Apparently SSDs have been proving troublesome and are now being melted in a three stage thermite based process. (However I have a suspicion that change in protocol was more of an excuse to use thermite in 'the office', more so than an actual valid issue on security over the wood chipper.)

Eh? shoudn't SSD's be more secure in terms of wiping data, due to how data is erased on a SSD.

It is "not my department" so to speak, so I'm out of the loop on actual details. The impression I got from lunch time talks with one of the techs is that this one model, of which we bought a ton of, supported this fun in disk compression buffer. Before writing data it compared the next write to its buffer and looked for data blocks that could be quickly compressed/cloned to save space. This in turn gave the techs headaches when it came to their over writing protocol software as the drive kept looking at the incoming data and saying "Hey! I have a copy of that over here in the first 5% of the drive, I'll just point to this bit of already written data..." and then not actually forcing deletes on other parts of the drive that still contained potentially sensitive data.

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

Given that much of the sensitive data is frequently made up of streams of fairly random numbers, detecting the difference between a legit random data stream that was previously on the hard drive and a 'safe' random stream used to overwrite it is somewhat non-trivial. So the only data that was allowed to exist on the drives before their destruction is a series of cat photos, that way it is easy to verify that the data is in fact not fractional remains of sensitive material that was required to be fully scrubbed prior to drive physical destruction.

I'm sure it sounds very odd, but the protocol had the drives handled at various levels on their way out. The checks and additional scrubbing just prior to destruction were to weed out issues that were happening in levels above. If the guys handling drive destruction detected data that wasn't suppose to reach them then there was a problem upstream of them. And if they can eliminate the data that the previous department failed to, then there was a problem at the previous department that needed to be fixed/heads roll. Destruction and disposal guys get security clearance to see the data, but the data isn't suppose to have made it to them. (Reduces the ability for someone to nick a drive in transit between its department and destruction.)

And they didnt think of trying to switch from filling with zeros to filling with a stream of ever changing random numbers?

Many SSD's these days tend to use internal full-drive encryption and simply erase the encryption key, permanently destroying all data on the drive. This approach works to the SSD's strengths by reducing the amount of writes required, and is quite efficient especially when done at the hardware level. In theory, if this was done right, there would be no possible recovery. But in practice, nothing is implemented properly and the firmware is so opaque and has so many levels of indirection that you're better off just physically destroying the drive for peace of mind

(just to make it clear, the encryption feature offers no security whatsoever when it comes to someone stealing your SSD, because it is built into the firmware, it exists only so that data at rest can be quickly disposed of without forcibly overwriting every last bit of information and wearing out the drive in the process, and it does not prevent you from using an additional encryption layer if you are the paranoid type)

Locking as requested. One spammer banned; other being watched.