2012 resolution: 'Full disk encryption on all computers'
Summary: The privacy rights group is preaching the gospel of encryption in 2012, making the case that whole disk encryption can go a long way to protecting private data on computers.
Privacy rights advocates at the Electronic Frontier Foundation (EFF) are urging computer users to adopt just one resolution in 2012: Commit to full disk encryption on every computer you own.
Following the release of a white paper on protecting privacy while traveling with data on digital devices, the EFF is preaching the gospel of encryption in 2012, making the case that whole disk encryption can go a long way to protecting private data on computers.
Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. This mathematical protection works independently of the policies configured in the operating system software. A different operating system or computer cannot just decide to allow access, because no computer or software can make any sense of the data without access to the right key.
Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.
Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.
The group recommends Microsoft's BitLocker or TrueCrypt to manage the whole disk encryption process.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
So what are the downsides of full-disk encryption?
RE: 2012 resolution: 'Full disk encryption on all computers'
I have a Windows 7 PC (work) and a Mac (home) with full disk encryption on them. The Windows PC uses a 3rd party tool and the Mac uses Apple's new implementation of FileVault which is now full disk encryption.
Windows 7 takes a lot longer to load than I would expect, but that machine has always been encrypted so I don't know if the encryption is causing a slow down or not. Once Windows is loaded, the PC purrs along with no noticeable performance hit at all.
On the Mac the situation is essentially the same except that I don't even notice a slow OS load time. That machine runs just as it did before I encrypted the drive.
Overall it's pretty seamless, pretty painless, and I see no reason not to encrypt, unless you are the type who is likely to forget or lose their password/encryption key.
dsff
Wholesale Racks http://www.chinawholesaletown.com/wholesale-Coin-Tray/ Highlighter Manicure Set
Abacus http://www.chinawholesaletown.com/wholesale-Tangle-Puzzle/ Bar Holder Tray Vocal Concert Products
World Cup Products http://www.chinawholesaletown.com/wholesale-Jute-Bag/ Wholesale Pin Tube Cooler
Hockey Stick http://www.chinawholesaletown.com/wholesale-Menu-Holders/ Golf Pouch Wholesale Clothing
Wholesale Flashlight http://www.chinawholesaletown.com/wholesale-Octagon-Retractable-Clothesline_112230/ Ice Bottle Permanent Match Lighter
Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Pet-Poo-Pick-Bag/ Patient Care Products Hockey Stick
Lunch Box http://www.chinawholesaletown.com/wholesale-Cell-Phone-Sticky-Screen-Cleaner_93119/ Wholesale Tie Wholesale Apron
Baby Products Suppliers http://www.chinawholesaletown.com/wholesale-Coin-Cards/ Badge Reel Medicine Instrument
Wholesale Keyboard http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Wholesale Accessories Money Clip
Lighting Products http://www.chinawholesaletown.com/wholesale-Stamps/ Wholesale Hardware Tools Wholesale Kitchenware
Tube Cooler http://www.chinawholesaletown.com/wholesale-Corner-Flags/ Wholesale Golf Products Wholesale Banner
Ring Whistle http://www.chinawholesaletown.com/wholesale-Pet-Carrier/ Retractable Dog Leash Magnifier Ruler
Wholesale Bag http://www.chinawholesaletown.com/wholesale-Coin-Cards/ Wholesale Clocks Newtons Cradle
Pet Poo Pick Bag http://www.chinawholesaletown.com/wholesale-Glass-Rimmers/ Wholesale Swimming Products Flash Gift
Business Gift http://www.chinawholesaletown.com/wholesale-Luggage-Gripper/ Wholesale Cup Wholesale Mouse
Wholesale Watch http://www.chinawholesaletown.com/wholesale-Pill-Box-Keychain/ Wholesale Carabiner China Wholesale
Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Fish-Scale/ Wholesale Tag Voice Recorder
Dog Waste Bag Dispenser http://www.chinawholesaletown.com/wholesale-Pet-Dog-Leash/ Cleaner Products Wholesale Waterproof Case
Pet Supplies http://www.chinawholesaletown.com/wholesale-Bell/ Wedding Coaster Wholesale Candle
Wholesale Tag http://www.chinawholesaletown.com/wholesale-Note-Pad-Holder-Calendar/ Voice Recorder Electrical Gifts
Wholesale Poncho http://www.chinawholesaletown.com/wholesale-Leather-Pen-Holder/ Wholesale Pedometer Garden Decorations
Boomerang http://www.chinawholesaletown.com/wholesale-Beach-Towels/ Vocal Concert Products Coca Cola Glass
Ice Players Stick http://www.chinawholesaletown.com/wholesale-Bar-Caddy/ Wholesale Coaster Corner Flag
Pet Carrier http://www.chinawholesaletown.com/wholesale-Ring-Mugs/ Sport Items Wholesale Pedometer
Silicone Products http://www.chinawholesaletown.com/wholesale-Bag-Hanger/ Wholesale Puzzle Wholesale Mobile Phone
RE: 2012 resolution: 'Full disk encryption on all computers'
The only performance hit I've really noticed is when doing multiple things at once, like transferring files in the background while opening programs at the same time. Most dual and quad core processors have plenty of cycles to spare to handle the increased load, so it may just be perception on my part.
RE: 2012 resolution: 'Full disk encryption on all computers'
Also should your encrypted drive become corrupted for whatever reason, you may be unable to recover any data.
People who actually carry laptops with highly-sensitive data on them hopefully have it encrypted already...
"Most?"
Even for those who are using cloud storage exclusively, Internet history, stored acct/password data and data syncronized with the cloud is still stored local.
RE: 2012 resolution: 'Full disk encryption on all computers'
RE: 2012 resolution: 'Full disk encryption on all computers'
Full Disk Encryption + SSD = bad
RE: 2012 resolution: 'Full disk encryption on all computers'
Why?
This article http://nakedsecurity.sophos.com/2011/02/28/ssd-encryption-and-decommissioning/ seems to indicate that encryption *before* storing data is fine, although encryption after the fact is less thorough. Is that the "bad" you refer to, or is there more?
I'm genuinely interested as I have limited exposure to/knowledge of SSDs and I am very interested in using hybrid drives in some of my devices. Do you have any enlightening links?
Head's up bloggers
[i]Full Disk Encryption + SSD = bad[/i]
@macadam
[i]Is that the "bad" you refer to, or is there more? I'm genuinely interested as I have limited exposure to/knowledge of SSDs??? [/i]
The issues and caveats associated with FDE + SSD would make for a good in-depth article by Ryan or Dancho, or perhaps Robin Harris @ Storage Bits.
RE: 2012 resolution: 'Full disk encryption on all computers'
In regards to various comments:
@OrlandoHatch
Yes, there is a slight performance hit. If you are using a modern machine, then the hit will be about 2% overhead, which would not be noticeable by users. There are other processes running in the background that utilize more CPU than that. In addition, if your chipset has AES-NI, then we can utilize that and offload all the encryption algorithm to that instead of the main CPU further increasing performance.
@terry flores
Yes I would agree that the performance hit is minimal. I would imagine the only people that would notice it would be those that open multi-megabyte files all day. Otherwise for day to day usage one would not notice the hit. There is an initial performance hit when the HD is being encrypted. This is not due to the overhead, but due to the i/o activity occurring on the HD itself. But once fully encrypted, you won???t notice a difference in performance.
@Scrabbler
I think a lot of things are in the cloud today, but a question I have to ask (and I???m not being factitious at all ??? it???s a serious question) is, do you trust the security of your personal information in the cloud? How secure is it? I will admit I upload personal files to the cloud, but I also encrypt it first to ensure my data is protected.
The corrupted HD is a tough situation. More often than not, with a corrupt encrypted HD situation you will be able to recover the data with the same success rate as if the HD was not encrypted. The one ???gotcha??? would be if the area containing the key was corrupted, then you would be out of luck. (A good practice is to always have a backup of your data, in an encrypted format.)
@macadam, klumper
In regards to FDE + SSD = bad from wendellgee, I believe (this is a big assumption on my part) he is referring to the performance hit on SSDs and encryption. If you have a regular spindle HD, the head on the disk needs to jump around to access the data. This in itself is a slow process and creates the i/o overhead. With encryption the performance loss is ???masked??? because ultimately everyone is waiting for the head to jump around reading/writing the data onto the disk. With SSDs, there are no moving parts as it is solid state. So when data is read/written it happens in parallel. This no longer masks the encryption performance hit because the data is moving fast and furious. (Think of spindle HDs as reading/writing data in series and SSD reading/writing data in parallel.) So with all things being equal, encryption on an SSD will show a larger performance hit vs. spindle HDs. When evaluating potential solutions, you should look for products that can alleviate this performance hit. Features to look for include utilization of the AES-NI chipset to speed up on the fly encryption/decryption and also the ability to choose cipher strength. By default almost every FDE vendor out there uses AES 256-bit key lengths for disk encryption (PGP is guilty of this as well. The combination of 128-bit key and AES-NI vastly improves the user experience for SSD users.
Think about encryption like insurance. We all buy insurance in one form or another (car insurance, medical insurance, home insurance, life insurance, etc). When we buy insurance we often feel that we???re getting nothing out of it. There is no ROI on insurance. You pay monthly for insurance but you simply get a piece of paper that says ???you???re insured.??? Encryption is like insurance, you hope you never have to make a claim on it because if you do, it means you???ve lost your laptop, or your house just burned down to the ground.
RE: 2012 resolution: 'Full disk encryption on all computers'
Isolated storage
So that when it screws up it completely bricks the device.
Keep it in many different areas and many backups.
With computers -- default action is always fail.
Full-disk encryption?
Infographic on Full Disk Encryption