Make It Earth Day Every Day –
Electronics Destruction as Part of InfoSec

In the wake of Earth Day (Sat, Apr 22, 2023), we are doubling down on our education regarding ITAD mishaps. Not only is improper IT Asset Destruction a potential nightmare for your clients whose data becomes exposed, but it may also result in hundreds of millions of dollars in fines and fees (Morgan Stanley’s errors have cost the banking giant over $163 million), and harm in places and countries that you do not know of.

That last point of interest is now known as the E-waste Crisis.

It’s important to note that things are being done across the globe to stop this crisis. One such Convention was established in June of last year. According to the United Nations environment program (UNEP), some e-waste cannot be shipped to countries that are part of the Convention. This limits where e-waste can go, making it more straightforward to manage. This Convention also regulates the movement and disposal of other hazardous waste, such as “toxic, poisonous, explosive, corrosive, flammable, ecotoxic and infectious wastes,” This is just one of many steps being taken internationally to get control of the E-waste Crisis.

So what is E-waste?

E-waste includes everything from smart speakers to smart meters and even high-tech cars. One credible source reminds us that we must use more than just re-use our way out of this problem. With how quickly electronics are changing, outdated materials WILL be disposed of. This means hazardous materials will also be released into our environment when products are improperly disposed of or handled incorrectly. Sometimes these products get into other countries through what may seem like legitimate resale channels, but these countries actually lack proper destruction processes – so at the end of their life they still pose a threat.

In 2023 shouldn’t monitoring and proper destruction be easy?

You may be asking, why is this still an issue with so many companies available to assist in IT Asset Destruction Services?

Any data security professional will tell you that at least part of the reason is that humans are still involved. Humans make mistakes and can fail to follow the processes put in place even in the most diligent organizations. One such example spans from 2014 through several years and, as of our last check, may still remain open. As shared online in 2021, the basis of this example is that “GEEP struck an agreement with Apple Canada Inc. for “the de-manufacturing, destruction, and recycling of excess, obsolete and end-of-life electronics, including monitors, printers, computer systems, iPhones, iPads, software, and other peripherals,” GEEP states that Apple was given the right to audit the process. In 2017, Apple conducted a surprise audit at the Barrie facility, from which all the related lawsuits flowed. Instead of destroying the devices, it shipped about 99,975 of them to Yang and Whitby Recycling, who then reactivated them and sold them in overseas markets, the Apple lawsuit alleges. Apple figured that represented 18 percent of all Apple devices shipped to GEEP since January 2015.”

How did this happen?

That is hard to figure out. Processes became abandoned in what seemed like correct handling. This is a perfect example of “pointing fingers.” Apple accuses GEEP; GEEP accuses key employees and another Recycling Vendor. These accusations created claims and cross-claims from employees requiring hundreds of hours of legal work for all parties involved, leading to years of proceedings.

A great article released by IEEE Spectrum in January of last year points to the obvious that E-waste and issues like this is an InfoSec problem. We couldn’t agree more. Many InfoSec professionals have their hands full of monitoring and the latest data security concern on the horizon and fully expect their ITAD process to work. The APPLE-GEEP case above reminds us how the wrong vendor can outsource or change their processes without organizations even being aware.

Yes, we MUST care about proper recycling as inhabitants of this great planet – making it Earth Day every day, but we must also care about the private data of our customers and employees – and how a breach impacts their personal world. As the interviewee states in the article above, “Technology is so ubiquitous that this is a societal problem we all must reckon with. It’s much more serious than just affecting your family or your company. This is a problem of an international magnitude that has homeland security risks around it. Most of our clients still were not listening. They just wanted us for environmental work, but they weren’t sold on the hardware data-destruction part yet.”

We have to do better as a country and as corporate leaders. Reclamere is passionate about being part of the solution on Earth Day and every day.

Sources:

• https://earth.org/e-waste-crisis-companies/
• https://www.barrietoday.com/local-news/ex-geep-employee-denies-involvement-in-iphone-selling-scheme-3315985
• https://spectrum.ieee.org/the-cybersecurity-of-e-waste