Garfinkel and Shelat 2003 (†718)Garfinkel, Simson L. and Abhi Shelat. "Remembrance of Data Passed: A Study of Disk Sanitization Practices." IEEE Security and Privacy 1 (2003), p.17-27.
- media sanitization (p.19-20): Most techniques that people use to assure information privacy fail when data storage equipment is sold on the secondary market. For example, any protection that the computer’s operating system offers is lost when someone removes the hard drive from the computer and installs it in a second system that can read the on-disk formats, but doesn’t honor the access control lists. This vulnerability of confidential information left on information systems has been recognized since the 1960s. Legal protections that assure data confidentiality are similarly void. In California v. Greenwood, the US Supreme Court ruled that there is no right to privacy in discarded materials. Likewise, it is unlikely that an individual or corporation could claim that either has a privacy or trade secret interest in systems that they themselves have sold. Experience has shown that people routinely scavenge electronic components from the waste stream and reuse them without the original owner’s knowledge. Thus, to protect their privacy, individuals and organizations must remove confidential information from disk drives before they repurpose, retire, or dispose of them as intact units—that is, they must sanitize their drives. The most common techniques for properly sanitizing hard drives include [1)]Physically destroying the drive, rendering it unusable, [2)] Degaussing the drive to randomize the magnetic domains—most likely rendering the drive unusable in the process, [and 3)] Overwriting the drive’s data so that it cannot be recovered. Sanitizing is complicated by social norms. Clearly, the best way to assure that a drive’s information is protected is to physically destroy the drive. But many people feel moral indignation when IT equipment is discarded and destroyed rather than redirected toward schools, community organizations, religious groups, or lesser-developed nations where others might benefit from using the equipment—even if the equipment is a few years obsolete. (†1641)