Editorial

Editorial

One of the many responsibilities facilities managers have is the effective disposal of materials, ranging from luminaries to obsolete desking systems. Increasingly, disposal of materials is becoming a difficult proposition because of the scarcity of landfill sites around the world and the concerns about environmental pollution. But equipment in the information technology field presents another much less publicised problem: that of security.

A typical scenario is that of Dovebid, a company that auctioned more than 100 computers from the San Francisco office of the Viant consulting firm in August 2001. The hard drives contained confidential client information that Viant had failed to remove (see Lyman, 2001). Another example was a woman from Nevada who purchased a used IBM computer for $159 and discovered that it contained the prescription records of 2,000 patients who filled their prescription records at Smitty's Supermarket pharmacy in Tempe, Arizona. Information included Social Security numbers, a list of medicines purchased, and the identification of people with AIDS, alcoholism and depression.

Just how many computer hard drives are disposed of by companies every year? Dataquest estimate that organisations will retire seven disk drives for every ten that are shipped as new in the year 2002. Retiring these unwanted devices presents a problem and in many cases these hard drives end up being used by another organisation, since they are often entirely serviceable and compatible with modern computers.

When disposing of old computing devices, organisations will attempt to sanitise them to ensure that confidential information is no longer present. Sanitising can be achieved by physically destroying the hard disk; degaussing (scrambling) the drive to randomise the magnetic elements or overwriting the drive's data so that it cannot be recovered.

Unfortunately, most techniques that organisations use to assure information privacy fail when equipment is sold onto a secondary market. In particular, any protection that the computer operating system may have provided to protect access is lost when the hard drive device is attached to another device that can read the on-disc format. Furthermore, legal protection provides little sanctuary. In the US Supreme Court ruling of California v. Greenwood, US35 [1988], 16 May, it was established that there was no right to privacy in discarded materials.

Many people erroneously believe that the use of the delete or erase command in operating systems such as Windows actually deletes a file. In reality it simply rewrites the "pointer" (or metadata) to the file so that it is not visible through casual directory browsing. Many standard packages exist that can readily recover these "deleted" files. But the problem does not stop there. The use of the standard Windows format command that is assumed to entirely wipe a hard disk does nothing of the sort. The format command overwrites as little as 0.1 per cent of a disk's data.

Garfunkel and Shelat (2003) recently undertook a study involving 158 hard drives that were obtained on the secondary market between November 2000 and August 2002. They were purchased from computer stores specialising in used computers, small businesses selling lots of two to five drives and consolidators selling lots of up to 20 drives.

A large proportion of the disks were found to have files with sensitive information including medical histories, pornography, love letters and strategic corporate information. As many as 42 of the drives were found to have number sequences that resembled credit card numbers. One of the drives contained 2,868 credit card numbers in log format and appeared to have been used as part of an ATM machine in Illinois, USA.

The message here is that facilities managers and IT departments need to have an integrated approach to the disposal of information technology equipment. Not only do computers store data; printers store documents as print files and embedded systems used in buildings may retain valuable information. The process of sanitization (cleaning a computer drive) requires proper techniques and organisations must adopt policies that protect corporate data.

Edward Finch

ReferencesGarfunkel, S.L. and Shelat, A. (2003), "Remembrance of data passed: a study of disk sanitization practices", IEEE Security and Privacy, January/February, pp. 17-27.Lyman, J. (2001), "Troubled dot-coms may expose confidential client data", NewsFactor Network, 8 August, available at: www.newsfactor.com