Tech companies tend to destroy storage devices as soon as they deem them obsolete for fear of data leakage. Experts say the practice is highly wasteful, claiming they can and should securely delete data to reuse storage. This dilemma pits security concerns against sustainability.
According to a new Financial Times report (reprinted by Ars Technica), the standard procedure among tech companies is to shred servers and hard drives every few years instead of wiping and selling them. The report outlines different ways the practice is harming the planet.
Tech giants like Amazon, Microsoft, and Google upgrade their storage hardware every four or five years. They, along with banks, police services, and government agencies, shred an estimated tens of millions of obsolete storage devices yearly because exposing even small amounts of data can have considerable legal consequences, as a leak could anger regulators and damage consumer trust.
Last month, the Securities and Exchange Commission fined Morgan Stanley $35 million for auctioning thousands of hard drives before erasing them, leaking millions of customers’ data. Although nothing indicated that any customers came to harm, many companies — particularly the ones operating cloud services — likely don’t want to suffer a similar fate.
Some groups may think disposing of obsolete hardware is environmentally friendly when the opposite might be the case. Concerning e-waste, the energy use and recycling problems are more complex than initially apparent.
Companies may upgrade to newer hardware because it’s more energy-efficient, supposedly carrying a lower carbon footprint. However, most tech carbon emissions come from manufacturing, not operation. University of Wisconsin-Madison researchers discovered this might be the case with SSDs, and Harvard researchers had similar findings regarding tech companies’ overall carbon footprints.
Furthermore, although shredded hardware sees around 70 percent of its component material recycled, the process essentially wastes the emissions from its initial manufacturing. Reusing those materials means repeating the most emissive part of the hardware’s carbon footprint. Even worse, any lost material like rare earth metals must be re-mined, possibly contributing to the use of conflict materials.
Companies may think destruction is the only way to ensure data security, but experts believe it’s an unnecessary nuclear option. Many hard drives and servers can probably remain in use for years or even decades, and there is likely minimal risk of bad actors recovering data from second-hand storage with forensic software. Google and Microsoft say they’ve started using some refurbished servers, but shredding is still standard procedure for hard drives.