Thought exercise: destroying a hard disk  

The subject of this page is a thought exercise on a practical way to destroy permanently the information contained on a hard disk. It presupposes that the hard disk is no longer needed, and will not be re-used. At present, I have no need to carry out this procedure in practice, and I have no foolproof way to certify that the information destroyed in this way is truly non-recoverable. However, there is a considerable amount of information publicly available that allows me to be reasonably sure of what I am stating herein. This page constitutes a summary of knowledge that I or others might find useful if circumstances call for it.

I will not enter a debate about whether there is a legitimate or ethical reason for a non-criminal, non-terrorist individual to permanently destroy information contained on a hard disk, other than by making the following statements, which I regard as self-evident.
- Governments and authorities are increasingly exercising a detailed monitoring of all actions and activities of individuals, including law-abiding citizens. Casting a society-wide drag-net in order to catch a few individuals is becoming more and more attractive, because computer resources can be used to store and analyze enormous amounts of collected information. History shows that information of this type, initially collected in a "just in case" scenario or with legitimate uses in mind, often will be used by totalitarian governments to curtail individual freedom. It also shows that a democratic government can become, or be replaced by, a totalitarian one. It may also be argued that many democratic governments show an increasing propensity to restrict individual freedom, invade individual privacy and ignore the ideals of freedom expressed in their constitutions, in order to achieve their goals. Commercial enterprises and criminals are also interested in exploiting information that individuals may wish to keep private. Access to any personal health, financial and political information should be tightly controlled. Therefore, a good rule-of-thumb for individuals is to withhold any and all information, unless they have specific reasons to do otherwise. Hence the need to prevent information stored on, for instance, discarded hard disks, from being recoverable.
- I regard the right to privacy (i.e., in this context, the right not to disclose the contents of my computers) as fundamental as the right to free expression (i.e., the right to store what I want on my computers). In other words, I decide who reads what I write. I regard it as my right also to take practical steps to enforce this right to privacy, instead of having to trust the authorities or other individuals not to interfere with it.
- It might be argued that my discussion of practical techniques to enforce the privacy of individuals could be used to carry out illegal or terrorist activities. The next step by authorities would be banning or discouraging the public distribution of this information. My opinion is that professional criminals and terrorists do not hesitate to use banned techniques to enforce secrecy about their activities. They are already committing atrocities and mass murder as a way of life and political expression. They would not think twice about violating yet another law. This situation is essentially similar to arm controls. While private persons are unlikely to possess weapons forbidden by the law, criminals and terrorists never suffer a shortage of them. In conclusion, a ban on information about techniques to enforce privacy would make it more difficult for normal people to protect their privacy, while leaving criminals and terrorists unaffected.

On another page, I discussed briefly how data can be recovered with relative ease from media that has been formatted and overwritten several times. Therefore, formatting and overwriting are not sufficient to permanently destroy data stored on a hard disk. This can be achieved only by physically destroying the hard disk. In this discussion, I do not deal with how to conceal that a hard disk was in one's possession, nor how to conceal the fact that a hard disk was destroyed. I am only concerned with destroying the information stored on the drive.

An exception to the need for physical destruction of the media is data that has been encrypted with strong cryptography. This data, in itself, cannot be accessed by people physically possessing the hard disk. However, whenever this data is decrypted for access in one's computer, there is a chance that part or all of it will become stored in non-encrypted form in temporary storage on the same or another hard disk or partition, where it might be recovered. The only system that safeguards from this is encryption of the whole hard disk (and all hard disks on the same machine), including the operating system. Luckily, more and more software products for doing this on a normal PC are available. This system also provides a strong first line of defence against unanticipated seizure or theft of computer equipment. Of course, it does not offer a complete protection against laws stating that a citizen does not have the right to keep encrypted information secret from the authorities (as is the case, for instance, in People's Republic of China, North Korea and the United Kingdom). Destruction of the hard disk, on the other hand, destroys the evidence that encrypted data did exist. While the destruction of a hard disk may be regarded as a suspicious activity, it is not a crime in itself (unless you have already been served an injunction to make the hard disk available to authorities -deniable encryption might come into play at this stage).

This and the following sections discuss how data is stored on a hard disk, and how it may be permanently destroyed. As a preface, I would like to discuss an example of the extent to which data can be recovered from a physically damaged hard disk. It is useful to remember that data on a hard disk is stored as magnetized areas on one or more aluminium platters covered with a thin film of ferromagnetic alloy. It may also be useful to remember that the US military mandates that a drive used to store classified information, after erasing by repeated overwriting, be physically destroyed in its entirety by (1) exposure to high temperature, and (2) grinding to dust. Ferromagnetic materials lose the ability to retain magnetic fields if exposed to a temperature higher than a material-specific threshold (called Curie temperature). However, residual magnetism may survive this procedure, and may be used to attempt a recovery of the information. A sufficiently high temperature also oxidises the materials and warps or melts the aluminium substrate.

Grinding the platters is equivalent to the shredding of a paper document. While grinding is in fact sufficient to effectively destroy the information (there are simply too many fragments to reassemble, and each fragment contains too little data to be significant), the military procedure is designed in stages, in order to make it exceedingly difficult to recover information by agents infiltrated in the units in charge of destroying the hard disks. Since the whole procedure is under tight control and the different phases are carried out by different persons in different environments, there is simply no useful chance for an infiltrator to recover the data between intermediate stages of the procedure, once the latter has begun.

During the Afghanistan war, large numbers of hard disks were confiscated by allied troops (many in fact were purchased from flea markets in Afghanistan). There were so many hard disks to examine, that the resources of the US army and secret services were overwhelmed. Many of the drives were sent to private companies contracted to do the job of recovering information. One of these drives made its way to a company in Sweden.

This particular drive had been shot through with a nail gun, then a hole had been drilled in the casing and the drive filled with epoxy. All data was recovered, except that which happened to be stored where the nail pierced the magnetic platters. Thus, you must use a more radical method. A sufficiently high temperature is difficult to achieve without a special oven, or an oxyacetylene torch. A propane torch or a microwave oven are entirely inadequate. Therefore, this step can be skipped. Grinding the hard disk to dust, on the other hand, is more feasible. The procedure can be further streamlined. It is of course not necessary to grind the casing, motors and head assemblies, because no information is stored in them. The drive can be disassembled in a few minutes, and all components except the platters discarded.

The platters need to be ground only on their surfaces, to remove the ferromagnetic coating. This can be done quickly with a grinding wheel, angle grinder or other power tool (if you can grind the platters entirely, however, you may do so). The hardness of the ferromagnetic coating exceeds by far that of steel, so you cannot use a steel file. Silicon carbide, on the other hand, is entirely adequate as an abrasive (most grinding wheels are made of silicon carbide, but some may be made of silica or corundum, which are less adequate). The powdered materials may be toxic, so you will have to take precautions to prevent their inhalation. You should also protect yourself from spark showers while grinding. The sparks may be hot enough to melt small pits into the surface of viewing glasses (including glass lenses), and/or weld themselves onto glass-frames made of metal. Use protective glasses designed for this purpose, and wear viewing glasses under them if necessary. Wear adequate clothing (sparks easily burn pin-sized holes in cotton, synthetic cloth and hair, and necklaces, strings, ribbons, long hair and loose clothing may be caught in rotating parts of power tools). Spark showers may also start fires if easily combustible materials (e.g., paper) are exposed to them. Use thick work gloves, and hold the platters tightly in a bench vise while grinding (the platters will become very hot).

The surface of the aluminium platters after grinding will be very coarse, and there will be sufficient viscous flow of the aluminium during grinding to make any residual magnetic fields in the platters impossible to use for reconstructing the original information. Just make sure that you are removing the ferromagnetic coating in its entirety, without leaving "islands" of it on the platters. Grinding also produces high temperatures, which deform the ground particles and in some cases might exceed the Curie temperature of the materials. You should not attempt to grind or file by hand except as a last resort, because the ferromagnetic coating is very hard and resistant to abrasion. The entire procedure should take less than half an hour. Reassembling the millions of ferromagnetic dust particles in order to recover the hard disk's contents, of course, is practically impossible.