When we throw our old smartphones, laptops, and other data-bearing devices away, we toss our secrets away with them. Our smartphones are becoming our keys, bank accounts and social lives. Even after we have “wiped” our old technology, the private data’s DNA remains intact. The trash can is not the secret keeper and data destroyer many like to think it is. 

Discarded tech devices containing private data are not only a matter of personal privacy but of national security as well. Rogue states actively employ armies of hackers who wade through and exploit the information we leave for them on our old tech. 

When our technology becomes obsolete or unwanted, most don’t take a second thought about its afterlife.  In the United States alone, 416,000 phones a day are either incinerated or end up in landfills, and only a paltry 17.4% of electronic waste is properly recycled worldwide

It’s estimated that in 2021, we collectively discarded a staggering 63.3 million U.S. tons of electronic waste. This means that our e-waste over the past year outweighs the Great Wall of China, the heaviest object on planet earth. 

The continued growth of e-waste is a glaring blind spot in our national security infrastructure. A recent case in point is a very old German military laptop that was sold on eBay and later found to have, on its hard drive, a confidential user manual and schematics for a surface-to-air missile still in use by the German military. Fortunately, the laptop was purchased by a German cybersecurity firm. It could have just as easily landed in the hands of terrorists or a rogue state.  

In 2013, Chinese authorities broke up an e-waste smuggling ring responsible for delivering 72,000 metric tons of e-waste into the country. While most of the goods originated in Japan, some also came from the United States and the European Union. 

This should concern us. Many consumers are lulled into a false sense of security because they think they’ve deleted their information when they actually have not. Traces of your credit card details, addresses, passwords, phone numbers and other personal and professional information remain embedded in that technology’s DNA. For cybercriminals, this information is a gold mine. The global average cost of a data breach in 2020 was $3.86 million. 

Researchers from Northeastern University bought 86 used devices off eBay over a span of 16 months. Worryingly, 61% had not been reset, meaning that retrieving the data off those devices involved simply removing four screws and extracting an SD card. Of the devices that had been reset, the researchers could still retrieve Wi-FI credentials, the physical location of previous owners, as well as information on cyber-physical devices such as doors and locks by simply using the ubiquitous tool, Autopsy.

Law enforcement agencies such as the FBI and Homeland Security are well aware of the serious security threats posed by e-waste. Twenty years ago, those buying e-waste were doing so in order to extract precious metals from the waste. Now, there’s far more precious material to harvest – our personal data. 

The data that can be stolen from your old devices might be confidential or proprietary information from your business that you were entrusted with. Such data, if breached, could damage your company or even your government - and along with it, your career. It’s not just your information that is exposed; it is the information of your friends, families, and employers. 

Once the bad actor e-waste scavengers have what they want, the tech carcasses are typically burnt or tossed into the ocean, adding environmental insult to privacy injury. Hardware security must become part of our standard operating procedure the same way software security has. 

Every stakeholder needs to be educated and play a part in cleaning up our e-waste practices, from the original equipment manufacturers (OEMs) to retailers, consumers, recycling entities, and government agencies.  Fortunately, such actions are being policed by organizations such as The Basel Action Network (BAN), a non-profit international toxic waste watchdog group that investigates the underground world of the e-waste trade. 

BAN conducted a two-year study during which it fitted discarded devices with GPS trackers and dropped them off at “recycling” centers across the US in order to see where they would end up. It turns out that about one-third of the tracked electronics were tracked overseas, and frequently to countries with little to no regulatory measures against trash scavenging. 

Recycling our plastic and cardboard has become a social norm. It is time for the recycling of technology to be viewed in the same way. We need to educate consumers and businesses about best practices in order to significantly improve e-waste collection rates. We also need to provide convenient, widely available e-waste recycling options to businesses and families so that the responsible recycling of e-waste and data destruction becomes second nature.  

It’s time to take tech recycling seriously – for the sake of our planet and for our privacy. When you break open an amazing new smartphone or laptop, remember you may not be the final user, even after you throw it away. Unrecycled e-waste is a gift to tech scavengers and cybercriminals alike.

About the author: 

John Shegerian John Shegerian is the Chairman and CEO of ERI. Photo: John Shegerian

John Shegerian is the Chairman and CEO of ERI, the largest cybersecurity-focused hardware destruction and electronic waste recycling company in the United States.