I've been volunteering with a tech recycling organization and we get a lot of military / contractor gear. I'm sure nobody would ever skip important steps like destroying sensitive data or tech. Is there any way to check to see if items are safe for resale or if they should have been destroyed in the first place that doesn't start in me having a nice chat with the NSA in a secluded location?
Can't help you with checking stuff but yeah, a lot of stuff gets resold that, according to procedure, should be physically destroyed (crazy overkill usually, but hey it's only taxpayer money). That said if you resell something that was improperly disposed of, it's not legally your fault.
If you want to be sure any drives you sell are sanitized (which you should do, regardless of where they came from) use a wipe program to do 1 full overwrite of the disk (point it at the disk itself, not the files, and make sure the program covers bad sectors). This is for conventional hard drives only, not hybrids or SSDs.
psychic_mechanic wrote:
Is there any way to check to see if items are safe for resale or if they should have been destroyed in the first place ...
If your task is to recycle it, why would you resell it? That'a a concern.
But that's not your question. I would trust that the folks sending you material know what's being sent out. Some stuff is not "classified" per se, but relased on a need to know basis. Some won't make any sense unless you have additional information for relevance. If in doubt, shred it.
Dan
Yeah, I think that I would run a wipe disk ap on the things just to make sure nothing would blow back, even though I don't think it would be your responsibility. Unless the condition of your purchasing the materials was that you physically destroy them, in which case you would be screwed.
Look up the debacle regarding F14 sales, surplus parts, the US Navy and Iran.
The military is infamous for scrapping/surplusing parts and equipment they shouldn't, fully operational, and with classified material/information.
I once picked up a pair of old servers. When I fired one up I was a bit surprised to see it had come from the IRS and hasn't been wiped.
Duke
PowerDork
7/31/13 11:26 a.m.
In reply to petegossett:
So, am I getting audited?
The group is a non-profit that funds itself through scrapping and resale to pay it's own expenses. It's not just recycling for scrap or materials, a lot of the PC equipment gets repurposed into computers for the needy, etc. I know a thing or two about hard drives, those would be easy-peasy.
This isn't information, it's a physical piece of technology.
Duke wrote:
In reply to petegossett:
So, am I getting audited?
They were NT servers, and it's been over 3-years since I had them, so if you are it has absolutely noting to do with any data these housed.
I am an IT contractor for a Gov Agency and here is what we are supposed to do. I have to use an approved program to wipe the disks and provide a form that has what I used to wipe the disk, the sn off of the disk and my signature.
If something shows up on the media that HD can be tracked back to me and I would get into trouble, not you.
The three-letter agencies do use some special hardware that shouldn't get out for any reason.
If you run across any things that look like flash drives but apparently don't do anything when you plug them in, they're some kind of HSM and should be destroyed.
If you run across any mobos with TPMs, pop the module out and destroy them too.
You might want to find out what markings go on chips that come out of the NSA's silicon fabrication facility, they may have an onboard TPM system and should be destroyed.
If you get any computers that run without power or have biological components, send them back to Area 51, some of them have mutagenic anti-tampering defenses
You also might want to check any copiers. A lot of them save the last 100+ images for reprint.
I've got some copies of the DRMO paperwork on the way so I can see if it is all in order. As a last resort I could contact the PAO (public affairs officer) on the base and they should be able to put me in touch with someone who can give me a solid answer.