Loading articles...

Feds order monster hard-drive grinder to chew up sensitive data

The federal government has ordered a monster machine to chew up its discarded hard drives, USB thumb drives, CDs, and even ancient Beta videotapes.

Like a tree chipper, the grinder will rip apart a range of data-storage devices into pieces so tiny the sensitive information can never be recovered.

The Public Works Department is calling for “destruction equipment that performs disintegration, which is the physical demolition of electronic storage devices to particle sizes too small for data retrieval or reassembly,” says a recent tender document.

The proposed machine must chip up to about 200 kilograms of data-storage devices each hour, and the final pieces must be no larger than the width of a pencil.

The contraption is needed to rid Public Works of hard drives and other data-storage devices that cannot be reliably erased, whether because they are defective or because existing erasure software is ineffective.

Public Works is Ottawa’s main supply arm, and runs the government’s surplus service that acquires the discarded equipment of other departments for resale or disposal.

Until 2005, the RCMP’s technical security branch provided departments with free hard-drive overwrite software, known as DSX. But the Mounties stopped supporting the program six years ago because it often did not work properly on newer drives with larger storage capacities, leaving confidential information in place.

Some newer hard drives have software embedded in them that allow their entire contents to be securely erased on the proper command. But data storage in other formats such as memory sticks, and even in some new hard drives, sometimes cannot be reliably overwritten, creating headaches for security-conscious departments.

The Canada Revenue Agency, for example, was forced to stockpile at least 1,000 hard drives across the country two years ago because the sensitive taxpayer data on them could not be reliably wiped out.

Spokesman Noel Carisse said the stockpile has since been destroyed, after the agency purchased a device that crushes hard drives, drilling through the spindles and deforming the disk itself in about 10 seconds.

Carisse said the machine — which is different from a disintegrator or grinder — complies with standards set by the Communications Security Establishment, Canada’s electronic spy agency.

“Old flash drives are destroyed if they are no longer operational,” he added. “Other data-storage media are dealt with by a variety of means. For example … media such as CDs and/or DVDs … can simply be put through most commercial-grade shredders.”

Last fall, Canada’s privacy commissioner reported that at least three big departments — Health Canada, Correctional Service of Canada and Human Resources and Skills Development Canada — were sending their used cellphones and smart phones to Public Works for resale or disposal without first wiping them clean of data.

The RCMP and the Communications Security Establishment each issue guidelines and standards for data destruction across the federal government. For example, the Mounties require disintegrating machines to reduce storage media to pieces of “random size and shape,” to prevent reassembly like a complex jig-saw puzzle.

“Prior to destruction, security staff must remove all external labels, stickers, and other indicators denoting the present or former classification of the media contents,” says an RCMP bulletin.

“In all cases, departmental security staff must witness the destruction.”

Pubic Works, which wants the grinder up and running by June 1, says it must chop up hard drives, floppy disks, magnetic tapes such as VHS and Beta video cartridges, magnetic stripe cards, CDs, DVDs, USB thumb drives, other “flash” memory devices and miniature glass-disk drives.

Public Works currently sends its discarded hard drives to an outside contractor for destruction.

“By obtaining this machine, devices will be ‘destroyed’ … in a more cost-efficient manner,” said department spokesman Sebastien Bois.

“Also, it minimizes the need for devices to be transported off-premises, which also reduces the risks of unauthorized disclosure.”

The current tender was modified after an earlier version last fall attracted no compliant bids, Bois added. Industry feedback at the time showed there is no reliable method for destroying BlackBerrys and Personal Digital Assistants, so these devices were removed from the new tender.

Public Works currently stores its obsolete BlackBerrys under lock and key “until a decision can be made on how to safely dispose of BlackBerry devices,” Bois said.

Memory devices have become ubiquitous, especially with the arrival of memory sticks that can hold up to 256 gigabytes of data in a device smaller than a finger. And many photocopiers have their own hard-drives with sometimes sensitive information that can be readily accessed when they are re-sold or discarded.