Neonlad t1_j6o3yv8 wrote
There is nothing new about this sort of thing. Anytime any hospital/government agency/ or company dealing with confidential information needs to decommission a device it is by procedure destroyed at a recycling plant as part of it’s lifespan in order to protect the data from being recovered and stolen.
Any time those devices are recirculated it is a breach of contract by the recycling company and puts the data at risk. This might sound like a waste, and it kind of is, but this is standard security practice and is the only way to be sure data is completely protected on an old device.
The only thing Apple is doing here is ensuring that these recycling companies can’t say they destroyed something and instead turn around and sell it, which is super common.
Source: I used to work at a grungy computer repair shop and we would be the ones buying these devices from the recycling companies, currently a Sr Sec Analyst so I’ve seen both sides of the coin.
Aperron t1_j6onpwi wrote
Sounds like a reason to require removable storage devices if total destruction of the storage media is the only acceptable means of security, or lose any sustainability accreditation as a manufacturer.
Enterprises requiring this as a condition of their device disposal policy should also lose any sustainability awards or accreditations as well because they aren’t really recycling anything, recovering a few grams of precious metal and some plastic that isn’t even usable to produce anything of quality is only very marginally better than throwing everything in a landfill.
Neonlad t1_j6oqn90 wrote
There is also the consideration of things stored in flash memory and processor and motherboard caches which while requiring pretty complex know how to get anything out of are still possible. It’s not just the hard drive.
These devices in theory are being recycled and I would say it’s easier to recycle Apple devices as they are made of mostly recycled materials already and most of that is aluminum which is very easy to recycle. Until you can find a way to ensure there is no way to discover data off an old device there is no other way than destruction.
The companies you are speaking of are mostly like I stated: government institutions working to protect state secrets, hospitals looking to protect patient records, financial institutions like your bank or insurance company protecting your financial info. A lot of this is done to protect people like you from getting their data stolen, it’s not just to protect themselves. Additionally many of the institutions I mentioned are bound to security standards set forth by government institutions as a minimum to prevent leaks so it’s not necessarily up to them, it’s just good practice in general although not every company employs device destruction and it’s not for every class of device.
Viewing a single comment thread. View all comments