ComputerForensicsDigest.com

An IT manager at the National Archives and Records Administration alleges that his agency, which is charged with collecting and preserving the U.S. government's most important documents, may have accidentally exposed more than 70 million U.S. military veterans to the risk of identity theft.

In an interview with Ryan Singel in Wired, Hank Bellomy charges that NARA was irresponsible in its handling of failed hard drives containing confidential veteran information. In one recent instance, Bellomy said, a hard drive used as part of NARA's eVetRecs program failed, and NARA sent it out for repair without sanitizing the data on the drive.

When the government contractor, PC Mall Gov-GMRI, was unable to repair the drive, it shipped it out to another firm to be recycled. NARA told Wired that all of its contractors and subcontractors are required to sign privacy protection agreements; however, the agency has also changed its rules and will henceforth will destroy defective or outdated hard drives on-site.

An investigation into the incident is ongoing, but so far, NARA sees no need to warn veterans of possible identity theft stemming from the efforts to repair the hard drive. "NARA does not believe that a breach of PII (personally identifiable information) occurred," the agency told Singel, "and therefore does not believe that notification is necessary or appropriate at this time."

There have been repeated data losses by government agencies over the years. The most notorious was the 2005 loss of a laptop by the Veterans Administration that contained confidential records of more than 25 million veterans. The agency agreed to pay out $20 million in damages, largely in the form of subsidized credit monitoring for affected veterans.

Federal agencies have varying standards for how sensitive data should be destroyed from hard drives; the National Institute of Standards and Technology, in fact, issued a white paper specifically devoted to the topic in 2006. But one company is now offering a data destruction option that is more reminiscent of the movie "Fargo" than anything else. 

Recycling Today Magazine reports that Allegheny Shredders has introduced a new type of shredder specifically designed for hard drives and other types of electronic media. The 7.5 horsepower motor is designed to chew through as many as 25 hard drives per minute. The manufacturer promises "virtually no noise or vibration," and says that the shredder is designed to handle "computer hard drives, optical media, and electronic devices such as cell phones, handheld devices, etc."

Allegheny officials are disturbingly upbeat about their ability to reduce electronic media to "unusable and unidentifiable pieces."

"After 40 years of manufacturing destruction equipment," John Wagner, president of Allegheny Shredders, said, "we’re eager to offer the Allegheny Hard Drive Shredder to solve the problem of security risk posed by growing amounts of discarded sensitive electronic waste."

Just another trend for computer forensic specialists to watch, you betcha.