Skip to Content
Uncategorized

All Your Data Belongs to Us

Data servicing is another problem for data privacy.

The April 5 issue of the blog the Consumerist has an interesting article about a significant data-privacy issue that has long been ignored. In the article, reader Chris wrote to the Consumerist about a problem she (or he?) was having with an Apple laptop. Apple wants to replace the hard drive, and Chris wants the hard drive back because the old, broken drive has confidential information on it. The problem is that Apple’s policy (and most other companies’) is not to return the dead hard drives of computers being serviced. So Chris needs to trust that Apple will properly destroy the drive, or at least its data, and Chris isn’t so sure.

Chris isn’t the first person to experience this problem, of course; it’s quite common. A few years ago, my company had a laptop that was filled with confidential information. The hard drive died. We called up Dell for a replacement, but Dell wouldn’t ship a new one unless we promised to send back the old one. And, obviously, with all the confidential information on the hard drive, we wouldn’t send it back, either broken or intentionally damaged. So we ended up buying a new hard drive, even though the drive was still under warranty.

What’s to be nervous about? Well, there are many documented cases in which a reputable service center nevertheless allowed the data from a customer’s machine to leak back into the datasphere. Last year there were reports in the media about a hard drive that had been taken to a major electronics store for warranty repair, and it ended up being sold (with most of its data intact) at a swap fest.

When I was working on my PhD thesis, I spoke with a system administrator for a major electronics firm. The firm had a RAID array with a bad power supply. It sent the RAID array back to the manufacturer and was shipped a replacement. A few months later the firm got a phone call from a university: “Hey, we got your data!” Apparently, the university had also sent back a RAID array for service, and it had been sent the first array, refurbished with a new power supply, but with the original data still intact.

Also while working on my PhD thesis, I found a firm in California that did service for major computer manufacturers. Originally, the firm had a policy of wiping the “broken” drives before selling them on the secondary market. I bought a bunch of drives from the firm via eBay and was pleased to discover that they had all been blanked. But a year later, I bought another drive from the firm and discovered that it was filled with the original customer’s data. A bit of Web searching revealed that the service firm had run into financial troubles between the first and second sales.

There is no good way to ensure that hard drives returned for service aren’t going to have their data leak out. Because of this, individuals and businesses returning their drives for service must take precautions to make sure they don’t have confidential data on them to start with. One way to do this is by using cryptographic file systems like Apple’s File Vault. These systems assure that all of the confidential data on the drive is encrypted: even if the service center gets your data, it won’t be able to make sense of it.

What’s the other alternative? To make hard drives so cheap and easy to replace that there is no incentive to fix them. Although it’s difficult to get the hard drive out of my MacBook, replacing the drive in that Dell was downright easy–it just slid out. And these days, you can get a really nice laptop drive for about $70–not much more than it costs to send a laptop twice across the country by next-day delivery. Make it easy to replace the drive and rebuild the operating system, and it’s going to be cheaper for companies like Apple to just sell warranty customers a new hard drive at a discount than to worry about getting back the old drive to verify that the “warranty repair” was really justified.

Deep Dive

Uncategorized

Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

lucid dreaming concept
lucid dreaming concept

I taught myself to lucid dream. You can too.

We still don’t know much about the experience of being aware that you’re dreaming—but a few researchers think it could help us find out more about how the brain works.

panpsychism concept
panpsychism concept

Is everything in the world a little bit conscious?

The idea that consciousness is widespread is attractive to many for intellectual and, perhaps, also emotional
reasons. But can it be tested? Surprisingly, perhaps it can.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.