Customer Data Protection & Destruction
Purpose for Article
When we find ourselves in the situation where a customer leaves us an item that contains their personal data, it is our responsibility and duty to find a way to secure that personal data or securely destroy that data. This includes failing hard drives, customer purchases, and e-recycling. These are the established methods here at Computers Plus Repair to handle these situations.
Hard Disk Drives (Not SSDs)
Platters are the round disks in hard disk drives that spin at speeds typically from 5400 RPM to 7200 RPM. They are either metal or coated in metal so that they can store your data magnetically. Desktop hard drives — typically 3.5″ drives — have platters made of solid metal. To prevent them from being read by any but the most serious data thief, even the slightest bend in the platter would cause almost instantaneous destruction when the hard drive is powered on and tries to spend at such high speeds mentioned above. Compare it to when you get a very small “bump” in your car’s tire. At highway speeds, it can make your car feel like it’s going to fly apart! Significantly bending the platters removes all hope of recovering data from that drive.
The platters in laptop hard drives — typically 2.5″ drives — are made of metal-coated glass. It’s lighter so that less electricity is needed to keep those platters spinning at high speeds. Because they’re mostly glass, it is far easier to destroy laptop hard drive platters. In fact, throwing them against a hard surface just might be enough to effectively destroy the platters. Or try a hammer. In essence, if you hear pieces rattling around inside after such a run-in with physics, that drive has been destroyed successfully.
These are drives that cannot be accessed — in part or in whole — through a computer interface for secure wiping.
For these drives, we crush them with our in-shop press or otherwise physically destroy the platters inside the drive, such as by drilling holes into the drive and through the platters.
Functional & Useful Drives
These are drives that are accessible through a computer interface, are in good health, and are of large enough capacity for reuse.
For these drives, we use a utility to securely erase the contents of the drive. The Linux utility Disks has an option to tap into a drive’s ability to securely erase the disk more quickly and more thoroughly than OS-based measures. The ATA Enhanced Secure Erase method accesses a function that is built into the hard drive itself. Because of the fact that the manufacturer must choose to include it, this option may not be available. These are the steps we follow to utilize this method.
- Using the Disks utility, once the drive is attached and selected,
- Click the “hamburger” menu icon at the top of the window.
- Choose “Format Disk…”
- For “Erase,” choose the “ATA Enhanced Secure Erase” option. This method takes a lot less time than the zeroing option.
- It doesn’t matter what partitioning scheme is chosen.
- Click “Format…”
- Allow this to complete.
Functional Yet Useless Drives
For those drives that are functioning and accessible but are too small or old for relevance, we will use one of the two methods above before depositing in the containers for e-waste.
The Question of Multiple Passes
The nature of hard disk drive technology is one based on magnetism. Magnetic fields aren’t perfectly precise. You can shape them and “aim” them, but they’ll let you down. Neighboring areas on hard drives can be affected by the same magnetic field that’s currently being used to write a 1 or a 0 to a bit. This “residual” effect can lead to data recovery even after the original data has been changed — but it’s still far from easy. Success relies on the data surrounding that bit to still be intact, as well. A single pass of random data would more than likely thwart any common data pilferer.
If you’re trying to avoid three-letter government agencies, however, multiple passes may be necessary. This would actually be more secure than crushing or drilling since those same agencies are becoming more and more adept at piecing back together your broken or bent platters.
How many passes is best? Let me put it this way: almost all of those same three-letter agencies you may be worried about use only three passes. And they’re dealing with state secrets. However, according to NIST and other experts, a single pass of overwriting the data on a drive is enough.
Of course, there are more extreme measures of platter destruction such as degaussing, hard drive shredders, melting, etc. However, for our regular customers, that’s certainly overkill. If the ATA Enhanced Secure Erase is available, we will perform that method. If that’s not available, wiping with all zeros or with random data over a single pass will be more than enough in our customers’ cases.
Crushing vs. Wiping
When there are a significant number of hard drives with data to be destroyed, the time in doing so needs to be considered. To crush a drive, you have to stand at the press the entire time and risk flying parts and pieces hitting you. (Even with the proper personal protective equipment in place, it’s best to avoid them!) The most you can do effectively at any one time is two drives. With our manual press, that’s a lot of time and a lot of elbow grease!
With wiping, we can wipe as many drives at the same time as we have freed drive connectors attached to our computers around the shop. We plug them in, start the wipe in the Disks utility, and let it go. It can take us under a minute to get three or four disks wiping concurrently. Then we go do whatever else, leaving the computer to do its work, and check back in on it at some point later.
Let’s say that one of our techs can wipe three drives per workstation. Wiping using the ATA Enhanced Secure Erase option usually takes 2 ½ to 3 hours. With two computers, that’s six drives wiped at the same time. With three computers, that’s nine drives. With four, that’s 12. We have at least this many workstations available. And setting that up across four computers would take that tech maybe five minutes. Crushing the drives in the press would take longer than five minutes to do only two drives. And there are no messy hard drive pieces to clean up afterward!
Solid State Drives (SSDs)
The obvious difference between hard drives and SSDs is that one moves and the other doesn’t — hence the name solid state drives. SSDs use a type of non-volatile RAM that has only so many “writes” per chemical cell. The chemical membrane in this cell will wear out — unlike the magnetism in a hard drive.
Because of the finite writes available on SSDs, manufacturers have implemented wear-leveling. The computer the SSD is plugged into may be told it’s writing to such-and-such sector, but the SSD’s internal logic is constantly moving sectors across the NVRAM (non-volatile random access memory) as they are written. This way, no one part of the SSD is worn out before another. And this is the main difficulty to overcome in truly and securely erasing an SSD.
To complicate matters, there’s more space available to the SSD than is available to the external device. This additional space is dedicated to assisting in wear-leveling, the accumulation of bad sectors, and other reasons. So, even if a utility like DBAN is used to write zeros to all the available space of the drive, there’s still a lot of personal data left in the drive.
Therefore, you cannot use any external or OS-level mechanism to securely erase an SSD. [Reference: Securely Erasing SSDs]
ATA Secure Erase
Just like with hard drives, SSDs can have a built-in, hardware level mechanism for securely erasing all data on the drive. Refer to the following from Kanguru:
When the Secure Erase command is issued by an SSD that properly supports it, the SSD’s built-in controller resets all its storage cells as empty (releasing stored electrons) including the protected storage service regions, restoring the SSD to the factory default configuration.
Enhanced Secure Erase
Enhanced Secure Erase is device-specific, and how it is actually carried out can vary from drive to drive. In some cases, the Enhanced Secure Erase will overwrite all sectors with a predefined pattern of ones and zeroes. In other cases, the drive has an internal encryption key which is simply destroyed and regenerated.
Access to this feature is usually found in the SSD manufacturer’s software. It can also be found in utilities like Parted Magic. MakeUseOf has a good article relating to this utility and how to actually use it: How to Securely Erase Your SSD Without Destroying It.
Computers Plus Repair currently has no solid opinion on what is effective — outside of shredding the memory chips inside the SSD to fine powder or melting them — for physically, securely destroying SSDs and other NVRAM.