, had not been wiped clean of their data. And a few of the buyers just happened to be reporters, ready to examine the contents of the Contacts file.
What sort of data might you find on a Blackberry or any other cellphone these days? Phone numbers of course, but the smarter smart phones may also have notes associated with those phone numbers; photographs; Internet histories, including URLs visited and Google searches; and a ton of info that we storage folk often categorize as "unstructured data.”
The smarter the phone, of course, the greater the potential danger if it goes astray.
Take my phone for instance, which is probably smarter than it needs to be.
First, it doubles as a PDA (which is tied in to my Outlook client, and therefore has access to my corporate email server). Second, thanks to the magic of the Windows Mobile operating system, it can run dumbed-down versions of the Microsoft Office suite, and so can read all sorts of data, should I choose to fill up the 4-gigabyte memory card that I’ve stuffed into the thing.
I happen to have a pretty innocuous set of data on my phone: pics of the kiddies, this week's taste in music (They Might Be Giants and Pink Floyd), and a few interesting ringtones. But with the applications I can run on this thing, I could just as easily have a list of key clients from the corporate database or the latest PowerPoint that lists every objective in next year's corporate strategy. All that, and potentially so much more, on a micro-SD card smaller than a fingernail.
What does all this have to do with IT, you ask? Just this: Most IT managers would never send a disk drive out to the trashcan or the asset recovery department unless it had been shredded -- or at the very least, wiped clean of data and then reformatted or defragmented. And they live in horror of laptops being lost or stolen. Many IT departments are taking steps to encrypt any data that has the potential to go astray.
Why then not apply the same level of oversight to cellphones or PDAs?
Even without memory cards in them, mobile phones can carry a lot of important information, data that goes pretty much unmonitored and unregulated by any corporation's IT management. And how many Blackberries go missing each year? I have no idea, but I’ll bet it’s more than six.
Cellphones have not historically fallen within the IT department’s set of responsibilities. As phones continue to get more intelligent, and consequently, as they continue to carry more data, this is a situation that may need to change.
Meanwhile, I suppose the message here for all of us may be that just because you can see Russia from your front porch does not mean you shouldn’t keep a close eye on things closer to hand.
— Mike Karp, is an IT consultant in the Boston area.
When it comes to discarded drives, my own prefered method is to use one of the several freeware shredder packages. File Shredder is free and quite good; it allows me to shred at levels acceptable to the department of defense's milspec DOD 5220-22.M spec.
This does nothing of course for any data on my cell phone. But at least I auto lock after the cellphone after a few hiours on non-use.
Here's an idea for a nice feature that the cellular industry could provide: a "zap on demand" capability to wipe clean all data on a phone that has gone astray.
I'll chime in only to say that a fair amount of companies and their I.T. departments that I have dealt with do NOT do HDD disposal properly. A large bank that I worked for FDISK'd their HDDs to "wipe" them...funny definition of "wipe." Other companies throw out old PC/Server systems with HDDs inside them! Do these recycling companies that take away antiquated techno-garbage recycle that item by actually taking it apart and repurpose/dispose of the metals and harmful materials inside? Does that old HDD get wiped/destroyed properly? Or does "ReCommercing" as Mr. Silversmith alluded to occur more than we know? Well, I.T. Asset Mgr: better find out and get it in writing if you care; hey, it's only your (their, ours, everyones) personal/business/financial information...no big whoop.
How many IT departments don't have a process in place to sanitize their equipment before they recycle it. I am reminded of a story about a German Police hard drive that was sold on E-Bay legitimately for 20 Euros. Based on this information perhaps one of the largest security risks to privacy is the fact that a lot of police departments do not have IT professionals that highly skilled. Some departments actually use officers who are no longer able to work a beat or be out on patrol.
As the year winds down, this posting does a great job linking several recent discussions on IT roles and recycling.
Mike notes that "Cellphones have not historically fallen within the IT department’s set of responsibilities" however that is changing as IT's role grows and grows as I noted in Everything is IT's business thants to the Internet.
How we dispose of used electronics also ties to this posting on how the Internet Offers New Life (& Cash) for Used Electronics. For the lay person, I would venture that a recyling servicelike Gazelle would do a better job of data cleansing than the person could do. However, I'm not sure that would meet corporate standards.
I think Mike's article and all the comments point out that while their are great tools for cleansing hard disks - few exist yet for smart phones that can contain lots of critical data. In a recent discussion on this board the user Modza suggested reading Cradle to Cradle (which I just started) which talks about how companies could/should design items for the future - where eventual disposal/re-use are factored into the original design.
Tens of thousands, if not hundreds of thousands of electronic devices will be tossed aside as new items are gifted this holiday season. If all these discussions have led to convincing even just a few folks to recycle, re-use or properly dispose of - that would be one of the nicest holiday gifts I get!
I do take your point and am counting on a new stream of "interesting" approaches to IT management and using technology from Beltway bandits of all political stripes in the next four years.
And while I'm logged on here, way harsh with "socialist pukes" freeware nerds comment, Don'tHate. C'mon, man... it is Christ-mas. We much prefer the terms "soul sucking vampires" or "creatively re-purposed scum." Happy Holidays!
Ask a question to yourself, Am I OK with an annonymous call to my dear ones , an harassing call ? Surely No. How could some one can get their contact? Now think for sometime.
Are you confident enough that after you sell your cell phones to some other person they are not going to go through the contacts, messages , etc from your cell phones. And as the usability and ease is growing day by day, we should be cautious enough about our PDAs, our data considering about the future impact it is going to make on our near and dear ones and our business as well.
You are right -- I should have emphasized that a low-levelformat is what is needed. But note that the defragging-formatting (again, low-level) 2-step I suggested does in fact make the data inaccessable to the casual cracker. If you are really concerned, of course, mil spec encryption of utgoing discarded-but-still-functioning disks is much faster and more convenient.
As for the hammer ... while judicious use of a hammer is both effective and generally therapeautic, it is often impractical for a number of reasons. Workers turning in IT-owned computers to their managers, for instance, would likely get a severe knuckle-wrapping if they tried this.
Disk wiping is not as complex as most companies or the government would like you to believe. It is really pretty simple when you understand how a hard drive works. I am not inferring that you don't, but many people do not understand the physics behind it all. We all know that when we write to a drive, we write 1's and 0's to the platters. It is well known and I will not argue that when you format a drive, as you said, all you are doing is removing the pointers.
Where the confusion starts is when we discuss proper erasure of a disk. If you just wrote zeroes or ones over a data sector, you are going to get zeroes or ones. You are going to read exactly what you wrote. However, you are only placing either a zero or one over what was already there. The last number you wrote to the drive is the obvious one, but there is still a trace of what you actually overwrote. To the drive, it is sufficient, but for an individual or entity that has specialized equipment, they could read the latent image that is under the new one or zero. Where it gets interesting is if you wrote to the drive with a specific pattern, (e.g. 1,0,1,0,1, etc.) the specialized tools would just discount or eliminate what you wrote to see what was underneath. Similar to peeling back wallpaper to see what is underneath. So it is obvious that writing with a defined pattern and only once may not be enough.
Understanding that, there are two things that are important in order to securely erase a drive. Running a program that writes to the drive with pseudorandom data multiple times. Most tools today have the ability to write to the drive with pseudorandom data and of course will write multiple times. Using pseudorandom data will not allow the specialized equipment to know whether to remove a one or a zero from the top layer and this becomes even more difficult after a few to several passes dependent on the sensitivity of the date contained on the hard drive.
Bottom line is that you do not have to destroy the hard drive with a hammer, though I am sure that WD, Seagate and Maxtor will not complain. You also do not have to over write it 26 times. The amount of electricity you will use to do that will probably cost more than the cost of buying a new one. You only have to do your due diligence and understand what you are trying to securely wipe. I would recommend that for an individual's personal data, 2 - 3 times is more than sufficient and for a corporation, between 3 and 5 depending on the classification of the data on the drive.
However, to really make things simple, you could just encrypt the entire drive before any data was ever placed on it. That way, nothing ever placed on it is ever unencrypted and therefore not capable of being extracted from the drive in an unencrypted form.
I'd disagree somewhat when it comes to MOST I.T. managers knowing about data erasure technology and proper procedures. I've seen many companies that do not do enough to erase data (on HDDs anyway, not sure about PDA's). It's more out of sight - out of mind.
RE: "When in doubt, perhaps the best method is to delete the files, defragment the disk, reformat the disk, defrag again, and then reformat again. In most cases this will do the trick."
Reformatting a hard drive does nothing to get rid of the data, all it does is recreate a file system. You could format (normal format) a HDD many times, and data would still be there. Even if you did LOW level formating (writing all "0's" or "1's" to the disk) you would have to do that process 20-25 times to kill MOST of the data. The BEST method for data erasure is H-2-HDD (Hammer to HDD...it's fun too). 2nd best is an acid or salt water bath (for about month under water). 3rd best is data kill tools (there are many out there, DBAN is pretty good and FREE for all you socialist pukes out there who like "free" this & free that stuff).
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
My most recent trauma (I restrict myself here to business-related issues) had to do with an article I recently wrote that was rejected by a regional business magazine. The topic was interesting: the future of the area’s data storage companies. What was the employment outlook? Will existing companies survive in these trying times?
Virtualization, which used to be a rather esoteric part of IT -- and one that once meant “not really there” -- is now a viable, tangible technology used in just about every medium-to-large data center across the globe. And where it once applied chiefly to memory (in the late 1970s), then to storage (from the mid-1980s, when RAID systems first appeared), it has achieved widespread use on servers since the early part of this decade. And it’s also spread to desktops.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
