The volunteers of Computers Assisting people (CAP) have donated over 10,000 (yes, ten thousand!) PCs back to over 325 non-profit organizations and schools in the Cleveland area. While we always were very careful to protect our donor's data, recent concerns about identity theft have enhanced our proactive prevention of possible data recovery in PCs we donate.

Many times, potential donors, whether companies or individuals, are reluctant to donate their old PCs to CAP (or anywhere) because of the sensitive information on their systems.

CAP first ran into this issue many years ago when a bank was planning on melting down dozens of quality PCs because they could not take the risk that the information on the PCs could get into the wrong hands.

The volunteers at CAP devised a several step process to help assuage the (real) concerns that the bank and other potential donors had.

First, when CAP gets a donation, it is locked in our Resource Center and under our physical control the entire time.

Second, we teach volunteers who don't yet have some of the technical skills that our more seasoned volunteers have to wipe the systems. The first part of the wiping is a physical wiping of the case and any peripherals. Often a company will have a sticker or label with identifying information on it. These stickers, labels and other markings are removed so that the system can not be traced back to the donor.

We train volunteers to carefully examine not only the case but keyboards, printers, monitors and other devices for any identifying marks which are then removed.

This happens for all systems we receive, even some of the very old systems that will not be refurbished for donations. They are cleaned up before being cannibalized and turned into scrap.

Beyond identifying the donor, the main concern is, of course, the data on any hard drives in the system. Again, if we are not able to use the hard drive (some are too small or too damaged to be refurbished and re-used) we destroy the drives and make them unreadable. If we can access, the drive, we will fdisk and wipe them and then physically destroy them. This process consists of breaking off the connecting ports and power adapter and driving a few nails through the platters of the hard disk.

It would take some very heavy duty operations to recover the data from the drives after we get through with them.

We use a program called BCWipe from www.jetico.com to thoroughly wipe and over-write the surfaces of hard drives. As you know, it is trivial to undelete files and even Fdisk operations can be un-done. The most secure way to permanently remove data from a drive is to over-write the entire surface with a random series of 0's and 1's.

BCWipe (other utilities are available as well) lets us wipe every sector of the physical drive to the US Department of Defense 5200.25 STD standard or the Peter Gutmann wiping scheme. We use the DoD scheme because, frankly, it sounds very impressive to the potential donor. If it's good enough for the US Department of Defense...

You can use the default 7 passes of extended character rotation wiping or choose your own pass quantity. We usually stick with the DoD default.

BCWipe also lets us work on systems that have been returned to CAP for updates or re-installations of apps. (Often in say a shelter environment, the PC is used by many people with varying skills and the system is often messed up. BCWipe lets us wipe the free disk space, the swap file. Empty directory entries and even the slack space in files.

There are other utilities in the set as well. For example, it can take a long time to wipe the swap file so in a rush situation we can sue the CryptoSwap utility to transparently encrypt the swap file so bad guys can't get to it.

Once the drive is pristine, we only install legal, tested software on the system. As charter members of Microsoft Authorized Refurbishers (MARs) we have licenses to legally install Windows XP Pro and Windows 2000. We also like to include a few useful freeware utilities, games or apps depending on the ultimate recipient.

We usually populate the hard drives from a cloned image on a server. This is another way to keep it secure. We don't need to find and load a bunch of floppies or CDs which could have been corrupted. We just maintain a good clone image for different operating systems and situations and mirror that image to the new drive.

It seems to be reassuring to a donor to know about our multi-step process to protect their identity and data. On a few occasions we have demonstrated a before and after system to them and they were able to witness that the "after" PC could not be traced back to the donor in any way possible.

We know that this has led to more donations because the donors are confident in our desire to protect them.