01 April 2011
Love Letters, Passwords and Codes: Why “Deleted” Doesn’t Always Mean “Gone”

Here’s a scary thought: Editors from Consumer Reports magazine bought eight used hard drives on eBay to see whether they contained any personal data (the sellers all said they had wiped the drives clean). Without much effort, the editors were able to find all kinds of personal data — from financial information and salary histories to user names and passwords — even old love letters!

Even more dramatic were the findings of an MIT researcher who examined 129 used hard drives purchased from a variety of outlets. Only 12 had been completely cleared of data. The other drives contained thousands of documents with critical information (one had 3,722 credit card numbers on it).

Trashed or Just Recycled?

There are plenty of reasons for wanting to permanently delete data from a personal computer. Aside from the matter of personal privacy, you may want to donate a computer to a local charity. Or, maybe you plan to send a child to college this fall with the family laptop.

Shocking cases have also emerged of personal data being compromised when unsuspecting customers brought their computers in to be serviced. When a hard drive is replaced in a personal computer, the old drive is often sent back to the manufacturer to be “reconditioned” (i.e., reformatted and installed in another computer). Sometimes, these old drives wind up in a new computer — still loaded with personal data!

How to Permanently Delete Data

The problem is that most people don’t realize that deleting a file doesn’t permanently remove the data from a computer. File information is kept in a directory so the computer’s operating system can find it. When you delete a file, all you are doing is removing it from the directory and flagging that part of the drive as being available for new data. Until that region is overwritten, the old data can be retrieved. In fact, that’s how most file recovery programs work — they look for data on your hard drive that shouldn’t be there according to the directory, and they restore it.

In order to securely erase data from your hard drive, you must overwrite it with different data. Fortunately, there are a variety of software products that allow you to remove sensitive data by overwriting it several times in different selected patterns.  Eraser is a popular, free program, but you can easily find others by searching online for “disk eraser” or “file shredding software.”

While procedures may vary slightly between software products, you’ll need to follow these basic steps:

1. Back up any data that you wish to keep onto another hard drive or type of media.

2. Run the disk erasing software from a boot disk (the software can only overwrite files that are not in use).

3. Open the drive you want to erase and delete everything from the drive, including the operating system. Disk wiping software works by overwriting unused space, so a file must first be deleted before it can be overwritten.

4. Use the software on all sectors of your hard drive including the operating system. If the software does not automatically rewrite each disk sector multiple times, run it several times manually.

5. Re-install the operating system from the recovery disk if appropriate for the organization you are donating the computer to.

Break out the Grinder

If you are permanently disposing of a computer (e.g., taking it to a landfill or sending it off for recycling), you may want to physically destroy the hard drive. You can remove the drive and then drill several holes through it. Or, do what government agencies have done for years and grind the hard drive into powder (using a grinder with a sanding disk).

Good News for Mac Users

If you’re one of the growing number of Macintosh users, you can relax — Macs come with data wiping tools built into their systems. To securely delete a folder or file, all you need to do is move it to the trash can and from the Finder menu select ‘”Secure Empty Trash.”

Comments

Powered by Facebook Comments

This icon will be included whenever we link to a website that is not owned or operated by Nevada State Bank or Zions Bancorporation. These third-party websites are not affiliated with Nevada State Bank or Zions Bancorporation and may have a different privacy policy and level of security. Nevada State Bank and Zions Bancorporation are not responsible for, and do not endorse or guarantee, the privacy policy, security, accuracy or performance of the third-party’s website or the information, products or services that are expressed or offered on that website.