[Hidden-tech] Re: Recycling dead computers?

[Chris Woods]

A few more points to consider with regards to computer recycling and
data security.

There are many ways your data may be at risk. Phishing and social
engineering attacks are probably the most common. Intrusion by an
unauthorized user tends to get the most attention (TJX, Hannaford's,
Harvard, etc) but are fairly difficult and thus less common but not
insignificant. Theft of the hardware is fairly common, particularly
laptops. Scavenging trash bins or recycling containers is common and
requires no technical expertise. Somewhere in the middle of this pack
is scanning discarded or re-sold hard disks in terms of complexity and
risk.

In general, something like Mac OS X secure erase will protect your
data from disclosure but you need to be certain it worked properly. In
my personal experience I've encountered one instance where I could not
completely wipe the drive with it. Using a hammer and nail to destroy
the disk ensures that data cannot be recovered. It has the benefit of
being simple, cheap, and readily available to most people. For this
reason, I advocate it.

There are many charities that collect and refurbish used computing
equipment. Obviously these charities would prefer you not to
physically destroy your hard disk. I certainly do not discourage
anyone from donating to these charities although I do encourage
individuals concerned about security (more about why you should be
concerned below) to swap the used disk for a new one. Hard disks can
be had for as little as $50 which is cheap for the security and peace
of mind it provides and no more expensive than many 'security'
software packages that provide far less security. For an installed OS,
I cheerfully recommend Linux as a free alternative to the Windows and
Mac OS's.

It's one thing to take a calculated risk with your own information,
for businesses, the are laws that govern how they can dispose of
computer equipment that contained personal data. Failing to properly
dispose of that equipment can result in substantial penalties, loss of
reputation, and legal action. I certainly encourage business owners to
donate their used equipment as well. Businesses, particularly larger
ones that have IT departments, might very well be able to securely
erase their drives prior to donation. Some smaller business may not
have a skilled IT staff and I would encourage them to swap the used
drive for a new one. Again the legal consideration is paramount.

Finally, data theft accounts for billions in lost resources each year.
Ensuring proper disposal and protection of personal data will lower
transaction costs, reduce lawsuits, and lower the cost of goods and
services. These are real resources that are lost through a combination
of criminal behavior, indifference, ignorance, and incompetence.
People have, and continue, to lose their homes, pensions, savings, and
businesses because of it. By working to prevent data theft those
resources might be redirected towards making the world a better place.

Meantime, let's not make it an either/or (charity/security). We can have both.