[Cryptography] Magnetic media destruction question

Ron Garret ron at flownet.com
Wed Jan 14 17:41:30 EST 2026 

> On Jan 13, 2026, at 2:14 PM, Jerry Leichter <leichter at lrw.com> wrote:
> 
> The details have no doubt changed, but in Google datacenters 15 years ago or so, the process was:
> 
> 	- Every new disk entering the data center is given a unique 	identifier, visible on the outside.
> 	- The life history of every disk in the data center is tracked - where 	it goes, what it's used for, and ultimately when it dies.
> 	- No disk that ever entered the data center as a functioning device 	ever leaves except as destroyed material.

Here is a bit of historical trivia that people here might find interesting.  I believe I may have had a hand in bringing this policy about.

In 2001 I was working at JPL and was given the job of procuring a then-new Google search appliance for evaluation.  We ultimately decided not to keep it, but by that time it had crawled the JPL internal network and the disk was full of sensitive proprietary information.  The appliance was packaged in a sealed case so we could not get physical access to the drive, and of course they wouldn't give us root access.  So we could not give them the drive back until we figured out a way not just to erase it, but to verify that it had in fact been erased.  Google apparently had not thought this through.  There was no way for us as the user to erase the drive.

So Google sent a tech to JPL to wipe the drive.  The tech went into a secret part of the user interface to invoke a "wipe drive" option, which then put up a little animation on the screen to indicate "progress".  I asked the tech how we could verify that the drive was actually being wiped.  He said there was no way to do that, we just had to take their word for it.  I explained to him why that wasn't satisfactory while we waited for the wipe to finish.

And waited.

And waited.

I don't remember how long we waited.  It was the better part of an hour, at which point the tech decided that the process had hung and pulled the plug.  But apparently enough of the drive had gotten wiped that the thing now would not boot.  At this point not only did we not have any way to verify that the drive had been wiped, but we had no reason whatsoever to believe that it had in fact been wiped, not even a screen saying, "I've finished wiping the drive.  Just take my word for it."

So the tech opened up the appliance (which involved the use of some pretty exotic-looking drill bits), took out the drive, and gave it to me.  I never did anything with it, but I still have it somewhere.  One of these days I'm going to plug it in and see what's on it.

rg

More information about the cryptography mailing list