EDS' Failure to Wipe

EDS, which runs the Navy Marine Corps Intranet under a 10 year, $10 billon contract, serves about 650,000 folks. Users turn in, on an annual basis, about 120,000 old computers for new ones. The company failed to magnetically wipe (the technical term is degaussing) at least 12 hard drives containing secret information, according to a snippet from a Navy inspector general report, which made its way here to Whats central in Las Vegas, N.M.

The investigation, which ended in March, found that EDS stored 2,552 classified and unclassified hard drives in large shipping crates at an unidentified location and 12 of the classified hard drives "certified as degaussed contained readable secret documents," the report said.

EDS, the report added, self-reported 24 more improperly stored and accessible classified hard drives. In addition, the IG report said investigators conducted a statistical sampling of theoretically inoperable unclassified hard drives, and determined that 1,060 were operable, and out of those, 612 contained personally identifiable information, data that includes names, addresses and social security numbers.

A knowledgeable official who wanted to remain anonymous said the Navy chief information officer's office decided to adopt an interim policy to destroy all used hard drives, rather than risk them being sold and the information on the drives exposed. Last month The Guardian in London reported that a computer containing classified Missile Defense Agency files had been bought on eBay.

The Navy official told me that the policy to destroy used computer hard drives was only an interim one because it was more expensive than reselling the old hard drives. But when asked, "What price security?" the Navy official agreed that destruction was a far better approach than resale.

I agree - and this seems like a no brainer.