Churches frequently replace computers with newer, faster equipment. The “old” computers are either sold or given away. Some attempt is made to “erase” personal and confidential information from the old computers, but just how effective are these efforts? Is it possible that these old computers still contain personal and confidential information? A recent study by two students at the Massachusetts Institute of Technology (MIT) suggests that it is common for “secondhand” computers to contain personal, non-deleted information from the original owner. The students purchased 129 used computers on Ebay and from secondhand computer stores. Of these 129 computers, 69 still contained “recoverable” personal data from the original owner! What kind of personal data was recovered? Medical data, personal correspondence, diaries, pornography, and hundreds of credit card numbers.
How could these used computers still contain recoverable personal information when the original owners insisted that they “deleted” all computer files before disposing of their computers? The answer lies with Microsoft Windows, which does not really “delete” files that users delete. Instead, only the names of files are deleted. This “tells” the computer that the space occupied by the deleted files is “empty.” But, the files themselves remain on the computer’s hard drive until they are later overwritten by new data. In some cases, the “deleted” files are overwritten by new data weeks or months later, but in many cases the files are never overwritten and so they remain intact and can be recovered by any “file recovery” program. As the MIT students discovered, it is common for secondhand computers to contain files that the owners thought they had deleted.
What is the relevance of this to church treasurers? Think of the highly confidential information that is contained on church computers. Examples include members’ names and addresses, and in some cases other personal information; members’ contributions; church financial records, including bank account numbers and PINs; church credit card numbers; the credit card numbers of members who made contributions by credit card; and personal correspondence. The retrieval of such data by a subsequent owner of the church’s computer could be disastrous.
What steps can church leaders take to protect against the inadvertent transfer of recoverable confidential information on obsolete church computers? As we have seen, “deleting” files is not enough, at least when using Microsoft Windows. There are several software programs that will effectively erase all of this information so that it cannot be recovered, and many of these programs are inexpensive (less than $30). Programs that erase data using United States Defense Department compatible methods include CyberScrub, Window Washer, BC Wipe, and Eraser. Each of these programs has won awards from computer magazines. There are many other options available. These programs are sometimes called “file shredding” programs.
One more tip. If you sell your computer to a secondhand computer store, don’t take their word that they will erase all of the contents on your computer. It’s best to do so yourself, so long as you have the proper software.
This article first appeared in Church Treasurer Alert, March 2003.