Secure Erase is a function that is built into many memory storage devices by the manufacturer. Invoking the Secure Erase command overwrites the data on the drive by writing ‘I’s and ‘0’s over all the data fields, in some cases as many as three times. This process can take quite some time, and therefore more electrical power. The advantage is that it is designed by the manufacturer so in theory there are no device/software compatibility issues, and it renders the data safe from most methods of extraction while leaving the drive re-usable.
There are some nuances though. The Secure Erase function must be accessed ‘externally’, you cannot invoke it from within Windows for example as the drive would have to erase itself while running….in the case of bad sectors or a bad drive, the Secure Erase function will not overwrite the bad sectors or the bad drive.
In the case of SSDs, the issue is a little more complex due to the FTL-the flash translation layer that manages who and where data is stored on an SSD; the fact that SSDs overprovision data; and that you may need to destroy the drive’s controller.
The FTL is a set of software instructions that manage how and where data is stored on a SSD, it is not the linear arrangement found on a HDD. Because SSDs physically wear faster as they are re-written, the FTL manages a process to spread the data across the entire drive as much as possible to spread the wear evenly across the drive. A document that is edited is not replaced where it was, the new version will be put into the next designated to be worn section, leaving the original intact until a subsequent round of data writing overwrites the original with new data. The FTL assumes that this original data site is blank, so a Secure Erase function must write to every known location on the drive-whether the FTL thinks it is blank or not. By the same token, the over provisioning means there are data ‘places’ above and beyond the stated capacity of the drive that are used as temporary storage locations by the FTL as it manages wear—these over provisioned locations must be erased as well.
Some of the Secure Erase functions work by encrypting the data, and then simply destroying the encryption key. In this case it is recommended that the controller is physically removed and destroyed.
Independent research into the effectiveness of Secure Erase has shown that in a significant percentage of cases the program was either ineffective or run incorrectly, resulting in recoverable data on the drive, therefore the is not an accepted sanitization technique for the NSA, CIA, DoD.