When ‘Delete' Is Not Enough

Oct. 27, 2008
Data Destruction in the Digital World

When researchers at the University of Glamorgan in Wales, Edith Cowan University in Australia and British Telecommunications (BT) bought and scanned more than 300 used hard drives at computer fairs, auctions and over the Internet, they found payroll information, invoices, employee names and photos, IP addresses, mobile telephone numbers and even financial data such as bank account and credit card numbers.

Of the disks purchased, 49 percent contained personal information and 47 percent had corporate data. Although most of the drives appeared to have had their data superficially removed, data recovery utilities, including widely available freeware, were capable of revealing files that had been deleted but were not sufficiently overwritten or destroyed.

This startling research indicates that, despite highly publicized examples, organizations and individuals continue to take a ‘laissez-faire' approach to data disposal and information security. In order to safeguard data and mitigate risk (i.e., identity theft, public embarrassment, lawsuits, fines and possibly even jail time), organizations need to put stringent policies in place and adopt state-of the art security technologies. Here are some best practices and safeguards that will help ensure sensitive data does not end up falling into the wrong hands.

Discarded But Not Destroyed

The average computer user has been lulled into a false sense of security by the Recycle Bin on their Windows desktops or the Trash Can on their Macs. Neither approach thoroughly eliminates data with a typical delete; the computer simply removes the index entry or pointer to the trashed data file, earmarking that region of the disk for eventual re-use. Partitioning a disk or formatting a drive also does not erase hard drive data properly.

The Linux operating system makes it a little more difficult to recover a deleted file, but data still remains stored in disk sectors even after it has been “deleted.” Even storage devices such as flash media or USB sticks, smart phones and iPods give the impression that data is deleted when it is not.

In yesterday's office, paper shredders sufficed for most data destruction tasks. Today, digital media has overtaken — though not replaced — paper documents, posing new challenges.

The U.S. Department of Defense (DoD) and NATO recommend overwriting data on computers three times to ensure that files are unrecoverable with a standard called DOD5220.22-M. This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value of (0x00), then its complement value of (0xff), and finally random values.

Many data delete programs offer the DoD standard, as well as other deletion standards, including the highly regarded Gutmann method, which is a time-consuming algorithm that writes a series of 35 patterns over a shredded region, including 27 random-order passes using specific data and eight passes with random data.

Data Delete Programs on the Market

BT Software ranks disk wipe methods according to grades. Grade 1 is assigned to Super Fast disk wipe with “low security,” and Grade 14 indicates “very high security” (with no mention of how long it might take), which combines DoD 5220.22-M with the Gutmann Method. BT rates the DoD standard as Grade 10; Its product, FILExtinguisher, covers off all 14 levels.

Other vendors include White Canyon, which offers a variety of programs for permanent erasure of computer files, including Wipedrive, Media Wiper (for external hard drives, diskettes, memory cards and USB drives) and Wipe Drive PRO, for IT professionals who need to erase hard drive data on an unlimited number of computers.

Finland 's Blancco offers two products: Data Cleaner cleans an entire hard disk with “100-percent secure erasure,” while File Shredder permanently erases selected information on hard drives and other digital media.

Webroot's Window Washer scrubs selected sections of a computer to remove unnecessary files, and cleans all aspects of browser activity including Internet history, cache and cookies. D.o.D.-lete by AMEGA Security Solutions, Smart Data Scrubber by Smart PC Solutions, cyberCide by CyberScrub and DataEraser by Ontrack all perform similar tasks for individual users.

Freeware Data Deletion

In the world of freeware, Darik's Boot and Nuke (or DBAN), is a popular, bootable open-source utility for the Windows operating system (OS), offering six ways to overwrite data, as well as remove viruses and spyware. The developer, Darik Horn, claims that a single overwrite should be adequate, but recommends a minimum of four overwrites to guard against future improvements in data recovery techniques. Similar freeware data deletion tools for Windows include UltraShredder, Eraser, Nikhil's Shredder, SuperShredder and DeleteOnClick.

Deleting Apples to the Core

In Mac OS X 10.3, Apple introduced the Secure Empty Trash feature, which overwrites data according to the U.S. DoD pattern. Permanent Eraser, available with OS X 10.4, or Tiger, offers even stronger security with the Gutmann method. Permanent Eraser is a free download and the source code is provided for educational purposes. DestroyerX is recommended for wiping an entire Mac drive, as well as peripherals such as external drives and devices, including iPods.

MP3 players such as iPods are not normally considered items that may contain confidential data, but because they are, in essence, digital storage devices, they are gaining in popularity. IT professionals would do well to remember this when evaluating possible sources for data breaches at their organization. In fact , eSchool News , a publication aimed at K-20 technology decision-makers, reports that Mountain View School in Meridian, Idaho, has banned iPods and other digital media players from testing rooms after discovering students were downloading formulas and crib notes, then disguising them as song lyrics.

Smart phones such as the Palm Treo, and Research in Motion's Blackberry, which often contain sensitive information, provide remote wipe capability. Users wanting to protect a lost or stolen device can send a “poison pill” command via GoodLink software from Good Technology on the Treo or from the service provider for Blackberry users.

Remote Data Delete

Remote data deletion technology enables IT professionals to remotely delete sensitive data on target computers that have fallen outside their jurisdiction. Absolute Software's Computrace Data Protection (CDP) solution, for example, allows customers to track fixed, remote and mobile computer assets and remotely wipe data if the computer is lost, stolen or nearing the end of its lifecycle. The product is centrally managed by the IT department and gives staff the visibility to see up to 100 percent of their connected computer assets.

Remote data delete software can be an effective tool for maintaining compliance with government regulations such as the California Security Breach Information Act (CA Senate Bill 1386), which requires that organizations doing business with the state of California notify all parties that may be affected by a loss or breach of personal data — such as data that was stored on lost or stolen computers. Computrace Data Protection creates an audit log verifying which files have been deleted, which can assist with regulatory compliance.

Destroy It — Literally

On the other end of the spectrum is the category of brute force: that is, physical destruction of drives or digital media. To ensure a hard drive is rendered forever unreadable, the disk's platters can be removed and scored or ground up into bits. eDR Solutions and SEM Systems are two companies providing such a service.

Fire, acid baths and sledgehammers also work equally well, but these require greater degrees of user participation. Shredding machines also exist to destroy floppies, CDs and DVDs, while other devices poke holes in media or scratch them up. While these approaches might seem somewhat extreme, they are nevertheless effective. One downside is that they prohibit the re-use of computers or devices to donation programs for the technologically disadvantaged.

Data Destruction Can Be Criminal

Nowadays, there are almost as many ways of destroying data as there are of creating and storing it. But before you fire up a data wipe program to delete those confidential files you want forever destroyed, consider the case of the ex-CEO of financial printing firm Bowne. He was sent to jail for possession of child pornography and for obstruction of justice, because he tried to eliminate the evidence, a violation of the Sarbanes-Oxley act.

Alerted to the fact that federal investigators were going to pay his company a visit, he used an aptly named software program, Evidence Eliminator, by Robin Hood Software, to delete two child-porn movies and 12,000 other files off his company-issued PC and laptop computers. Within days, he faced multiple charges. He eventually pled guilty to possession of child pornography and obstruction of justice, and in December 2006, was sentenced to 15 months in federal prison.

A less dramatic example of the caution necessary in data destruction is a section of the Sarbanes-Oxley Act, which requires accounting firms auditing public companies to retain relevant documents for seven years following an audit. Data delete tools can be effective in preventing identity theft and controversy, but they must be used properly and with due care. Having the right tools is only part of the solution; the right policies and procedures must also be in place, and they must be revisited on a regular basis to ensure they remain effective and applicable from department to department and across the organization.


John Livingston has served as Absolute Software's chairman and CEO since 1995, growing the company from its infancy to 135 employees in 2007. Absolute invented the computer tracking and loss control product category with the introduction of "Computrace" in 1994. Under Mr. Livingston's leadership, Absolute has evolved to offer a full range of business solutions encompassing physical, data and network security as well as IT asset management. Prior to taking the helm of Absolute, Mr. Livingston was a faculty member of the School of Business at the British Columbia Institute of Technology. He holds a Master's of Business Administration from the University of Calgary .