Computers Guard Their Secrets Well
GRAND RAPIDS — Of the many lessons to be learned from the sensational case study of fiscal fraud that was Barton Watson’s CyberNET Group, the one most applicable to local businesses will likely be overlooked in years to come. And just like the misplaced faith of Watson’s creditors, the final controversy came at the hands of veteran professionals with little knowledge of the workings of the technology field.
When the contents of CyberNET were auctioned off in March, the greatest attention was paid to the famous Watson wine collection.
If recent headlines surrounding companies like Bank of America and Citibank are any indication, the most important items may prove to be the dozens of laptops and personal computers sold on the auction block, along with the personal information of potentially thousands of former employees and clients.
As reported by WZZM TV13 news at the time, no one knew quite what happened and whether or not the computers were sold with software and private information intact.
Dan Yeomans of Management Services Realty, the original receiver, said, “It’s something the trustee should have addressed.”
Steve Rayman, the attorney for the bankruptcy trustee, told reporters to talk to the auctioneer.
Auctioneer Scott Miedema, vice president of Miedema Auctioneering Inc. and Michigan Bid Calling Champion, said “lawyers and accountants and the FBI went through it — and we sold it ‘as is.’”
For at least some of those computers, the buck stopped at a firm with no shortage of technological expertise. CPR Inc. was brought in by one of its clients to clean up some of the former CyberNET computers for its use.
“This was something missed when the asset got auctioned off,” said CPR Director of Technology Jeff Tatreau. “From what we saw, nothing had gotten wiped from any of the stuff that went out the doors down there.”
Customer and employee information were intact and accessible, including reports from the Equifax credit bureau and employee salary information.
“We’re not in the business of bashing a competitor, even one that is blasted apart,” Tatreau said. “But this is something that people don’t usually think about when they are throwing (a computer) away or giving it to employees.
“There is information on those that, even if you erase it, can come back if you don’t use the proper tools,” he said. “You need to have risk management look at what you’re doing with your (electronic) assets.”
There are other dangers involved besides privacy issues.
Licensed commercial software programs such as Microsoft OS often carry different licensing scenarios for corporate use than the OEM products found in retail stores. Each type of licensing has unique restrictions, and those need to be researched to verify the legality of reselling the software, Tatreau said.
Many times, the license is only valid with the original owner.
Also, there are intellectual property questions that have yet to be fully examined in a court of law. The PC’s new owner could lay a claim to ownership of an unpublished article or pre-patent technology found on the computer in his possession.
Tatreau said computer hard drives should be erased with a commercial software or hardware product that is to Department of Defense standards, which essentially rewrites a blank slate on top of the existing information.
“People think, ‘I can get $50 out of this thing,’ but for that $50 you’re putting your company at risk,” Tatreau said. “The small gain isn’t worth the liability. (Selling the computer) isn’t always cost effective. You’ll pay me $75 an hour to clean that up, and sell it for $100.”
He compared just erasing the hard drive to tearing out the index of a book. “With the right tools, I can rebuild the index, and now I’ve got all the data.”
“If you’ve ever been on a Web site where you’ve typed in a credit card number, that type of stuff can stay on the PC and might not even be somewhere that the average user can find it,” said Dave Perry, electronics recycling manager for Valley City Environmental Services. “But if that computer was to fall into the wrong hands …”
Every PC that leaves Valley City has had its hard drive reformatted and reconfigured, Perry said. While only done to DOD standards at client request, all software and data have been wiped clean.
“DOD standards assure there is no possibility whatsoever of the data being retrieved,” he said. “But it’s not really all that different from just reformatting.”
Valley City takes in both obsolete and damaged electronic equipment as well as models that can be sold on the secondary market. Equipment is tested for function, and then reformatted. Some clients do require DOD wipes, others take a step beyond, requiring physical destruction of the hard drive.
The equipment is then sold on the company’s Web site, through retailers or wholesale. Any remaining value is credited back to the customer.
PC and laptop standards apply to PDAs, as well, Tatreau said.
Digital media like back-up tapes, media cards, CD-ROMs and diskettes should be destroyed via a commercial shredder or other means to insure they cannot be read or reused. The resale value of these items does not justify the risk of corporate information being exposed, Tatreau said.