US Senate computers will use disk encryption

New security measure is meant to protect sensitive Senate data on stolen Senate laptops and computers.

The US Senate will enable disk encryption on all Senate computers as a basic security measure that will make it harder for spies or criminals to extract sensitive data from stolen Senate staff PCs or hard drives.

The decision was taken last month by the Senate Committee on Rules and Administration, which instructed the Senate Sergeant at Arms (SAA) to begin the data encryption process.

Also: After the midterm elections, the odds improve a little for a US privacy law CNET

"I applaud these efforts as this new common-sense cybersecurity policy will better protect sensitive Senate data from those who might wish to compromise it," said Oregon Democrat Senator Ron Wyden, the one who initially pushed the Committee to implement this measure over the summer.

"This new policy will make it much harder for any would-be spy or criminal who steals a Senate computer to access Senate data," Sen. Wyden added. "This is particularly important for laptops, which are more vulnerable to foreign government surveillance when Senate staff take them home or on work-related travel."

Details about the exact timeline or progress of the disk encryption process have not been made available, but Senators and their staff should hope this doesn't go as bad as the adoption of multi-factor authentication. A government report published in September revealed that only 11 percent of the Department of State's devices used multi-factor authentication.

Also: US has a cyberattack ready if Russia interferes with 2018 midterms TechRepublic

It is also no surprise that Sen. Wyden was behind the push to have the Senate deploy disk encryption. Previously, the same Senator had also asked the government to stop using Adobe Flash on its computers and sites, urged the DOD to move all of its sites to HTTPS by the end of the year, asked the White House Cybersecurity Coordinator to deploy a solution that blocks ads on US government networks and computers to ward off malvertising, and has pressed the DHS to deploy an emerging technology called Encrypted Server Name Identification (ESNI).

He also called out the FBI director's 'ill-informed' views on encryption backdoors, pushed Verizon, Sprint, AT&T, and T-Mobile to stop sharing real-time cell phone location data with third-party companies, revealed that US border officials haven't properly verified visitor passports for more than a decade, and inquired the FCC to find out if police stingrays disrupt 911 calls.

Related stories: