I don't hear a lot of people nowdays talking about the problem with deleting sensitive data on solid state drives. Back when we stored computer data on disks, it was relatively easy to delete sensitive data permanently. Just overwrite the data with all 1's and then all 0's like two times and the data becomes unrecoverable even in laboratory conditions.
However, solid state drives are very different than disks. With solid state drives, the physical storage for the bits of information can wear out, meaning that in order to prevent important info from being lost, it must be transferred before the bits break. And if it's sensitive information that is being stored in those bits, then that means that this sensitive information can stick around at the old location, even after it's deleted at the new location.
I hear that a few solid state drives are supposedly manufactured with the ability to delete information permanently, but it's a hardware feature, meaning it's infeasable for the average perdon to actually test. Not to mention how little software there is that can actually take advantage of this feature.
There are obviously destructive ways to remove data from a solid state drive, and those make sense to use in some circumstances, but nobody wants to buy a new solid state drive every time they delete a file.
So then that begs the question. Why don't we hear people talking about this issue? Well, my guess is because we already have something which can give us almost the exact same result as deleting information from a solid state drive, and that is encryption. Deletion removes 100% of peoples' ability to access the data. And encryption removes 99.999...% of peoples' ability to access the data.
All you have to do is encrypt your hard drive, move the data into RAM when you need to use it, decrypt it in RAM, and then encrypt it again when you need to store it back in the solid state drive. The Linux kernel has a feature I use every day that does exactly this. I also read that VeraCrypt does this. Since RAM is overwritten constantly and loses all data when it's unpowered, the result of these tools is that your data is pretty much inaccessible to everyone except you.
In most cases that's good enough. But in some cases that isn't. You don't have to be a security expert to figure out how to get around encryption: go through the person with the password. That's why when trying to catch a cyber criminal, law enforcement will try to catch them while they are unlocking their computer. That's why your prankster roommate will get on your computer while you're off going to the bathroom. And that's why a violent criminal will buy a $5 wrench from the hardware store and beat you with it until you give up the password.
So long as someone has access to your physical hard drive and your password/encryption key, they will still be able to access and decrypt any deleted sensitive data that was unlucky enough to get caught in your solid state drive's wear leveling.
So is that it? Is there nothing that can be done about this? Well, believe it or not, a solution already exists. Just change your password and re-encrypt your entire solid state drive. Any data you deleted previously that may be hanging around in your solid state drive will be encrypted with a password/encryption key that is no longer being used anywhere.
Unfortunately, this strategy has some problems. First of which is that it only works on data that was deleted before you re-encrypted the solid state drive. For those of us that are so inflexible that we go days (or months...) without restarting our computers, asking us to memorize a new password and drop everything else we were doing to re-encrypt our solid state drive is a huge ask! This means that the amount of sensitive data that is sitting un-deleted on our solid state drives is going to be a lot bigger than we might want it to be.
Secondly, re-encrypting a solid state drive is going to wear it out a little, just because of all the bits you've flipped. And if you re-encrypt your drive every time you delete a piece of sensitive data, that is going to add up!
And thirdly, re-encrypting a solid state drive takes a lot of time. In a world where people like to measure their reboot times in seconds, people aren't likely to be very happy waiting out the minutes and hours it might take to re-encrypt their full solid state drive.
So do we have any other options? The short answer is nope. Not right now at least! But the long answer is yes. There is a way that we could continuously remove access to old copies of our sensitive data without having to expend excessive time, money, or effort in order to do so. The solution is to have different encryption keys for different locations in memory, and then to change those keys every time the data is modified. Imagine having a different key for every individual megabyte in memory, and every time you update a megabyte, you replace the key with a new one.
Of course, this still has an issue to address. How can you manage those keys? If you store them all in one big file then you are going to end up having to re-write that file constantly, which drastically increases the chances that the keys themselves end up being captured by the wear leveling process. And if there is a chance the attacker will have access to your old keys, then that gives them a chance to also access old copies of your sensitive data.
Every megabyte can have its own key. And then every gigabyte can also have it's own key in order to encrypt the file where each of its megabyte's keys are stored. And then every terabytecan have a key in order to encrypt the file where each of its gigabyte's keys are stored. Every time you edit a megabyte, you re-encrypt it with a new key and edit the key's value in the gigabyte's key file. Everytime you edit a gigabyte's key file, you re-encrypt it with a new key and edit the key's value in the terabyte's key file. Every time you edit the terabyte's key file, you re-encrypt it with a new key. For some easy bonus points, you can chain together a few extra keys in order to completely eliminate the ability for a full usable chain of keys to get wear-leveled.
With this, you never have to change your password, you never have to wait for terabytes of data to get encrypted, and you don't have to drop your hard drive into a volcano every time you want to delete some sensitive data.