One man's trash...


Issue: "PAS: The truth hurts," Feb. 8, 2003

Simson Garfinkel once forgot to clean out an old hard drive and his father discovered his diary. The mistake led him to try an experiment: buy dozens of used disks and check out their contents. His conclusion: Dumping an old hard drive can be like tossing aside a wallet with the ID still inside.

Mr. Garfinkel and a fellow MIT grad student, Abhi Shelat, trolled through eBay and visited computer shops looking for old hard drives. They paid from $5 to $30 each for 158 of them. Then they dug around for recoverable information.

The pair wrote in an engineering journal, IEEE Security & Privacy, that they found 128 working drives and 69 had recoverable files. Of these, 49 contained "significant personal information." They found corporate memos, love letters, and pornography. The scariest finds were 5,000 credit-card numbers, along with a year's worth of records from an Illinois ATM machine (complete with account numbers).

We see you’ve been enjoying the content on our exclusive member website. Ready to get unlimited access to all of WORLD’s member content?
Get your risk-free, 30-Day FREE Trial Membership right now.
(Don’t worry. It only takes a sec—and you don’t have to give us payment information right now.)

Get your risk-free, 30-Day FREE Trial Membership right now.

Techies debate whether users ever can permanently erase data. They agree, however, that destroying a drive (say, with a sledgehammer) destroys the data. The most accepted nondestructive method involves software like CyberScrub, DataGone, and WipeDrive, which overwrite old data with meaningless ones and zeros. Encrypting valuable documents also helps. Mr. Garfinkel and Mr. Shelet argue that software makers should make data destruction easier.


You must be a WORLD member to post comments.

    Keep Reading


    Job-seeker friendly

    Southern California churches reach the unemployed through job fairs