Donating machines, not my identity

[mks57]

DougC:

The notion that you can overwrite a drive 10 times, or 50 times or 1000 times and “the government can still figure out what was on there” is simply a paranoid fantasy. Seven random data writes makes it pretty darn tough, even for the NSA.

It’s not that simple. Modern drives include sparing mechanisms that automatically replace weak or defective sections of the disk with spare sections of the disk. The section can be a block or track, depending on the design. That means that as the drive is used, and ages, sections of the disk are taken out of service and replaced with spares. You can overwrite the disk 1000 times with random data and you will still have sections of the disk that may contain sensitive information. It may be difficult to access, but it is there.

I’ve read the NSA’s guidelines for the disposal of media used to store classified information. For modern high-coercivity media, physical destruction is the only acceptable method.

There are techniques available to a well-equipped lab that can recover data from “erased” disks. They may not be able to recover all, or even most, of the data, but recovering 5% can still yield useful information.

Techniques like writing a set of patterns to the disk are useful for sanitizing a computer that is being switched from processing classified information to processing unclassified information. Still, the disks must be removed and destroyed before the computer is allowed to leave government control.

[keno]

Thanks to all – sounds like I should take a saw to the drives and drop the pieces into different parts of the ocean.

Why is it so hard to do a nice thing?

[DougC]

…Why is it so hard to do a nice thing?..

• • • (sigh) It’s not. If you are concerned, wipe the drive with a 7X “random” nuke diskm throw a Linux GUI install on there (to easily demonstrate that the whole thing is working) and forget about it. There is a matter of keeping the perspective here: in practical terms, it’s extremely unlikely the computer would ever fall into the hands of anyone (in a “well-equipped lab”) who would ever bother trying to recover data from bad sectors, and that one of those bad sectors would happen to contain a still-good credit-card number, which is pretty much all identity thieves care about anymore anyway. If the Federal Reserve Bank or the CIA threw out a PC I can see people trying to sift the hard drive, but a 10+ yr old POS computer from Joe Schmoe just isn’t real likely to get the same attention. Your identity or credit-card info is far more likely to be stolen in other ways.
• One thing is certain–if you keep and destroy the hard drives, then you might as well not bother to donate the computers at all. The cost of putting new hard drives in them would price them out of reach of most poor people anyway, and the charity would probably end up tossing them in the trash.
  ~