Uncle Murphy always has his way. If the walls of inconvenience, cost, health issues and infrastructure were not enough, now we have another wrench in the recycling wheel – the data factor!
As the steam builds up on fresh requirements on data security through the new SHIELD (Stop Hacks and Improve Electronic Data Security) Act in cities like New York, recyclers like ERI are re-orienting themselves to the next big question. Is it safe and compliant-with-law to recycle electronics and destroy data?
Who could have thought that hardware destruction could also translate into a cybersecurity worry? But in a post-GDPR( General Data Protection Regulation) world, this should not be too much of a surprise.
What is tricky though is the timing. Just when we thought the world is waking up to its green responsibilities, data security issues hit a new snooze button.
A recent survey by 3 Step IT found 18 percent of organizations claiming to have a sustainable IT policy to take their obsolescent hardware to the dump, and 8 percent saying they have it destroyed.
Would these regulatory pressures or hacking threats make these numbers even thinner?
Skeletons in the Coffin
Hardware recycling does have security implications, tells Sanjay Katkar, CTO, Quickheal Technologies Limited. “It can be a personal device or an office use device. We do have old devices (an old PC, mobile phone, tablet or iPad or any computing device). When we plan to recycle it or dump it, in any case one should do a proper data-wipe of the device before it is discarded or recycled. There are software options available to do this data-wipe securely so that it cannot be recovered. We have to do this because your old device may have any or all of the crucial information still stored in the permanent memory of the device - and if it falls in the hands of a wrong person, it can be misused.”
Katkar cautions about data pieces that are not so trivial when they get wrapped around a hacker’s sly fingers. “Your personal photos, date of birth, your financial documents (credit card no, bank details, etc); your login credentials to social media websites - these can be in the form of cookies for auto login through browser and confidential office documents (agreements, deals, product designs etc.) – all of this is critical. So it is better to get the device wiped using specialised tools before putting the hardware for recycling.”
Security is an issue, avers a semiconductor and hardware industry expert. Jim Handy, analyst, Objective Analysis also observes the security implications of recycling with a serious gaze. “Storage devices are the ones to watch out for: SSDs (Solid State Drives) & HDDs (Hard Disk Drives). Also USB flash drives and SDcards. Even after power is removed these devices maintain copies of the data.”
He opines that careful corporations eradicate the data either by physically destroying these devices or by using the devices’ secure erase mechanisms. “To my knowledge, secure erase is only available on SSDs, HDDs, and NVDIMMs (Non-Volatile Dual In-Line Memory Module). Secure erase is pretty widely available on SSDs and HDDs. These are called ‘Self-Encrypted Drives’ or SEDs. The user must ask for encryption to be used, but once it’s in place then a password must be entered every time the system is booted. With a ‘Secure Erase’ command the password is reset, and the encrypted data is illegible to all, even the original user.”
CPR - CPR - CPR
Wiping and erasing are good answers but they are not complete answers yet.
With strong data privacy laws like GDPR, hardware recycling will surely raise security concerns with respect to the data it may still have on it, Katkar does not dismiss the anticipated effect.
So reuse and lifecycle-extensions dig in their toeholds as better answers to impulsive or ignorant recycling. More so when inaccessibility, open burning, careless methods, toxic fumes, backyard recycling etc. continue to haunt the recycling space.
“The HDD or SSD can still be used by someone else after a secure erase, but the original owner’s data can’t be read. This does make it environmentally attractive since the SSD/HDD can continue to be useful to its new owner without compromising the original owner’s security.” Handy urges to make a product continue on the usage curve.
Nonetheless, the recycling side of the industry will have to find more answers to these emerging concerns.
What a time to be worried about security? The overall revenues in the global waste recycling market could jump from $354.7 billion in 2018 to $376.9 billion in 2019, (the volumes generated can grow from 29,493.7 million tonnes to 30,190.0 million tonnes) as per an estimate from Frost & Sullivan's ‘Global Waste Recycling and Circular Economy Market Outlook, 2019’
- By Pratima Harigunani