D3 Granted New Patent for Data Destruction on Optical Media
July 13, 2010Fort Myers, FL - Digital Data Destruction (D3, Inc.)today
announced that it was granted a new patent on its method and process to
safely destroy the digital data contained on Optical Discs. The patent
award by the United States Patent and Trademark Office, # 7,753,762
adds to four previously awarded US and foreign patents in this
exclusive niche. The new technology covered by this optical disc data
destruction patent also anticipates a new more stringent National and
International standard to destroy digital data due to emerging forensic
recovery techniques. This patent covers processes and technology which
will continue to insure complete and total destruction of clients’ data
in an efficient and economical fashion while addressing the rapidly
growing need to comply with the data destruction requirements of HIPAA,
Gramm-Leach-Bliley, FACTA and Sarbanes-Oxley Federal legislation and the
NIST standard as outlined in SP 800-88.
The patent claims allow D3 to exclusively employ several unique
methods to destroy the digital information contained on optical discs
independent of where the data resides on the specific type of media.
Continuing unpublished work at eTriage and at other organizations has
scientifically proven that many alternative processes currently used by
commercial interests which rely on an antiquated paper shredding model
or dimpling processes, keep significant amounts of data on the discs.
Government or commercial interests using unsafe technology invite
serious financial and legal liabilities. This new technology from D3
provides the industry with Tier 5 equipment which is beyond forensic
recovery.
Dr. Hutchison, President and CTO
of D3, Inc., said of this most recent patent award, “D3 continues to
innovate and develop new processes and equipment which can be used to
safely destroy digital data on electronic media, once that information
is obsolete or has reached it’s end-of-life usefulness. ”
About D3 Services
D3 Inc. is a Wisconsin C Corporation formed in 2004 to offer high end
digital data destruction equipment and services for the verifiable
destruction of data on digital media. The Company has a large secure
facility in Wisconsin and a branch office in Fort Myers. D3, Inc. is affiliated with CD Rom, Inc. and eTriage, Inc.
For further information on D3, please contact us or visit our web sites.
(CBS) At a warehouse in New Jersey,
6,000 used copy machines sit ready to be sold.CBS News chief investigative
correspondent Armen Keteyianreports
almost every one of them holds a secret.
Nearly every digital copier built since 2002 contains a hard drive -
like the one on your personal computer - storing an image of every
document copied, scanned, or emailed by the machine.
In the process, it's turned an office staple into a digital time-bomb
packed with highly-personal or sensitive data.
If you're in the identity theft business it seems this would be a pot of
gold.
"The type of information we see on these machines with the social
security numbers, birth certificates, bank records, income tax forms,"
John Juntunen said, "that information would be very valuable."
Juntunen's Sacramento-based companyDigital Copier
Securitydeveloped software called "INFOSWEEP" that can scrub all the
data on hard drives. He's been trying to warn people about the
potential risk - with no luck.
"Nobody wants to step up and say, 'we see the problem, and we need to
solve it,'" Juntunen said.
This past February, CBS News went with Juntunen to a warehouse in New
Jersey, one of 25 across the country, to see how hard it would be to buy
a used copier loaded with documents. It turns out ... it's pretty easy.
Juntunen picked four machines based on price and the number of pages
printed. In less than two hours his selections were packed and loaded
onto a truck. The cost? About $300 each.
Until we unpacked and plugged them in, we had no idea where the copiers
came from or what we'd find.
We didn't even have to wait for the first one to warm up. One of the
copiers had documents still on the copier glass, from the Buffalo, N.Y.,
Police Sex Crimes Division.
It took Juntunen just 30 minutes to pull the hard drives out of the
copiers. Then, using a forensic software program available for free on
the Internet, he ran a scan - downloading tens of thousands of documents
in less than 12 hours.
The results were stunning: from the sex crimes unit there were detailed
domestic violence complaints and a list of wanted sex offenders. On a
second machine from the Buffalo Police Narcotics Unit we found a list of
targets in a major drug raid.
The third machine, from a New York construction company, spit out design
plans for a building near Ground Zero in Manhattan; 95 pages of pay
stubs with names, addresses and social security numbers; and $40,000 in
copied checks.
But it wasn't until hitting "print" on the fourth machine - from
Affinity Health Plan, a New York insurance company, that we obtained the
most disturbing documents: 300 pages of individual medical records.
They included everything from drug prescriptions, to blood test results,
to a cancer diagnosis. A potentially serious breach of federal privacy
law.
"You're talking about potentially ruining someone's life," said Ira
Winkler. "Where they could suffer serious social repercussions."
Winkler is a former analyst for the National Security Agency and a
leading expert on digital security.
"You have to take some basic responsibility and know that these copiers
are actually computers that need to be cleaned up," Winkler said.
The Buffalo Police Department and the New York construction company
declined comment on our story. As for Affinity Health Plan, they issued a
statement that said, in part, "we are taking the necessary steps to
ensure that none of our customers' personal information remains on other
previously leased copiers, and that no personal information will be
released inadvertently in the future."
Ed McLaughlin is President of Sharp Imaging, the digital copier company.
"Has the industry failed, in your mind, to inform the general public of
the potential risks involved with a copier?" Keteyian asked.
"Yes, in general, the industry has failed," McLaughlin said.
In 2008, Sharp commissioned a survey on copier security that found 60
percent of Americans "don't know" that copiers store images on a hard
drive. Sharp tried to warn consumers about the simple act of copying.
"It's falling on deaf ears," McLaughlin said. "Or people don't feel it's
important, or 'we'll take care of it later.'"
All the major manufacturers told us they offer security or encryption
packages on their products. One product from Sharp automatically erases
an image from the hard drive. It costs $500.
But evidence keeps piling up in warehouses that many businesses are
unwilling to pay for such protection, and that the average American is
completely unaware of the dangers posed by digital copiers.
The day we visited the New Jersey warehouse, two shipping containers
packed with used copiers were headed overseas - loaded with secrets on
their way to unknown buyers in Argentina and Singapore.
NIST SP 800-122, Protecting Personally Identifiable Information (PII)
The National Institute of Standards and Technology released the new SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) . These guidelines establish recommendations for protecting all Personal Identifiable Inforamtion within and organization.
Across the board ban lifted for mission critical
applications
The Defense Department was able to lift a
ban on portable storage devices such as thumb drives because of changes to DOD
computer systems that make the devices safer to use, Vice Adm. Carl Mauney,
deputy commander of the U.S. Strategic Command, said today. But that doesn't
mean personnel have carte blanche. DOD still maintains strict rules for the
devices.
“After extensive testing of mitigation measures, DOD decided to
make this technology available again on a strictly controlled basis on DOD
computers,” Mauney said via e-mail. “Since the order restricting use of
removable media, DOD developed capabilities and processes that allow safe use of
these devices. Removable media use will be limited to mission-essential
operations, and only after strict compliance requirements are met.”
The
new policy, issued Feb. 12, only applies to government-procured and
government-owned devices, Mauney said. Personally owned devices are still barred
from all DOD networks and computers. Flash media can only be used as a last
resort to transfer data from one location to another, and only when other
authorized network resources are not available, he said.
Randomly selected users and drives will
be subject to periodic auditing, under the new policy. Individual services and
agencies will determine whether flash media may be used in their individual
organizations, Mauney said.
Some in the military found the all out ban
too restrictive, according to one DOD source. The new policy is a compromise.
“This is not a return to 'business as usual,'” Mauney said. “There
remain strict limitations on using these devices. Use will be permitted only in
DOD computers that are in compliance with requirements for hardware that allows
for safe transfer of data.”
For now, Army officials plan to keep the ban on flash drives in place, according
to the Army News Service.
“We are currently conducting mission analysis
in order to provide guidance for the Army's safe return of thumb drives and
flash media,” officials from the Army Global Network Operations Security Center
said, according to the news service.
The ban was issued in November 2008
after a virus was found to be spreading through military networks by copying
itself from one removable drive to another. The ban covered all forms of USB
flash media, such as thumb drives, memory sticks and cards, and camera memory
cards, as well as some other removable media.
2009 Annual Study: Cost of a Data Breach
Retrieved February 10, 2010
http://www.pgp.com/
The 2009 Annual Study: Cost of Data Breach has just been released.
This is provided by PGP Corporation and the Ponemon Institute. This survey documents the high costs that result when companies lose customer data.