Wiping a Hard Disk Clean: How to Completely Erase a Hard Disk Drive

If only it were as easy as deleting all your files and emptying the recycle bin, you could wipe a computer clean easily in a few minutes. Unfortunately, doing so just makes your personal and business data harder to access. But much of it is still there, stored "deep" inside the hard disk, just ready for someone who knows what they're about to gain access to stuff they don't have a right to see, compromising your privacy and promises of confidentiality. I worry about that kind of thing a lot. I've been going through computers lately like they're tubs of sour cream, tossing them in a box to be recycled after I exhaust their potential, but always uneasy about the idea. Identity theft and fraud are real computer crimes--a 2003 study by the Federal Trade Commission turned up the estimate that 27 million Americans were victims of identity theft in the five years prior, costing them an average of $500.

Now, only a fraction of these numbers are attributable to someone hacking into a computer. But though the chances of being a victim due to data left on your computer are slim, I've learned a person or business should not naively get rid of a computer without wiping the hard disk totally, utterly and completely clean. Learn here what I've learned--how to fully erase a computer hard disk drive and empty it of your private data so you can recycle, donate, sell, or give away the computer without worrying.

The data doesn't go away when you delete it. A file's data is stored in multiple places on a hard disk. The data is indexed so you can access it. Here's how I imagine it: I envision a book with words, phrases, sentences and paragraphs placed randomly on every page. The only way to read the book intelligibly is to look in the index and find each instance of a topic, and visit each page it's referenced, then put it all together.

When you delete a file, it gets a deleted status, but doesn't go away--it's more as if you've removed an index entry in the book in the example above. Well, when you save a file, this will overwrite some of the deleted file's data--in other words, replace some of the words on a particular "page." But that's only one sector of the data. Not all the sectors for a deleted file get overwritten. Some private data remains scattered but potentially accessible inside the "book" that is your hard drive.

If the claim made by some that you need to physically destroy your hard drive for the ultimate protection seems extreme--some recommend using a hammer--I've got my own way of looking at it. Though I would be too concerned about safety considerations to smash a hard disk myself, I'm interested in the physics of it.

The law of entropy (Second Law of Thermodynamics) asserts that in a closed system, the overall disorder of the system increases over the course of time. This means that it's easy to destroy something but much more difficult to restore order, and past a certain threshhold, the system can become so destroyed that it cannot be recaptured with the available energy left.

You'd expect from this law that overwriting files or deleting them is the same as destroying the information, making it unavailable to recover with available resources. Yet deleting the files on a computer doesn't destroy them--in other words, follow the prescribed path of entropy. It simply rearranges tiny bits of data. Thus, it's not difficult to recapture the data. Smashing a computer's hard disk is another thing altogether. Physically destroying a hard drive this way still may leave the data there, but accessing it with the available resources would be all but impossible.

The Federal Trade Commission recommends individuals and businesses take serious measures to protect their information. Much of this information is based on the current FTC and EPA recommendations at the time of this writing. To erase all the data on a hard drive, consider doing the following:

• Save the files you wish to keep, either on a CD, zip drive or some other backup drive.
  
• Employ a disk wipe utility program to overwrite your hard drive--specifically, software that wipes the hard disk once, and then overwrites it again several times for good measure, to reduce the potential for future access to your personal info.
• Protect your confidential information by using an encryption program to encrypt your hard disk. Once encryption software has been at work, the encrypted data can be cracked, but not easily.
• After a pass over your computer with the hard drive erasure software and disk wiping program, re-install Windows, Linux, MAC OS, or whatever your operating system is back onto the hard drive. You can then recycle, sell or donate the computer. Follow EPA regulations about recycling hazardous waste
• Or, to be truly sure, take the hard drive out of your computer. Either store the hard drive safely and dispose of the computer sans hard drive, or destroy the hard disk physically, such as with a hammer. There is debate on this issue, however. According to BBC News, Rupert Goodwins, technology news editor at ZDNet, says that due to safety considerations, he'd personally bypass the hammer approach for just using the software, and free software at that. Note: I have no idea if using a hammer or melting a hard drive or otherwise chemically destroying a hard disk is safe, and wouldn't advise you to try it.
• Some people advocate using an extremely powerful magnet to destroy a hard drive. Although this reputedly could work, magnets that powerful may be hard to get and unwieldly to use, and many who recommend magnets then go on to say you should use a hammer afterwards, just to be sure....
  
• Remember to erase the additional hard drives if your computer has more than one hard disk.

• Comply with all applicable laws about protecting others' private or sensitive data when disposing of your business computer. An example is the Safeguards Rule that applies to financial institutions. Recent legislation that could affect procedures for the destruction of a hard drive was introduced in Bill Number H.R.4127 regarding the Data Accountability and Trust Act.