Protecting Your Data
Portability Increases Risk
Only a few years ago, data encryption was relatively unknown to most computer users. They realized that governments and corporations used this protection, but why did they need it?
Most people only had a desktop computer and connected mostly using a phone modem. Interactions with the Internet were relatively brief and their computers only left home (or the office) when going to the repair shop.
Today, more folks are using laptops as well as smart phones, net books and other mobile devices often containing a lot of personal information as do the USB drives and thumb drives we used to store and transfer data. Because they are portable, they are at greater risk for loss or theft.
Data Encryption Moves Mainstream
Windows 7 Ultimate includes BitLocker Drive Encryption and the Encrypting File System. This capability is easily obtained for other Windows versions by installing third-party software such as ZoneAlarm's DataLock Hard Drive Encryption.
But how secure is that encryption software?
Snowden Reveals Massive NSA Access
Edward Snowden, a former contractor for the NSA, revealed that NSA has backdoors into virtually all operating systems and commercial encryption software — realtime access into anybody's computer was a reality.
Governments and corporations are using the threat of terrorism to spy on their own citizens without any oversight from independent third parties and changing laws that protect your privacy so they become ineffective. Everything they have is a state secret, but nothing of yours is. It is this morally-bankrupt status that Snowden felt compelled to reveal.
What Can You Do? Five Recommendations
Don't be fooled that your communications are uninteresting — that only the “bad guys” are targets.
The NSA is spending incredible amounts of money to ensure that it can see into your computer, compromise your network and to record your phone calls, then storing the information for later study.
- Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
- Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you're much better protected than if you communicate in the clear.
- Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
- Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
- Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
I strongly recommend reading the entire article for the context and to understand what Schneier is saying.
What Does It Do?
Data encryption solutions can vary from encrypting specific files or your whole drive. This protection is not dependent upon Windows security — it works even if someone removes your hard drive.
Which is best depends upon the nature of the information on your computer and how it is used.
Laptops More Vulnerable
If your computer is a laptop, you may wish to encrypt the entire drive. This ensures that all your data is safe if the computer is lost or stolen.
Alternatively, if only certain folders contain vulnerable information, you can simply protect those folders.
How Does It Work?
Usually the encryption software starts with Windows (or your particular operating system). You are required to login to use the encrypted information (or when opening certain folders if only specific folders are encrypted).
Once you have done this, operating the computer should be the same as it is with an unencrypted computer.
On modern computers with sufficient RAM and other resources, the overhead of running this software should be minimal. Older computers may suffer slowdowns or jerky operation if there are insufficient resources to run the encryption software properly.
Security Relies on Passwords
The security of this solution is dependent upon the quality of your passwords. You should take a moment to review the qualities that make a good password and ensure it isn't compromised.
There are a number of good encryption solutions. Pretty Good Privacy (now owned by Symantec) was one of the original products.
- Pretty Good Privacy on Wikipedia.
Folder Encryption Solutions
SafeHouse Explorer is a free encryption solution for disks and memory sticks.
- SafeHouse Explorer uses passwords and maximum-strength 256-bit advanced encryption to completely hide and defend your sensitive files, including photos, videos, spreadsheets, databases and just about any other kind of file that you might have.
Cypherix has a number of products including corporate solutions.
- Cryptainer LE a free disk encryption software, creates multiple 25 MB of encrypted and password protected drives/containers.
- Secure IT encrypts all your files and folders. All you need to do is select a file you want to encrypt and assign a password.
- Cryptainer PE protects your data by creating multiple encrypted vaults for all your files and folders using 448-bit strong encryption without changing the way you work.
TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
FreeOTFE is a free, open source, "on-the-fly" transparent disk encryption program for PCs and PDAs that allows you to encrypt the entire drive.
- Supports all versions of Windows from Windows 2000 onwards (including Windows 7).
- No need to install it; making it ideal for use on USB memory drives, etc.
- Highly portable. Not only does FreeOTFE offer portable mode, eliminating the need for it to be installed before use, it also offers FreeOTFE Explorer — a system which allows FreeOTFE volumes to be accessed not only without installing any software, but also on PCs where no administrator rights are available. This makes it ideal for use with USB flash drives, and when visiting Internet Cafês, where PCs are available for use, but only as a standard user.
More About Encryption
These sites have useful information on encryption:
- A Guide to PGP Encryption from Data Recovery Labs.
- Peter Gutmann's Encryption and Security Tutorial.
- Matt Blaze's cryptography resource will give you more insight to this technology and the various issues, including legal issues.
More About Related Issues
Protecting Your Online Identity
The following related pages offer more information about protecting your online identity:
- Avoiding Spam — Unsolicited Emails and Mailing Lists
- Phishing & Identity Theft — Obtaining Information by Deceit
- Proper Email Address Etiquette — Using To:, CC: & BCC: Correctly
Securing Your Computer
The following related pages offer more information about securing your computer:
- Security Basics — Preventing Unauthorized Access
- Security Strategies — Avoiding Infections
- Firewalls — Your First Line of Defense
- ZoneAlarm Security — Recommended Firewall Products
- Anti-Virus Protection — Current Alerts, Strategies, Hoaxes & Software
- Passwords — Protecting Your Electronic Signature
- Your Privacy At Risk — Spyware Detection & Removal
- Web Security — Vulnerabilities in Internet Software
- Windows Security — Vulnerabilities in Windows
Updated: September 16, 2013