I have a friend who once wanted to dispose of a laptop that contained sensitive documents. He soaked it in a bathtub overnight and, to be extra safe, took the train uptown and threw it out in what seemed like an obscure dumpster. Not long after his trip, he received an email from a student who had found the laptop. He had managed to restore its contents, the student wrote. Since there seemed to be some important documents there, he figured that my friend probably wanted the computer back. Where did he want to meet? Turned out that my friend had thrown out the laptop near a school for aspiring IT professionals.
This was an unlikely turn of events, to be sure, and you may scoff at the idea of soaking your hardware. But how many of us really know how to safely throw out our electronics? We have all at some point been faced with the task of throwing out a computer or smartphone and not known what to do with it. Even devices like printers, gaming consoles, monitors, and digital cameras can contain permanently stored information long after you think you have deleted it.
US-CERT recently released a helpful set of security tips to address this subject.
Physical destruction is actually the safest way to prevent others from restoring your information, though drowning does not make the US-CERT’s list of tips. The recommendations are instead that you “disintegrate, burn, melt, or pulverize” the device. The pieces of your destroyed laptop, US-CERT recommends, should be “at least 1/125 inches” or smaller to prevent reconstruction. Outsourcing the task to a facility that specializes in metal destruction might be easier than doing it yourself, though perhaps not as fun. Less dramatically, there are also specially designed, magnetic degaussers, solid-state drive destructors, and CD shredders.
Short of pulverizing the device, you can permanently delete data from it. This process is called “sanitizing.” Before sanitizing, you may want to back up your data to a flash or hard drive, or to the cloud.
Right-click + delete or dragging icons to the trash can does not quite do the trick. To really delete data from a computer, US-CERT advices that you run disk cleaning software. Usually there is a native program in the compute hard drive that allows you to overwrite it. From the bulletin:
- Secure erase: This is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive.
- Disk wiping: This is a utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.
For smartphones, tablets, gaming consoles, and cameras, performing a “hard reset” to return your device to factory settings is also effective. Every device has a reset procedure; search the internet for yours. Before you throw out the device, you’ll also want to remove any memory or SIM cards.
As an extra measure, you can perform an overwriting operation. US-CERT points out, “Cipher.exe is a built-in command-line tool in Microsoft Windows operating systems that can be used to encrypt or decrypt data on New Technology File System drives. This tool also securely deletes data by overwriting it.”
Finally, look up your local regulations to find how to dispose of the electronic device. As of 2015, you can throw them in the trash in New York. There are also many options for recycling and arranged pickups.