Paper shredder explained

A paper shredder is a mechanical device used to cut sheets of paper into either strips or fine particles. Government organizations, businesses, and private individuals use shredders to destroy private, confidential, or otherwise sensitive documents.

History

Invention

The first paper shredder is credited to prolific inventor Abbot Augustus Low, whose patent was filed on February 2, 1909.[1] His invention was however never manufactured because the inventor died prematurely soon after filing the patent.[2]

Adolf Ehinger's paper shredder, based on a hand-crank pasta maker, was the first to be manufactured in 1935 in Germany. Supposedly he created a shredding machine to shred his anti-Nazi leaflets to avoid the inquiries of the authorities.[3] Ehinger later marketed and began selling his patented shredders to government agencies and financial institutions converting from hand-crank to electric motor. Ehinger's company, EBA Maschinenfabrik, manufactured the first cross-cut paper shredders in 1959 and continues to do so to this day as EBA Krug & Priester GmbH & Co. in Balingen.

Right before the fall of the Berlin Wall, a “wet shredder” was invented in the former German Democratic Republic. To prevent paper shredders in the Ministry for State Security (Stasi) from glutting, this device mashed paper snippets with water.

With a shift from paper to digital document production, modern industrial shredders can process non-paper media, such as credit cards and CDs, and destroy thousands of documents in under one minute.

Applications

Until the mid-1980s, it was rare for paper shredders to be used by non-government entities.

A high-profile example of their use was when the U.S. embassy in Iran used shredders to reduce paper pages to strips before the embassy was taken over in 1979, but some documents were reconstructed from the strips, as detailed below.

After Colonel Oliver North told Congress that he used a Schleicher cross-cut model to shred Iran-Contra documents, sales for that company increased nearly 20 percent in 1987.[4]

Paper shredders became more popular among U.S. citizens with privacy concerns after the 1988 Supreme Court decision in California v. Greenwood; in which the Supreme Court of the United States held that the Fourth Amendment does not prohibit the warrantless search and seizure of garbage left for collection outside of a home. Anti-burning laws also resulted in increased demand for paper shredding.

More recently, concerns about identity theft have driven increased personal use,[5] with the US Federal Trade Commission recommending that individuals shred financial documents before disposal.[6]

Information privacy laws such as FACTA, HIPAA, and the Gramm–Leach–Bliley Act are driving shredder usage, as businesses and individuals take steps to securely dispose of confidential information.

Types

Shredders range in size and price from small and inexpensive units designed for a certain amount of pages, to large expensive units used by commercial shredding services and can shred millions of documents per hour. While the very smallest shredders may be hand-cranked, most shredders are electrically powered.

Shredders over time have added features to improve the shredder user's experience. Many now reject paper that is fed over capacity to avoid jams; others have safety features to reduce risks.[7] [8] Some shredders designed for use in shared workspaces or department copy rooms have noise reduction.

Mobile shredding truck

Larger organisation or shredding services sometimes use "mobile shredding trucks", typically constructed as a box truck with an industrial-size paper shredder mounted inside and space for storage of the shredded materials. Such a unit may also offer the shredding of CDs, DVDs, hard drives, credit cards, and uniforms, among other things.[9]

Kiosks

A 'shredding kiosk' is an automated retail machine (or kiosk) that allows public access to a commercial or industrial-capacity paper shredder. This is an alternative solution to the use of a personal or business paper shredder, where the public can use a faster and more powerful shredder, paying for each shredding event rather than purchasing shredding equipment.

Services

Some companies outsource their shredding to 'shredding services'. These companies either shred on-site, with mobile shredder trucks or have off-site shredding facilities. Documents that need to be destroyed are often placed in locked bins that are emptied periodically.

Shredding method, and output

As well as size and capacity, shredders are classified according to the method they use; and the size and shape of the shreds they produce.

Security levels

There is a number of standards covering the security levels of paper shredders, including:

Deutsches Institut für Normung (DIN)

The previous DIN 32757 standard has now been replaced with DIN 66399. This is complex,[10] but can be summarized as below:

NSA/CSS

The United States National Security Agency and Central Security Service produce "NSA/CSS Specification 02-01 for High Security Crosscut Paper Shredders". They provide a list of evaluated shredders.[11]

ISO/IEC

The International Organization for Standardization and the International Electrotechnical Commission produce "ISO/IEC 21964 Information technology — Destruction of data carriers".[12] [13] [14] The General Data Protection Regulation (GDPR), which came into force in May 2018, regulates the handling and processing of personal data. ISO/IEC 21964 and DIN 66399 support data protection in business processes.

Legislation

Navigating the complex landscape of federal regulations for data protection and document destruction is crucial for businesses in maintaining compliance and avoiding penalties. Understanding these regulations ensures that sensitive information, whether in digital or physical form, is handled securely.

Health Insurance Portability and Accountability Act (HIPAA) - 1996 Established by the federal government, HIPAA mandates businesses to implement safeguards for protecting health information. Non-compliance can result in substantial fines. This act emphasizes the importance of handling medical records with utmost confidentiality and security. More information about HIPAA can be found on the CDC's website.

Computer Fraud and Abuse Act (CFAA) - 1984 The CFAA regulates how businesses manage sensitive data on digital platforms. It underscores that simply deleting files from a hard drive doesn't guarantee data security. To ensure complete data destruction, the physical destruction of hard drive platters is necessary. Detailed information on CFAA is available at the U.S. Department of Justice website.

Gramm-Leach-Bliley Act (GLBA) - The GLBA sets forth guidelines for financial institutions on the disposal and management of financial records. This act ensures that financial documents are handled and destroyed in a manner that prevents unauthorized access and misuse. The Federal Trade Commission provides further details.

Legal Document Protection Across 32 States and Puerto Rico - A majority of states and Puerto Rico have enacted laws to safeguard identifying information managed by law firms, businesses, and government entities. These laws dictate the storage duration, handling, and destruction methods for legal documents, requiring them to be rendered unreadable or undecipherable. New York’s specific regulation can be explored at N.Y. Gen. Bus. Law § 399-H.

Sarbanes-Oxley Act - 2002 This act governs the retention period for business records before destruction is permissible. It's vital for businesses to be aware of these retention times to ensure compliance. For further guidance, refer to the official bill text.

Fair and Accurate Credit Transactions Act (FACTA) - An amendment to the Fair Credit Report Act, FACTA protects consumers from identity theft by providing guidelines on the proper disposal and protection of customer data, including account numbers and social security numbers. The FTC’s website offers comprehensive information on FACTA.

Understanding and adhering to these federal regulations is vital for businesses to ensure the secure handling and destruction of sensitive data, thereby safeguarding against breaches and maintaining compliance. Information provided by Country Mile Document Destruction.

Destruction of evidence

There have been many instances where it is alleged that documents have been improperly or illegally destroyed by shredding, including:

Unshredding and forensics

To achieve their purpose, it should not be possible to reassemble and read shredded documents. In practice the feasibility of this depends on

The resources put into reconstruction should depend on the importance of the document, e.g. whether it is

How easy reconstruction is will depend on:

Even without a full reconstruction, in some cases useful information can be obtained by forensic analysis of the paper, ink, and cutting method.

Reconstruction examples

Forensic identification

The individual shredder that was used to destroy a given document may sometimes be of forensic interest. Shredders display certain device-specific characteristics, "fingerprints", like the exact spacing of the blades, the degree and pattern of their wear. By closely examining the shredded material, the minute variations of size of the paper strips and the microscopic marks on their edges may be able to be linked to a specific machine.[25] (c.f. the forensic identification of typewriters.)

Recycling of waste

The resulting shredded paper can be recycled in a number of ways, including:

See also

Notes and References

  1. Abbot Augustus Low Waste-paper receptacle February 2, 1909 Patent filing
  2. Book: Beyes. Timon. The Oxford Handbook of Media, Technology, and Organization Studies. Holt. Robin. Pias. Claus. 2019-12-17. Oxford University Press. 978-0-19-253795-9. en.
  3. News: Woestendiek. John. The Compleat History of SHREDDING. 22 February 2017. The Baltimore Sun. February 10, 2002. live. https://web.archive.org/web/20160822084311/http://articles.baltimoresun.com/2002-02-10/entertainment/0202110302_1_paper-shredders-papyrus-thereof. 22 August 2016.
  4. Business notes office equipment . Time . 1988-02-29 . 2009-07-27 . live . https://web.archive.org/web/20070930115604/http://www.time.com/time/magazine/article/0,9171,966794,00.html?promoid=googlep . 2007-09-30.
  5. Web site: About Identity Theft. US FTC website. dead. https://web.archive.org/web/20090520060906/http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html. 2009-05-20.
  6. Web site: Fighting Back Against Identity Theft. US FTC website. live. https://web.archive.org/web/20090528001302/http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt01.shtm. 2009-05-28.
  7. Paper Shredder Safety Alert . U.S. Consumer Product Safety Commission . 11 June 2007 . live . https://web.archive.org/web/20081122052637/http://www.cpsc.gov/cpscpub/pubs/5127.pdf . 22 November 2008 .
  8. Web site: Paper Shredder Danger . Snopes.com . 17 August 2006 . 2009-07-27.
  9. Web site: Rock . Michael . 2023-11-14 . The Cutting-Edge Shred-Tech MDS 25GT Mobile Shredding Truck . 2023-11-14 . Country Mile Shredding Services . en-US.
  10. Web site: New times, new storage media, new standards . HSM . 22 February 2017 . dead . https://web.archive.org/web/20170223125956/http://www.hsm.eu/en/products/shredding/document-shredder/new-din-66399/ . 23 February 2017.
  11. Web site: NSA/CSS EVALUATED PRODUCTS LIST for HIGH SECURITY CROSSCUT PAPER SHREDDERS . live . https://web.archive.org/web/20170223041648/https://www.nsa.gov/resources/everyone/media-destruction/assets/files/epl-18-may-2015.pdf . 2017-02-23.
  12. Web site: ISO/IEC 21964-1:2018: Information technology — Destruction of data carriers — Part 1: Principles and definitions . May 2018 . International Organization for Standardization . Geneva . 2020-07-28.
  13. Web site: ISO/IEC 21964-2:2018: Information technology — Destruction of data carriers — Part 2: Requirements for equipment for destruction of data carriers . August 2018 . International Organization for Standardization . Geneva . 2020-07-28.
  14. Web site: ISO/IEC 21964-3:2018: Information technology — Destruction of data carriers — Part 3: Process of destruction of data carriers . August 2018 . International Organization for Standardization . Geneva . 2020-07-28.
  15. Web site: Walsh. Lawrence. Vol. I: Investigations and prosecutions. Final report of the independent counsel for Iran/Contra matters. Independent Council for Iran/Contra Matters. August 4, 1993. 15 May 2009. live. https://web.archive.org/web/20090417230304/http://www.fas.org/irp/offdocs/walsh/. 17 April 2009.
  16. Web site: Interim Report March 2005 . 2009-07-27 . dead . https://web.archive.org/web/20090805032019/http://www.iic-offp.org/documents/InterimReportMar2005.pdf . 2009-08-05 .
  17. Book: Eizenstat, Stuart . 2003 . Imperfect Justice . registration . 1-58648-110-X . PublicAffairs . New York. Page 94
  18. Eizenstat p 94, 95
  19. Eizenstat p 95
  20. Swiss parliament: Parliamentary Initiative 96.434: Bundesbeschluss betreffend die historische und rechtliche Untersuchung des Schicksals der infolge der nationalsozialistischen Herrschaft in die Schweiz gelangten Vermögenswerte ; in German. Entry in force December 14, 1996. This edict was the legal foundation of the Bergier commission, constituted on December 19, 1996. Articles 4, 5, and 7 made the willful destruction or withholding of documents relating to orphaned assets illegal. On the dates given, see Chronology: Switzerland in World War II — Detailed Overview of the years 1994-1996 . URLs last accessed 2006-10-30.
  21. Book: Dānishjūyān-i Musalmān-i Payraw-i Khaṭṭ-i Imām, Dānishjūyan-i Musalmān-i Payraw-i Khaṭṭ-i Imām . Documents from the U.S. Espionage Den . Published by Muslim Students Following the Line of the Iman . 1980 . live . https://web.archive.org/web/20131018143837/https://archive.org/details/DocumentsFromTheU.s.EspionageDen . 2013-10-18 .
  22. Web site: National Association for Information Destruction. naidonline.org. live. https://web.archive.org/web/20090805065828/http://www.naidonline.org/. 2009-08-05.
  23. News: Heingartner . Douglas . Back Together Again . New York Times . 2003-07-17 . 2007-01-03 . live . https://web.archive.org/web/20080305141421/http://query.nytimes.com/gst/fullpage.html?res=9803E3D7123CF934A25754C0A9659C8B63 . 2008-03-05.
  24. Web site: Darpa Shredder Challenge . Darpa.mil . U S. Department of Defense . 27 September 2016. dead . https://web.archive.org/web/20160825060146/http://archive.darpa.mil/shredderchallenge/ . 25 August 2016.
  25. Jack Brassil . Tracing the Source of a Shredded Document . . 2002-08-02 . 2007-01-03 . live . https://web.archive.org/web/20061029090544/http://www.hpl.hp.com/techreports/2002/HPL-2002-215.pdf . 2006-10-29 .
  26. Web site: Wilki Engineering manufactures bespoke shredding machines & balers. bOnline LTD.. wilkiengineering.co.uk.