Considering our collective thirst to upgrade to the latest shiny gadget, it's not surprising that consumer electronics generate a nasty amount of waste—some 3.4 million tons of e-waste year. We are device-gobbling monsters who grow strong on the gleaming newness of our machines. But tossing out "old" devices creates an overlooked hazard.
You might think that cracked iPhone 3GS is literal trash, but the private details of your life can be another man's treasure. If smartphones and computers aren't properly recycled, the information stashed in our trashed electronics can be enormously valuable for dumpster-diving data thieves in the habit of hawking personal info.
Sure enough, many electronics recycling programs aren't properly protecting digital detritus, dumping e-waste in startlingly irresponsible ways. Our discarded devices are often exported and siphoned into literal dumps, flooding Ghanian and Chinese landfills with unwiped hard drives. This provides desperate thieves with centralized collection areas to rifle through.
And they have, as Idaho Power Company found out the bad way in 2006, when sensitive corporate data wound up on eBay after an e-waste job gone wrong. The company participated in a hard drive recycling program but failed to scrub the drives before giving them to the salvage vendor. The salvage vendor also neglected to wipe the drives, resulting in hundreds of drives popping up on eBay still chock-full of confidential employee information and proprietary memos.
Then there are data thieves who straight up pose as e-waste companies. Last summer, the Reno police sent out a warning about a Craigslist posting claiming to offer free e-waste recycling that was suspected of siphoning data from people who fell for the scam. "This is a fraudulent post as the people do not have a City permit and will most likely take any computer, laptops or other electronic data collecting devices and extract personal information off of them," wrote police spokesman Tim Broadway.
Even when old electronics get picked up by someone who isn't a thief, they can expose private information. The face of dumb damning data abandonment is Fabrice Tourre, a former finance ingenuine and grad student who self-identified as "the fabulous Fab."
In 2006, a woman was given a laptop her friend found in the garbage in New York. She didn't think anything unusual was on the device, although emails from the previous owner—Tourre—kept coming in. Five years later, she saw Tourre's name on the news as he, then a trader at Goldman Sachs, fought the SEC over mortgage securities. She turned the laptop over to the New York Times, giving the newspaper a huge resource for an expansive, damning report on Tourre.
Whether Tourre had been stupid enough to simply throw his laptop in the garbage without a password and hope for the best is still unknown, but either way, it was fished out. The fabulous Fab eventually paid back $825,000 for defrauding investors, and, though probably for the best justice-wise, the information revealed hurt both Tourre and Goldman Sachs and could've been avoided had Tourre not assumed that the garbage was a black hole where secrets can live.
Data thieves or innocent owners of used devices can too often freely rifle through the private information on old electronics, since many people don't bother to delete everything off unwanted gadgets. But even if you go through the trouble of wiping your drives, it's not going to stop a savvy data leech from recovering the lost data. There are software programs designed to help thieves extract data even after people have deleted files.
So what to do? Get the hammer out. It's always smart to return devices to their factory settings, but it's even more prudent to completely dismantle your electronics before turning them over to e-waste programs. As identity theft expert Robert Siciliano told USA Today, older electronics—like those running Windows XP—often retain data even after attempts to wipe. Security experts advise people to physically smash up hard drives before recycling computers. It's the only fail-safe way to ensure data security.
But you've also got to recycle. New York City just passed a law that made throwing old electronics in the trash illegal, and other cities and states already have e-waste laws in place. As people look to avoid fines (and learn about why e-waste damages the environment) the recycling market is growing, and there are more ways to totally destroy items while still abiding by e-waste recycling laws. There are even things that exist in the world called Certificates of Destruction.
ShredIt, a document destruction company, is dedicated to turning hard drives FUBAR to make them theft-resistant. "We actually shred the hard drives and give them a certificate of destruction for each hard drive we destroy." But then the shredded drives are recycled according to the standards available. "Everything we do is certified, bonded, and insured," ShredIt spokesperson Carl Green told me.
Electronic Recyclers International is another e-waste team that recycles after destruction. It uses live video of the shredding process so people will know that their devices are thoroughly unusable. CEO John Shegerian is insistent that those steps are necessary for truly secure e-waste recycling:
"Transparency is key in e-waste recycling, especially when it comes to destroying data. A recycler's capabilities and certifications should be obvious. If there are no obvious indicators and accountability measures proving the destruction of data, that's a huge red flag. All legitimate recyclers will highlight these services."
There are two key certifications to look out for when you're recycling e-waste to help prevent data theft. The R2 and eStewards verifications mean the programs have been assessed as legitimate. In addition, there are guidelines laid out by the U.S. Department of Defense and the National Institute of Standards and Technology for proper data destruction that e-waste companies can follow to ensure they're covering their bases. The EPA provides a map of certified e-waste recyclers so you can avoid scammers.
"If your municipality has an e-waste recycling program, ask about its vendor and whether the recycler is certified," Shegerian said. "If you're participating in an OEM take back program, make sure its transparent about the downstream process of your retired device. If there isn't obvious information guaranteeing the security of your data, then that's a major concern."
Like pretty much everything in life, cutting corners and not bothering to check vendors out or take precautions is both way easier than putting in more effort and also the quickest way to turn e-waste recycling into a shitshow and bonanza for data thieves.
Illustration by Tara Jacoby