Electronic waste is also a cybersecurity problem

Many of us have obsolete devices relegated to the back of our drawers, little museums of old technology. These forgotten laptops and phones seem like mere quaint relics, but if they aren’t disposed of properly, they can release two different but dangerous things: toxic chemicals and sensitive data.

The world generated a record 53.6 million tonnes of e-waste in 2019, up more than 21% over five years, according to the latest United Nations assessment.

Only around 17% of this electronic waste has been recycled, and what happens to the rest can be harmful to human health and privacy. A new systematic review of The Lancet found that “people living in areas prone to e-waste have significantly high levels of heavy metals and persistent organic pollutants”, and he advocated “new cost-effective methods for safe recycling operations … in order to ensure the health and safety of vulnerable populations ”.

John Shegerian totally agrees. He is the co-founder and CEO of ERI, one of the world’s largest electronics disposal providers, and the co-author of ERI’s 2021 book. The insecurity of everything: How hardware data security is becoming the world’s most important topic.

We spoke with Shegerian about the effect of e-waste on the future of our world and our privacy, and the role engineers can play in solutions. The conversation has been edited for length and clarity.

IRAJohn Shegerian, CEO of ERI and co-author of the 2021 book The Insecurity of Everything

IEEE spectrum: The conclusion of the Lancet review certainly doesn’t come as a shock to you, but others might be surprised at the types of pollutants inside our old computers, phones, and televisions – and the danger they present when not handled responsibly.

John Shegerian: When we entered the industry [in 2002], Al Gore had yet to win his awards for “An Inconvenient Truth.” There was no iPhone or the Internet of Things. Corn [e-waste] was already the fastest growing solid waste stream in the world. Today, in 2022, e-waste is now the fastest growing waste stream of an order of magnitude.

An employee of a major New York bank “threw his laptop in the trash in Manhattan and someone pulled it out.” On that laptop was the information of the many customers of the entire banking company and the bank’s multi-billion dollar business.
—John Shegerian

People might say, how is this possible given that we are talking more about the environment and there are more companies like yours? The truth is, the magnitude of the problem far exceeds the number of solutions. We have so, so, so many devices. And when [e-waste isn’t disposed of correctly], it can be landfilled, dumped in a river or lake, or simply buried. Unfortunately, it could also be sent to a country where they don’t have the right tools or expertise to dismantle old electronics.

Finally the liners [of devices] break, and when it rains on it, very toxic materials [they contain] – mercury, lead, arsenic, beryllium, cadmium – take out. If they return to land and water, it has very negative effects on the health of our vegetation, our animals and our people. So unfortunately no I’m not surprised [by the Lancet study].

You founded ERI for environmental reasons, but you and your team quickly realized the cybersecurity risk: many of these discarded devices contain sensitive personal and / or business data.

Shegerian: Yes, we saw those little breadcrumbs on data and privacy throughout the 2000s: the birth of Palantir, the founding of LifeLock, what we ourselves saw at ERI. Really, in 2012 I started talking to companies about the need to ‘shred’ data as they destroy sensitive papers, they look at us like we are green Martians. Over the years, I have spoken about it at conferences anyway, and at one of them in 2017, Robert Hackett of Fortune requested an interview and wrote an article that ended with this line: “It turns out that e-waste is not only an environmental threat, but also a threat to cybersecurity. Five years of drumming, and thanks to this article, we’re finally off to the races… by comparison.

Relatively. Because you find that people, both as individuals and at the corporate level, don’t take data risk seriously enough. How did it inspire The insecurity of everything?

Shegerian: Technology is so pervasive that it is a societal problem we all have to contend with. It is much more serious than just affecting your family or your business. This is an international problem, which involves risks for internal security. That’s why we wrote the book: The vast majority of our customers were still not listening. They just wanted us for the environmental job, but they weren’t quite convinced about the physical data destruction part of the job yet. We wanted to write this book to share a few examples of serious consequences — that it’s not a distant theoretical concern.

Can you share some of these anecdotes?

Shegerian: A big, big bank once called me, “John, we had a breach, but we don’t think it’s phishing or software. We believe this is from the hardware. I go there and it turns out that one of their bankers threw his laptop in the trash in Manhattan and someone pulled it out. On that laptop was information from the many customers of the entire banking company and the bank’s multi-billion dollar business. The responsibility, the data… God, absolutely priceless. If it fell into the wrong hands, the ransom that could have been extracted was truly enormous.

There are also situations like the federal government – I won’t say which branches – tell us, “We have all these old electronics that are potentially heavy on data, and when companies like yours gave us quotes. [for responsible recycling], it seems a bit expensive to me. We were told to save some money and we found someone to do it for free.

To free? Yeah no. What happens is this guy is going to grab the devices for free, put them in a container, and wholesale them to the highest bidder. Many of these buyers are harvesting precious metals and materials from old electronics – but there are also people hostile to Homeland Security who want to remove hard drives and find a way to harm us here in the United States or detain corporate data for ransom. From these examples, you can see how you should also protect your financial and personal data on an individual level.

What do people need to know – and do – to avoid becoming one of these stories?

Shegerian: It is crucial to make sure that if you donate [your device] to a retailer that has a take-back or trade-in program, review it and make sure it uses responsible recyclers. Make sure that they guarantee that all your data will be destroyed before you take your phone and sell it again. If they don’t tell you, with drastic transparency, who the seller is handling the materials or where they are going to go? Past.

Hard drives with a red cable coming out of each sit in a row on numbered shelves
Hard drives are erased at ERI facilities.IRA

For the engineers of today and tomorrow who are interested in this work, how can they be part of the solution?

Shegerian: Engineers have been such important partners to us, whether it’s creating electronic waste shredders or things like glass cleaning technology that helps us recycle materials. They also helped us to be the first to develop AI and robotics in our facility. So they could come and work for someone like us and answer questions like: how to recycle more of this material faster and better, with less impact on the environment?

On the flip side, engineers are always going to be hired by large OEMs, whether tech or automotive companies, and that’s nice because now they could design an engineer for circular economy behavior. They could create new products from recycled copper, gold, silver, steel and plastic, keeping them out of our landfills.

Engineers have a huge opportunity to help leave the world a better, safer, and cleaner place than the one we have inherited. But everyone on Earth is a stakeholder. We all need to be part of the solution.

Source link

Previous In the Seeing Hands of Others by Nat Ogle - he said, she said | fiction
Next Denver7 Gives replaces the electronics of the Hacker family