Secrecy services
Discarded computers can contain sensitive data, but security specialist CCL's software, available through CRN Online Services, keeps private information from prying eyes, writes Ken Young.
Visit the average charity shop, car boot sale or even rubbish dump and you will find it littered with sensitive personal and commercial data - not on paper, but on the hard disks of discarded computers.
Contrary to popular belief, when a file is 'deleted' - for example, by emptying the Windows Recycle Bin - the bits and bytes are not physically overwritten until that section of disk is reused.
Even then, forensic experts or dedicated hackers can often detect the magnetic residue of older data lying hidden beneath later files. Re-formatting disks does not remove data, either.
To combat this problem, communications and security specialist Computer Communications Ltd (CCL) has joined forces with CRN to offer software tools that permanently erase single files or entire disks by physically overwriting the data multiple times using specially designed data patterns. See crn.vnunet.com/CRN/ccl.jsp.
Domestic users are particularly vulnerable through lack of knowledge, according to CCL's managing director, Dennis Armstrong.
"Home users store a lot of personal and financial information on their PCs, then they dispose of them or give them away to schools or charities, and never even think about the data they're giving away, too. It's a horrendous risk," he said.
But businesses and public sector organisations also risk falling foul of the Data Protection Act for failing to safeguard personal data, not to mention looking right Charlies if their customers' data turns up in a junk shop or school classroom.
Armstrong cites some high-profile blunders, like the bank that discarded a PC containing personal data about Sir Paul McCartney.
CCL's Shred-It software can permanently delete any file, folder or directory (including cookies) by overwriting the disk space it occupied. The data pattern used for overwriting and the number of times it is applied are user-selectable.
Wipe-It, the second CCL product, does the same for an entire disk, hard or floppy. Partition information is also removed and the disk is left ready for reuse.
CCL is also offering an encryption tool, Hide-It, which encrypts a data file, password protects it and 'hides' it inside a 24bit bitmap picture.
The hiding process involves slightly altering the colour values of individual pixels, but so subtly that the difference is almost imperceptible. Therefore, no-one can tell that the file contains encrypted data. Armstrong believes this method is unique.
"I could send you a picture of myself with an encrypted file inside and you wouldn't even know it was there," he said.
"If someone knows a file is encrypted there is always the temptation to try to hack into it. But if they don't realise it is encrypted they'll leave it alone."
Hampshire-based CCL has been in business since 1973, initially developing communication and messaging software that is still used by many corporates, including JP Morgan, NTL and Transco.
The company has since diversified into internet filtering and security software (including the three '-It' products, bought ready-developed from another software house early in 2002 but supported by CCL), and new and reconditioned server hardware.
Armstrong hopes that the CRN tie-up will enable resellers to bring Shred-It, Wipe-It and Hide-It - hitherto only sold direct - to a wider market.
"We want to make people more aware of how much confidential data they are storing, how to look after it, and the need to ensure they erase the data before they dispose of their PC," he said.
CCL sells the three '-It' products online for £9.95 each. "I've tried to make them affordable to encourage people to use them," said Armstrong.
Reseller terms have yet to be finalised, but Armstrong expects margins to be in the region of 50 per cent for volume sales.