[SATLUG] OT: Prep for safe equipment disposal

Alan Lesmerises alesmerises at satx.rr.com
Tue Oct 27 23:41:48 CDT 2015


On 10/26/2015 10:24 PM, Don Wright wrote:
> Alan Lesmerises wrote:
>> I have more than a couple of computers, external hard drives, flash
>> drives, etc., and at least some of them will have some sensitive
>> information on them. ... to securely wipe all the data off of them
>>
>> What would be your suggestions for looking for a service like that?
> I think you're looking at this from the wrong end. Sensitive data should
> be properly encrypted so it is useless as it sits on the media until you
> personally unlock it each time it is needed. The more valuable something
> is -- either by its secrecy (proverbial formula for Coca-Cola) or by
> exploiting its knowledge (numbered Swiss bank account) -- the more
> layers of defense should be considered. You probably don't need an
> isolated system built of pre-1970 components in a Faraday-cage room, but
> it's sobering to know there are people whose job it is to exfiltrate
> data from just such a setting.
>
> Perhaps the keys to certain repositories could be trusted also to your
> lawyer (under attorney-client privilege) for items that may need to
> survive you, but it general I'd follow the adage: "Two may keep a secret
> if one of them is dead."
>
> Unfortunately, recent revelations about how badly the secure software &
> hardware industry worldwide has been polluted by the NSA and the like
> make this considerably easier said then done.  --Don

First, thanks for everyone's inputs so far.  I knew about the "DoD wipe" 
process -- I should have mentioned that.

As to Don's point above, I actually don't believe I am looking at this 
wrong.  I have passwords on files with really sensitive info (past tax 
returns, banking records, etc.).  What I'm talking about (and concerned 
with) is the large volume of "other" files that individually may not 
reveal anything vital, but collectively could be used by an identity 
thief (as an example) to do some damage, or some those that may be 
embarrassing or would otherwise be something I don't want distributed 
after I'm gone.

Several other members have suggested using one utility or another, and 
some of them might do what I want.  The problem is that when I say my 
wife is not computer literate, I was being _very_ generous -- I have had 
to show her multiple time how to include an attachment in an e-mail, 
from scratch, every time.  The chances of her learning how to a DoD wipe 
of hard drives and the like herself are not only zero, I think they're 
even negative!!!

The idea of physically destroying everything isn't feasible since (1) we 
could be talking about several dozen drives of all types here and there, 
(2) my wife would have no idea how to remove them where they're 
installed or even where to look for a hard drive (and she probably 
wouldn't even know what one looks like).

I have to assume that she would have no one to turn to for help in 
getting this done, that she would not be able to do it herself, and she 
would have to find and hire a person/business to do it for her.

What I was looking for (and still am) are some recommendations of 
_trustworthy_ businesses (or at least "types" of businesses, if there is 
such a category to describe them) that would do this kind of thing.  
Basically, I have to lay our some instructions of how to get this done 
and things for her to look for when trying to find a source to get that 
kind of service.  I know there are companies that do secure document 
destruction for commercial customers (we have a service like that at my 
job), so I was thinking maybe there might be a similar service offered 
for digital documents.

So if anyone has any suggestions for the situation as I described it, 
please let me know.  Thanks.

Al Lesmerises



More information about the SATLUG mailing list