Full Disk Encryption on Every Computer You Own
Commit to full disk encryption on each of your computers.
Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it’s free. So don’t put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012.
Here’s some basic info about full disk encryption. You can read this and much more (including information on password security) in our recent whitepaper on protecting privacy at the border.
Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. This mathematical protection works independently of the policies configured in the operating system software. A different operating system or computer cannot just decide to allow access, because no computer or software can make any sense of the data without access to the right key.
Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.
Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.
Choosing a Disk Encryption Tool
Choosing encryption tools is sometimes challenging because there are so many options available. For the best security, choose a full-disk encryption tool that encrypts everything on your computer rather than a file-encryption tool that encrypts individual files separately. This may need to be set up at the time your operating system is first installed. Every major operating system now comes with encryption options.
- Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows.
- TrueCrypt has the most cross-platform compatibility.
- Mac OS X and most Linux distributions have their own full-disk encryption software built in.
For more detailed information about the advantages and disadvantages of various tools, check out this Wikipedia article comparing full-disk encryption software.
Make a Strong Passphrase and Don’t Lose It
Full-disk encryption is most effective if you make a strong passphrase using a technique likeDiceware. This or other modern passphrase-making techniques can produce a strong but memorable passphrase.
Remember that access to your data is dependent on having access to your passphrase. By design, if you lose it, your computer and data will be completely unusable. So, make sure your passphrase won’t be lost! For many people, this could involve writing it down and keeping a copy someplace different from where you keep your computer. (You can combine your encryption resolution with a resolution to make regular backups, if you’re not already doing so. And you can also choose to encrypt your backups.)
Full disk encryption is one of the most important steps you can take to protect the privacy of your data. If you haven’t done it yet, resolve to encrypt in 2012.