Hardware makers criticized for eco double standards Hardware makers are currently among the mix when it comes to the problem of environmental sustainability, in part by "penalizing" and competing with resellers that are trying to sell refurbished kit. "Vendors are claiming their commitments to circular economies and to reducing waste in the supply chain but all of you in the …
That's a nice idea, but in a civilization that creates almost everything to not be repairable (looking at you, Apple), it's going to be a bit difficult to achieve.
Yes, in a car you can replace almost everything, but cars cost a lot of money and people will very quickly get very mad if they're told that thay have to buy a new one because the left axle broke down.
Anything with a circuit board ? Forget it. If it breaks, you buy a new one. The industry doesn't encourage ripping it open, testing what's broken and replacing it. Apparently, it's not "customer-friendly".
So you're going to need a nice, big salmon to slap the CEOs of those companies who sell stuff that basically can't be repaired, and use that salmon until they get a clue.
It's worth looking at the cell-phone industry as an example of this, originally companies were selling decent inexpensive phones with replaceable batteries, but now they cost about 4x to 6x as much and are designed to be very hard just replace the battery.
So building devices that are not repairable is far more profitable - it makes the CEOs happy.
Modern corportate computers tend to have a secure SSD erase option in the BIOS - it's much more straightforward than in the days of spinning rust (and I did normally get those shredded) - especially as Bitlocker will have been used too, and resetting the TPM removes the keys so gives an extra layer of security.
at univ. of iowa, I worked at the surplus deparment for years, in the computer section.
we kept so much stuff out of the landfill -- working computers, monitors, keyboards and mice, printers, hard drives (a few were marked to shred due to the sensitivity of data they held, and drives that had sector errors during the 3 pass erase were "red tagged" and shredded since 1) there was that slim but non-zero chance that one of those sectors that didn't get zeroed out was weak and could be read back and 2) who wants to buy a used drive with bad sectors? but these drives had easy office lives, about 99% were bought for reuse), we even sold the dells with blown caps (optiplex gx270 had a very high rate of bad caps), resellers would get those for like $5 (or less if we they bought by the pallet), they'd buy a kit with new caps for like $10, recap them and you had a cheap and cheerful pc with proper caps installed and i'm sure a healthy profit margin.
we pulled the drives frim every system that came in, we had a setup with dban that'd run 4 drives a computer and 7 or 8 computers along with a tracking system so auditors could see drives were tracked from intake to erasure or shredding. Also a couple old servers so we could wipe scsi and sas drives with them still in the sleds.
Good idea, except where the drives are concerned. Unless there's a way to completely zero it out beyond recovery, I'll destroy rather than recycle. New tech comes along every day, and as soon as drive recycling becomes a thing someone will figure out how to recover that data no matter what was done to make it unretrievable
I only have personal experience with LUKS (short for Linux Unified Key Setup). Anyway, the encryption algorithm is secure, but the weak point is leaking the key. As for Bitlocker + TPM, I think there is always some danger if the computer is stolen, that the key can be extracted from the TPM hardware, however much it is claimed to be secure. It has happened with some versions of Apple's hardware secured keys - an Israeli company did it. Hardware security can never be theoretically secure. But for that matter, a key can never be perfectly theoretically secure either. So there is never perfect theoretical security even before disks are retired. Not physically shredding the disks adds some alpha of insecurity.
Yes it could happen: Zeroing the first N kilobytes destroys the encryption header, so even if the key(s) is/are available, they can't be used. But of course, the headers and keys could have copied and spirited out before the disk retirement - and an insider could arrange to sell the disks to nefarious criminals or spies who have access to those copies.
I took some old disks to the electronic recycler who put them on a giant electromagnet and flipped a switch - there was a loud buzzing noise of tera-fied bits dying simultaneously. But what if that was all fake and it was just a buzzer with no magnetism?
Bitlocker might matter now, but crims seem to be in front of the tech thievery curve. Look at what they're doing with drones and wifi intrusion tools. When Bigcorp drives on the market becomes a reliable commodity they'll figure a way to retrieve the data. After that they'll open CrimCycle, a drive refurbishing company, and buy the drives directly from the target corps by offering a penny per thousand more than anyone else.
Is MY data that valuable? I wouldn't think so but it must be, as Google and Facebook are almost trillion pound companies trading soley on data stolen from browsers. Getting hold of my private data, therefore, must be quite a bit more valuable. As we all know, things are developed for big markets then trickle down. Decryption will be developed for stealing Bigcorp data, then a year later small time crims will be using the same cracker programs to get into stolen privately owned laptops or into hard drives bought from refurbishers.
Decryption [algorithm] will be developed ...
If the decryption key is available, then yes, the data can be decrypted. Otherwise, almost certainly not - barring new flaws being found in the encryption algorithms for Bitlocker/LUKS/etc, which is most unlikely.
If, however, the keys and encryption headers were "grabbed" before the disks were sold (with encryption headers deleted) and then passed to the disk purchasers - then game over. I don't think you can call that "development of decryption algorithm".
The standard will need to convincingly show that data recovery is impossible, or it would take orders of magnitude more time and money to recover the data than its highest possible value to an adversary. For highly sensitive data, the gold standard is complete high temperature incineration. For more mundane sensitive data such as PII and payment data micro shredding is considered sufficient. Whatever standard is adopted would have to demonstrate that it is at least as good as micro shredding the drives. Nobody wants to be "that poor sod" who leaked data on a massive scale because they didn't dispose of it properly.
It's never impossible because an insider (or with backdoors, an intruder) could lift the keys and encryption headers before the disks are sold. Otherwise, it is impossible. But it is also possible the party trusted with burning or shredding pulls a fast one!
At 180 MB/s (average sequential speed of drives from 4-5 years back), writing 1 TB takes roughly 1.5 hours.
Now suppose you have to discard a 10 TB drive... That's why since a few years back most datacenter drives have been self-encrypting, and their secure erase functionality is implemented by simply resetting the encryption key, which is to all effect instant.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
