Tax agency holding onto hard drives as it seeks disk eraser
Canada's tax agency has been forced to stockpile hundreds of used hard drives containing sensitive taxpayer information because it can't erase them.
About 1,000 obsolete devices have been locked away at offices across the country as technicians search for software that can wipe them clean.
The problem began in October 2007 when the RCMP warned all federal departments that standard disk-erasing software, previously sanctioned by the police force, was no longer reliable.
So-called DSX software "could eventually fail to properly function on newer, larger drives," said a Mountie bulletin. "Use of the software is 'at your own risk'."
The RCMP's technical security branch found that DSX left traces of sensitive data on newer drives that can be read by modern devices, a sticky problem known as "data remanence."
The branch cautioned departments to find alternative, more reliable software.
But an audit last year at the Canada Revenue Agency found that despite the warning, officials did not come up with a better electronic eraser — creating a growing pile of hard drives that can't be wiped properly.
"The overwrite utility software recommended in CRA policy is not always effective," says the audit, which examined the bigger hard drives used in servers, that is, in powerful computers that serve other agency computers.
"There is no process in place to ensure that an effective tool is available."
Investigators noted that some offices were physically destroying hard drives to get around the problem.
The RCMP says any drives destroyed this way should be run through commercial equipment that chops the devices into pieces no bigger than the width of a pencil. The audit did not indicate whether that advice was being followed.
Other offices have been stockpiling the drives, and the number has now hit about 1,000.
More than half of the 50 technicians surveyed by investigators said they still use DSX software on some server drives.
A spokeswoman for the tax agency says the stockpiled drives remain under lock and key across the country until a solution can be found.
"Access to these locations is restricted to authorized personnel only," said Caitlin Workman.
She added that technicians plan a pilot project next month to find a "sanitization solution" and an agency-wide tool should be available by the end of September.
Workman said tax offices continued to use the DSX software even after the RCMP's 2007 warning because most of the hard drives then in use were older models that could be erased easily.
No taxpayer or agency information has been put at risk because of the eraser problems, she said.
The agency currently operates about 2,000 servers across the country.