Have any of you guys that provide/have used IT recycling facilities or deal with customer machines got a sample non-disclosure agreement, i.e. an agreement not to reveal customers data to a 3rd party/ agreement to destroy any commercially sensitive information, that I could have a copy of.

I really Really REALLY want to get hold of some 14" disk packs which have such info on (just commercial stuff, nothing military or suchlike). I think a signed NDA would help.

Many thanks in anticipation,
Nig

Wish I could help you out, Nige, but, the issue has never come up.

I suppose the clients (rightfully) assumes that I'm not going to tell anyone anything about what I might see on their computers and anything that comes in (not the ones for repair, of course, as they might get a little pissed) gets a military quality wipe as part of the triage anyway.

A piece of paper *might* impress them, but usually they either trust ya or not. Much easier to avoid any risk by taking hammer or drill to 'em unless they like ya..

Works the other way too; if you happen to find some child porn on a computer or disk and don't report it, you can go to jail (at least up here).

Perhaps the company you're dealing with has their own standard NDA form. Have you asked them?

--T

Works the other way too; if you happen to find some child porn on a computer or disk and don't report it, you can go to jail (at least up here).

Whaaaaaaa...? ThoughtPolice in Canadia?? Who'da thunk it??? AFAIK, we still aren't required to report a crime here (one of the few liberties daShrub has allowed WeThePeople to retain).

--T

Yeah, getting disturbingly like those police states we fought for "freedom" and "liberty," where you were required to turn in your neighbour...

I believe your ISPs are required to report down there; for the rest of us it's probably just a matter of time.

Not sure what the current status is in all the provinces, but here's a sample:

http://www.crin.org/resources/infoDetail.asp?ID=15687

2 years in jail or $50,000 fine for not reporting.

Something to remember for those of us who deal with other peoples' computers on a regular basis; tough choice if a friend or client brings you a system to remove a virus or whatever and you happen to run across something - send him to jail or risk going yourself...

Hi there,

Special request, can we keep this thread going & O/T.

Quite simply that the disks I'm talking about are the CDC 14" removeable 40MB hard disk packs, and they appear to be rather rare now. On site degaussing isn't an option, as the lower(?) surface is a servo. at a push I could risk wobbling a magnet/degausser around on the other 3 surfaces, but that involves opening the packs & risking dust.

Obviously if he trusts me, that'll do the job, but he has no reason to & a signed agreement gives legal clout too.

I could send you copies of some of mine, but I even consider them confidential.

My point was that a piece of paper isn't going to mean squat if you haven't impressed them with your trustworthiness. I'd suggest you ask the person responsible what, if anything, would persuade him/her to release them to you, or have they actually said that an NDA would be sufficient?

Why don't you sign up as Microsoft beta tester and copy that one...

Here's a General Non Disclosure Agreement that is simple enough to cut, paste, change and print.

http://www.vipsem.com/gmnda.html

Thanks Druid for a really useful link,

On a cursory look it seems that's the sort of thing I need. it certainly has relevant paragraphs. I thought perhaps an IT recycler's or repairers confidentiality agreement might be spot on.

Had a chat with the chap today, he's actually sorting out the disk packs for me, so I think we're perhaps half way there (I could feel the ends of my fingers tingling as he told me!). we will both be a bit tied up till january, so more news then.....

It's super-scary, maybe I'm not gung-ho enough to feel confident handling such rarities. I've pulled back from looking at my S100 stuff until I can arrange a PSU with variable current limiting on all lines after I burnt off an edge connector finger as a result of tantalum death. I'd be devastated by a head crash on those drives.

Now all you have to worry about is getting it past his high-powered legal team...

--T

I could furnish you with a few samples out of my legal files. The problem is that you're in a different jurisdiction (UK) than mine (US). I don't know what's within in the law in your sandbox and what in my agreements might lie out of bounds.

Besides, I am not a lawyer, nor do I play one on TV.

What might work is for you to engage the services of a firm with the required bonafides to at least observe the destruction of data in the name of "historic preservation". But saying that you'll do it without any supervision isn't going to work. Even when I've scrounged old systems from private parties, I remove hard drives from the units and leave them for the owner to destroy.

When asked the best way to wipe a disk drive, I suggest that throwing it into an industrial brush chipper would be my choice. Failing that, melting it down would also work. A third possibility is embedding the drive in concrete and dropping it into the ocean a few miles offshore.

When asked the best way to wipe a disk drive, I suggest that throwing it into an industrial brush chipper would be my choice. Failing that, melting it down would also work. A third possibility is embedding the drive in concrete and dropping it into the ocean a few miles offshore.

Writing a disk with random series of ones and zeroes _ONCE_ is good enough! That will wipe anything from anything. And if you prove me wrong, I'll gladly eat my hat!

I prefer the 'nail it to a tree and use it for target practice' cleaning method. You'd be surprised how effectively a .30/30 round can wipe a drive.

--T

I know you guys are joking, but:

the disks I'm talking about are the CDC 14" removeable 40MB hard disk packs, and they appear to be rather rare now.
so Nige would rather want to keep the disks in functional state. If the client wanted them to be permanently destroyed, Nige wouldn't need to bother with a carefully worded NDA.

That's about it Anders, & I'm definitely not going to suggest the US military way which as far as I know was to grind the platters to aluminium dust (why not just melt them down?)

Writing a disk with random series of ones and zeroes _ONCE_ is good enough! That will wipe anything from anything. And if you prove me wrong, I'll gladly eat my hat!

The spooks have been doing some very clever stuff in the last decade or so. I've seen a paper from ETH that said something to the effect that given sufficient computation and time and equipment, data you overwrote up to 7 times can be recovered. I imagine that old disks would be particularly easy to recover.

If you'll show me the hat and you eating it (with a smile on your face), I'll provide some cites.

I wasn't joking about tossing the disk into a chipper. :)

The spooks have been doing some very clever stuff in the last decade or so. I've seen a paper from ETH that said something to the effect that given sufficient computation and time and equipment, data you overwrote up to 7 times can be recovered. I imagine that old disks would be particularly easy to recover.

If you'll show me the hat and you eating it (with a smile on your face), I'll provide some cites.

I wasn't joking about tossing the disk into a chipper. :)

I call bullsh*t, but I won't hijack this thread. If you _really_ want to continue this discussion, we'll have to start a new thread.

I'm interested in hearing more, so go ahead and start another thread - I'll have a read. The only thing I have to contribute is this quote from Wikipedia:

Recovering overwritten data
When data has been physically overwritten on a hard disk it is generally assumed that the previous data is no longer possible to recover. In 1996, Peter Gutmann, a respected computer scientist, presented a paper that suggested overwritten data could be recovered through the use of Scanning transmission electron microscopy.[4] In 2001, he presented another paper on a similar topic.[5] Substantial criticism has followed, primarily dealing with the lack of any concrete examples of significant amounts of overwritten data being recovered.[6][7] To guard against this type of data recovery, he and Colin Plumb designed the Gutmann method, which is used by several disk scrubbing software packages.

Although Gutmann's theory may not be wrong, there's no practical evidence that overwritten data can be recovered. Moreover, there are good reasons to think that it cannot.[8]

Most of the critiques that I've seen about Guttman's paper focus on "modern drives with higher bit density and different recording techniques". I'll go along with the statement that practical recovery is impossible from these drives.

But those 14-inchers are a far cry from modern disk drives, recording much lower densities and wider tracks. As a matter of fact, this is precisely the sort of recording that Guttman was writing about.

The paper that I saw from ETH used an overwritten floppy as the subject. I strongly suspect that an overwritten 14" disk might also be suitable fodder. Recovery, in any case, is measured in bits per hour.

In any case, as far as the OP goes, it's like someone having WMDs--if the belief is out there, then what's practical, real or not doesn't really matter, does it?

I call bullsh*t

@Pontios:
Read the Technical Overview section:
http://en.wikipedia.org/wiki/Gutmann_method

I can't find the link, but some Russian guys (and if you've never opened a hard disk to get the heads unstuck by using a fine comb, as instructed by their guides, you simply don't know what these guys can do without high-tech) at some data recovery forum were talking about how they were able to easily get the analogue signal without any fancy magnetic microscopy and such. The rest is all math: remove the digital signal, amplify the analogue residue, and voila, old bits! Granted, it's not what your average Joe can do, but it is indeed possible.

@OP:
Sorry for the high-jack and good luck rescuing those old disks!

To be really convincing you actually have to do it.

Don't you think its funny that there are seemingly no companies out there offering a data recovery service for wiped disks? Somebody could make a bit of money if they did, and I think that would be an incentive don't you? Presumably the people who know how to do that are not interested in money.

I recently saw something really funny. There was a discussion on slashdot about the claims of a professor who wanted to put this "magical data recovery" to rest by claiming that one wipe was enough. NOT ONE PERSON on /. came up with anything technical in this regard. In fact most of them just repeated the same old myths! I guess there are no people on that forum with data recovery expertise or experience. Rather odd I thought. Oh well ... I guess every field needs to have it's lore.

That's a valid point Ole. I think part of the problem with companies is the fact that they will be sued if they do it without consent. Or even advertising this service can make someone raise an eye brow about what that company does or how trusty they can be. Finally one of the bigger problems is that it's hard to define the age of data. In the sense that some bits on the disk will be dated from say 1 year ago, while other bits will be dated from 2 years ago, and combining them probably won't give an internally consistent file. Add to that the terrible external fragmentation of files on disk and it's a very bleak concept. However, the original counter post was about the actual fissility/possibility of such a method: it seems to indeed be possible, even if it won't recover the correct information due to the complexity of the problem.

Wow.. this thread is like so.. VERY..

It's all CLOAK & DAGGER..

Wow..

^o^ I'm cleared by the FBI to work in my field. Are you guys?

(And I am not joking, I WAS cleared by FBI..)

Figure that one out.

OMG.. YAY FOR SCARY WAR GAMES ON FORUMS..



Ok.. now for something useful.

There are a couple things you could do to protect the data from prying eyes.

1. Launch it into space, preferably aimed at the sun so it burns it up in its' corona.
2. Eat the disks.
3. Fold them into origami
4. Attach a large electromagnet to an EMF bomb and blow those disks magnetically to hell
5. Put them in the Halladon Coillider (i kanth spill kerectly) magnet and watch is whine and buckle under the magnetic strain, maybe even catch fire.
6. Trust no one. Not even yourself.
7. Get a stunt double?

Wheeeeeeeeeeeee.. very serious thread is less serious.

BTW,.. Non-Disclosure Agreements usually mean nothing in the right (wrong) hands. I wouldn't trust the paper it was written on. Paper means nothing if the actions speak otherwise.

Good luck.

May your bits stay away from prying eyes.



Kiyote!

I'm so dang dramatic sometimes.

P.S. I do mean in all seriousness that NDA Agreements usually are PAPER THIN. And I mean that literally as well as metaphorically. Plus I'm still FBI certified. Hee hee.