Millions of perfectly fine HDDs are shredded each year because of ‘zero risk’ security policies. Spoiler alert: There’s still a risk of stolen data from just a 3mm scrap
People are murdering innocent old hard drives. Millions of them, lost to the unfounded credence that churning them up actually protects data left on them from being recovered and stolen. Spoiler alert: It doesn’t. So why are 90% of all retired datacenter HDDs still being shredded every year?
According to BBC News, this is the question members of the Circular Drive Initiative (CDI) have been asking for some time. The CDI is essentially a collective of tech companies that have all come together to fight for the dying HDD, fuelled by a passion for reuse and keeping e-waste to a minimum, despite the general consensus that hard drives are predicted to be history after 2028.
Companies involved in the CDI include Seagate, Western Digital, and Micron, as well as the blockchain-centric Chia Network, for whom my new hard drive hero Jonmichael Hands works.
As secretary and treasurer of the CDI, he spoke to IT Asset Disposition (ITAD) firms about how his company might nab and reuse some old datacenter drives, so they don’t go to waste. Hands was waved off with an apology. “Sorry, we have to shred old drives.”
“One ITAD provider said they were shredding five million drives for a single customer”, says Hands. A travesty if you ask me. More importantly this rather extreme, so-called “zero-risk” solution for retired HDDs isn’t without fault.
As it turns out, there are more dangers lurking in those piles of mashed-up metal.
If you were to simply throw out your old hard drive, the left over data could still be recovered by someone with the knowhow. That’s why you’re still harbouring that stack of spinning-platter babies in your kit cupboard, isn’t it?
What you may not be aware of is that someone smart, a verified hooded hacker, could take a piece of that platter as small as 3mm and get some semblance of data from it. Not dangerous in small quantities, but with enough time and dedication they could put together enough of a picture to hold it to some kind of ransom, for sure.
So what’s ITAD’s excuse for mulching up all those hard drives?
When the IEEE Standards Association recently approved a long list of secure ways to wipe the leftover data permanently rather than mulching them into tiny scraps, there should be no excuse.
The safe method is called purging. There are a few ways to do it, but one simple way involves overwriting the data with new data patterns. It takes a while, but sounds like it would be relatively easy. A cryptographic erase would do the trick too, and it sounds much more mysterious. The latter is a faster method, and simply involves deleting the encryption key so the data is left incomprehensible even to the most advanced hacker.
“The days of the ‘take-make-waste’ linear economy need to be over,” says sustainability and transformation director at Seagate, Amy Zuckerman. Seagate is one of those companies that makes a point of extracting parts and recycling what can’t be used of old, broken (and therefore unpurgeable) hard drives.
Let’s hope the CDI can bring more companies on board, then. Because e-waste really is an untapped source of rare Earth materials.