(Second update: I've gotten some really interesting E-mail about this, but it would have been a lot nicer if you folks had just signed up so you could post comments. The sign-up/approval is only there to eliminate the massive spambottiness that comes by otherwise, and that way more people than me could see the fascinating information you have to impart on this.)

(extensively updated below)

Dave Winer is upset (no, wait, there's more) at Apple (there's still more), and has written about it here, here, here, and here (where he shared the letter he wrote to Steve Jobs about it).

In essence, Dave is upset because he took his MacBook into the Apple Store for repair work on the internal hard drive, which had died. He paid what he considered to be an inflated price for that profile drive (and I'm not going to go looking up prices and specs to see if it was or not, I'm just mentioning it to set the mood). The Apple Store installed the new drive, and kept the old drive for remanufacturing, as is specified in annoying fine print on the back of the service agreement. They do the same thing with warranty drive replacement.

Dave had a lot of his private data on the drive and wanted it back, but Apple's policies do not allow him to buy it back unless state law requires that the repair center provide that option. California law does not.

Today, Dave is upset that everyone he's talked to agreed with him that this is a Bad Thing, but somehow the entire Internet has not taken up arms to storm the Emeryville Apple Store and return his drive to him.

It's amazing to me that the tech blogosphere doesn't treat Apple's policy re broken hard disks as the huge gaping security hole that it is.

Think about it. We worry about bad people getting their hands on little pieces of data that, when added together, give them the power to be us in banking and credit transactions.

Think about what you would do if your laptop was stolen.

Well, if you own a Mac and its hard disk goes bad, and you make the mistake of bringing it to Apple for service, you will turn over all that data to Apple. Not "may" or "might" but "will." What Apple in turn does with that data is none of your affair. They don't sign anything or offer any guarantees that they won't sell the disk to a data miner. Think it can't happen or that it's unlikely? I don't gain much comfort from your feeling of security.

Wow. I mean, think about that. It's not like if you have a hole in your wallet and take it to be repaired without taking all of your money and credit cards out of it. I mean, you know that the wallet repair shop would absolutely guarantee all of your personal data and financial information throughout the repair process, so Apple's policy must be…entirely…

No, wait. This is stupid. This is not a security issue because Apple keeps dead drives for remanufacturing, both on paid replacements and under warranty. This is Dave's "security issue" because Dave didn't expect to have to surrender the old drive while paying for the new drive.

But this, too, is stupid. If your drive has sensitive data on it, you don't let them take it in the back room without your presence. Sure, we don't expect Apple or anyone else to go copying your hard drive when it's in for a service call, but a Consumerist investigation six months ago caught Geek Squad technicians doing exactly that, at least for porn. Both Geek Squad and Apple have policies against this, but Apple has no magic psychic employee screening that would prevent bad apples (no pun intended) from slipping through.

Imagine what you would do if it turned out there was a bug in a Netgear or Linksys router that allowed, under special circumstances, a mailicous person to gain access to the full content of your hard disk at any time. Would you have a problem with that?

Yes, of course. Fortunately, a bug in a router that allows active online access to data in your home or business is not anywhere near the same thing as handing your hard drive to a stranger and crossing your fingers that he doesn't abuse the contents. Dave's analogy should be, "Imagine that you opened all the ports on your router to let someone you never met paw through all your data. Would you have a problem with that?" Well, yes. That's why sane people don't do that.

This is worse than Microsoft's neglect of malware that got me to stop using their computers. In that case it was Microsoft being neglegent. This time Apple itself is the source of the problem. It's as if they planted a virus in their operating system that entitled them, under special circumstances, completely out of your control, to gain access to everything on your disk, with as much time as they want, with no way for you to prevent or even detect the intrusion.

Oh my GOD! Apple has somehow installed a "virus" in Mac OS X that forces you to take your unsecured hard drive into their service centers, and that's "completely out of your control." Geez. Dave knows this is false, but he's so upset at not having his hard drive back that he's inflating his problem to try to get other people as upset as he is. He's better than that.

Perhaps because Dave has always lived in big cities, or was away from Apple products for several years, he doesn't remember how warranty service on PowerBooks used to work before most major cities had one or more Apple stores. If there was no repair center within a convenient distance (as has almost always been true here), you'd call Apple's toll-free number, and they'd send you overnight a special shipping container in which you would send your PowerBook to Apple. They'd diagnose and repair it under warranty, or they'd call you and tell you what the non-warranty problem was and ask you to authorize the repair. If you did, they'd fix it. Either way, they'd ship the PowerBook back to you overnight when they were done with it.

The most obvious thing about this plan, which worked fairly well for rural areas like here, was that you should never ever send in the computer with sensitive information on the hard drive. You had no idea who would see it, what they might do with it, or anything else. I, personally, have never even considered that letting them take it into the back room of an Apple Store would be any different. If the computer that needs to be repaired has sensitive information on it, I back it up and wipe the hard drive, restoring the default system on it. This makes sense not only for data security, but for repair work: if the problem exists with a default system installation, Apple can't punt and say "you've installed software, so of course your computer breaks." The main goal of all warranty work from the company's view is to find a way not to spend money replacing any parts.

It baffles me that Dave, who has been around technology for 30 years and even relates a story about sensitive source code sitting labeled on someone's desk, would have failed to consider that anyone repairing his computer could see his unsecured data. Yes, it would be nice if Apple and other repair shops allowed you to purchase back old parts if you wanted, especially when they're commodity parts like hard drives. Yes, I agree that Apple should have made it clearer to Dave that the transaction included Apple keeping his old hard drive, so he could decide not to go through with it.

But "huge security problem" because Dave let people he doesn't know see his unsecured data? No. It's your responsibility not to hand your unsecured data to people you don't know, and I can't possibly get worked up in the slightest over the idea that if you do hand your data to someone you don't know, then it's no longer in your control. That's the entire definition of "handing over unsecured data."

The "problem" isn't that Apple kept his hard drive. The problem is that Dave handed his sensitive data to a third-party in the first place. You don't leave your router open out of an "expectation" that bad guys won't touch your network, and you don't hand your hard drive to third parties with the expectation that they'll decide not to look at it. This is not rocket science.

Extensive Update: Since Gruber's link (thanks), I've gotten three E-mails in about three minutes all asking basically the same question:

What would you recommend for a laptop covered under AppleCare whose hard drive is (seemingly) inoperative? How would you wipe the data before handing it over? Extracting the drive itself would void the warranty, I believe, so in that case what's your best option?

(Thanks to "Greg" for phrasing it so quotably.) The first form of the question was "what if there are damaged sectors and you can't wipe them?" My answer there is not to worry too much: if you can't read or write the sectors, neither can Apple's back-room technicians. There's a small chance that if the hard drive goes back to the manufacturer for rework that they have the tools to recover the data on those sectors, but if they're the only sectors on the drive that weren't erased, the pure odds they contain anything sensitive that's usable are incredibly small.

You can also use file verification tools, like the ones you probably used when backing up the hard drive pre-erasure, to know exactly what files contain the damaged sectors. Unless they're sensitive personal documents, it doesn't matter if they can be read later on.

The form that Greg used is a lot more difficult, though—what happens if the drive is so damaged that you can't erase it at all? This case, and only this case that I've thought about so far, seems genuinely problematic. Apple's page of MacBook Pro Do-It-Yourself manuals omits any mention of replacing the hard drive, although the company provides instructions on how to replace the hard drive in nearly every other model, including instructions specifically for the non-pro MacBook.

Other World Computing has a 20-minute video (click the "hard drive" tab) on how to replace the hard drive or optical drive in a MacBook Pro (15-inch) model, but this Apple discussions thread that references the video also states, without authoritative backing, that opening the case yourself voids the warranty. I thought Apple had to stop doing that about a decade ago due to new consumer-friendly laws, but I don't know if it's true or not.

So here we have the one true problematic case: a hard drive that is so inoperative that it can't even be erased, the possibility that replacing it yourself voids the warranty, and the fact that in most states, Apple will not let you have the bad hard drive back. It is theoretically possible that the drive will be reworked to the point that the remanufacturing company could read some data off the drive, but this seems quite improbable: they're bound to have thousands of these things to do per week, unlike the handful of techs in the back room of an Apple Store or Geek Squad outlet that may have time to kill. Even so, it's also unlikely that they'd have any idea whose hard drive they were reworking, or know to look for anything good. Given the brouhaha over identity theft, you would imagine that there are some strict safeguards in contracts for reworking those drives. (You'd imagine it. You may be an optimist, but you'd think it would have come under consideration previously.)

In this case, the only thing I can think of to do is to contact an Authorized Apple Service Provider (AASP) in your area that's not an Apple Store, explain the situation to them, and ask them to replace the hard drive while you observe and let you keep the old one. This may be incredibly inconvenient, and it may cost a lot more money, and it may not even be possible. But I only think it comes to this in the most extraordinary of circumstances: a drive that went bad so fast that you can't erase most of it under any circumstances.

Note that this is not what Dave Winer described in his original posting:

When I got back from Europe my black MacBook wouldn't boot, it just sat there with a disk icon and a flashing question mark. So I made an appointment at the Apple store in Emeryville to have it looked at.

When I got there, there was no wait, they were calling my name. The repair guy opened the Mac, took out the disk, went into the back room, and came back saying the disk was bad, I'd need a new one. How much? $160. How large? 80GB. I've been buying disks lately, I bought a 500GB disk for $150 a few weeks ago, and just bought a 1TB disk for $280. So I knew that $160 for 80GB, even in a portable form factor, was probably a ripoff, but I figured here I am now, I can get the computer working, so I said OK and shrugged it off.

I think most people reading this (and certainly most MDJ or even MWJ readers) would have first tried to mount the disk on another Mac in FireWire Target Disk Mode and tried to repair or erase the drive. Dave often talks about how many Macs he has, and he's certainly a computer expert, so it's kind of surprising he didn't do this, or buy DiskWarrior or TechTool Pro and boot from those disks to see if they could diagnose the hard drive problem. Or even boot from his Leopard installation DVD and run Disk Utility from the Installer's menu bar. That's certianly what I would do, and have done more than once in the past year.

On the other hand, Dave did what most inexperienced computer users would do—take the computer to the Apple Store and say "fix it." We have no idea what was actually wrong with the disk, if there was a drive mechanism failure or just some bad sectors (or how many bad sectors), how the technicians diagnosed that the drive "was bad," or any of that. It was an internal hard drive, so it should have had S.M.A.R.T. status, but there's no description of it saying the drive had failed. It's entirely predictable in any technology store for harried pre-Christmas employees to run a quick diagnostic and say "replace the part" instead of finding any subtler problems.

My point, apparently, is that no one can say Dave did anything wrong, or even that the Apple Store did anything wrong, because we don't actually know what was wrong with the drive. By Dave's account, the first option he was presented was wholesale replacement of the drive, and he accepted that, leading to the problem that his unsecured drive now belongs to Apple. I can't say with 100% certainty that he should have erased it because we don't know if he could, although it seems likely. I can't say that he should have tried to fix it first because I don't know what was wrong with the drive, although my hunch is that it could have been almost entirely erased first. There aren't enough details here to say what should or should not have happened.

But if it's me? I'm erasing the hard drive, from a different startup disk if necessary, before it goes in for service. I'll know from the backup which files could not be read, and I'll talk to a third-party service provider if necessary to make sure I'm satisfied with the return or the destruction of a drive that may have sensitive data I couldn't erase.

The larger point is that none of this is news to me in any way, because Apple has never guaranteed that data stored on systems in for repair will be preserved. The MacBook Pro Service FAQ explicitly states:

Apple and its AASPs are not responsible for any damage to or loss of any applications, data, or other information stored on your MacBook Pro while performing service.

Similar language has applied to every PowerBook and other computer that I've ever sent to Apple for repair. And, not to hammer the point home unnecessarily, but if you have no nearby AASPs and ask Apple to pick up your computer for service, you are eventually presented with the warranty terms and conditions in a text box and required to agree to them before you continue. These are the same conditions, mandating that Apple keeps any replaced parts, that Dave said were in small print on the back of the paper he had to sign. It doesn't appear to me that Apple is particularly trying to hide anything, especially in the online context.

So, yeah, I see one particular extreme example where Apple's policies could screw you over, but it's still not "news" to me. If worst comes to worst, I do an out-of-warranty replacement on the hard drive, and I file a complaint with my state's attorney general pointing out that Apple refused to honor its warranty without me releasing control of sensitive personal or business data. This usually gets some doors opened.

Oh, one other thing: someone else asked why using FileVault encryption wouldn't solve the problem. That's because FileVault, by default, only encrypts your home folder and its contents. Sensitive information in other directories, like /Library/Application Support/, /Library/Caches/, or /Library/Preferences/ would not be encrypted by FileVault, and most people wouldn't know it. FileVault is still a good idea, but it's not a cure-all.

I had no idea so many people would be interested in this—to me, wiping your data before getting a hard drive serviced is completely obvious and has been for many many years. This is why we don't publish "tips" or "hints" in MDJ and MWJ—most of what other people see as useful "hidden" techniques are either obvious to me or they're undocumented hacks that are fun but not guaranteed to work. I tip my cap to Rob Griffiths for so clearly understanding the difference that is obscured to me.