I post this for those considering donating or selling an old PC.
Kelly
Hard to get rid of secrets on computer
Chicago Sun Times
January 16, 2003
BY JUSTIN POPE
CAMBRIDGE, Mass.--So, you think you cleaned all your personal files
from that old computer you got rid of?
Two MIT graduate students suggest you think again.
Over two years, Simson Garfinkel and Abhi Shelat bought 158 used
hard drives at secondhand computer stores and on eBay. Of the 129 drives
that functioned, 69 still had recoverable files on them and 49 contained
''significant personal information''--medical correspondence, love
letters, pornography and 5,000 credit card numbers. One even had a
year's transactions with account numbers from an Illinois ATM.
About 150,000 hard drives were ''retired'' last year, according to
the research firm Gartner Dataquest. Many end up in the trash, but many
also find their way back onto the market.
Over the years, stories have surfaced about personal information
turning up on used hard drives, raising fears about privacy.
Last spring, Pennsylvania sold used computers that contained
information about state employees. In 1997, a Nevada woman bought a used
computer and discovered it contained prescription records on 2,000
customers of an Arizona pharmacy.
Garfinkel and Shelat, who reported their findings in an article to
be published Friday in the journal IEEE Security & Privacy, said they
believe they are the first to take a more comprehensive look at the
problem.
On common operating systems such as Microsoft's Windows, simply
deleting a file, or even following that up by emptying the ''trash''
folder, does not necessarily make the information irretrievable. Those
commands generally delete a file's name from the directory. But the
information itself can live on until it is overwritten by new files.
Even reformatting a drive, or preparing the hard drive all over
again to store files, may not do it. Fifty-one of the 129 working drives
in the MIT study had been reformatted, and 19 of them still contained
recoverable data.
The hard-to-erase quality of hard drives is seen as a good thing by
some. Many users like believing that, in a pinch, an expert could
recover their deleted files. Police can examine a computer and lift
incriminating e-mails or porn images from the hard drive.
The only sure way to erase a hard drive is to ''squeeze'' it:
writing over the old information with new data--all zeros, for
instance--at least once, but preferably several times. A one-line
command will do that for Unix users, and for others, inexpensive
software from companies such as AccessData works well.
Garfinkel has learned his lesson. As an undergrad at MIT in the
1980s, he failed to sanitize his own hard drive before returning a
computer to his father. His father was able to read his personal
journal.
On the Web: www.hq.nasa.gov/office/oig/hq/identity.html
AP
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|