It is fairly common to hear about government authorities seizing someone’s personal computer and finding incriminating evidence on the hard drive. Seldom is it mentioned that the authorities needed to work to decrypt the information (though Al-Qaeda apparently adopted encryption technologies enthusiastically).
Why isn’t file encryption more popular? Are people afraid of losing the keys? Is it too cumbersome on Windows and Mac OS? Is is that people don’t have the capability already installed on their PC? (The cheaper versions of Windows don’t seem to have the option to encrypt a folder built in, though there are free ways to add encryption, such as TrueCrypt (better than what’s built into Mac OS and Windows?).)
And how does the move to mobile devices affect criminals who would otherwise use encryption? Is it easy to encrypt folders on an Android or iOS device? (A quick Google search found some Android encryption apps, but not much for iOS; is that because the feature is built into iPads and iPhones?)
All the iPhones since the 3GS encrypts data for the whole disk. This is why remote wiping an iPhone is so fast; it just deletes the encryption key. In addition, there are APIs for encrypting an app’s data.
Those people familiar with encryption by experience — but who are not actually security professionals — are most likely primarily familiar with automatic disk-encryption tools running under Windows whose principal effect is to steal the overwhelming majority of the system’s performance even when they’re running properly, and periodically lock it up entirely (forcing a reboot and the loss of all pending work) when they take it to mind to hog 100% of the CPU. All to encrypt data which is almost entirely not secret, such as the binaries for the OS and common applications. This is a pretty big penalty to pay, just to protect a relatively small amount of data which _is_ secret (various files created or received by the system’s owner).
There are ways around this problem in Unix (and thus, presumably, in OSX, although I don’t use OSX personally and thus couldn’t say from experience). But even there, they aren’t ever the default, and require a fair bit of understanding to configure properly for efficient and secure operation. And under Windows, I honestly can’t imagine how one might do it even in theory.
Except, of course, by the old standby of _manual_ encryption of any data that is _particularly_ secret. That method is certainly effective, and will work just fine under any remotely modern OS. The trouble is that it’s such a massive workflow disruption that it is unlikely ever to be used by anyone except zealots, security professionals, and people who have utterly devoted their lives to some activity which must, at any cost, be concealed from some authority which might plausibly seize one’s computer. Al Qaeda obviously falls into the latter category, but even most career criminals don’t.
The newly released OS X Lion features whole disk encryption, which unlike previous versions doesn’t require drastically higher disk usage: http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13#lion-file-system
Of course, users have the option of letting Apple store the keys in case of a forgotten passphrase, which raises some interesting questions in terms of a subpoena or PATRIOT act request.
Matt – encrypting individual files is pretty INeffective, since when you actually use the data, it gets copied into memory, and therefore often enough into the swap file, and sometimes into temporary files. You might successfully encrypt one copy, but there are often enough many other copies elsewhere on the disk. If your whole disk is encrypted, you have better odds of catching all the copies.
Because it’s not the default. And it’s not the default because it flies in the face of how users expect passwords to work – in the vast majority of scenarios involving passwords data is not lost forever if you forget one.
Someone mentioned OS X. Well OS X may now have built in support for disk encryption, but the box ships wide open – without even a screen saver password lock or boot prompt, never mind encryption. Ditto the iPhone – that flash encryption someone mentioned does not by default safeguard your data because by default it is not keyed to a password. Even if you activate the password feature it is by default four digits with unlimited guesses.
If you ask people up front if they want encryption with an honest explanation of what that means I still don’t think most people would opt in; confronted with a choice of risking their data falling into the wrong hands or risking losing their data forever, most folks, especially those non technical users with an honest appreciation for their own ability to remember long passwords, will quite sensibly opt for the former.
(Lion does have a neat feature where you can store a backup key with Apple. This is clever and offers protection against forgetfulness and petty criminals. I expect it will be popular with non paranoiacs (not me))
My first experience with full disk encryption was a few months ago. I purchased some special FDE hard drives from Lenovo, and plugged them into Thinkpads. You go into the BIOS and set the password. Then whenever it boots up (or wakes from hibernation) you need to put in the password.
Apparently this is some standard, so most Windows laptops might support it. I couldn’t get it to work in a Macbook. The new Intel 310 SSD supports FDE, so it is becoming more common.
Generally it seemed to work pretty well. You are relying on the hard disk manufacturers not to have bugs/backdoors into the encryption. I had looked at TrueCrypt, Mac’s encrypted home directory, and Windows 7 Ultimate methods of encryption previously, but never got going with them for various reasons.
There is a relevant xkcd about this:
http://xkcd.com/538/
A recent story about a court case that will likely test the 5th amendment vs. being forced to decrypt your drive:
http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/
and last but definitely not least one of the leading authorities on security (Bruce Schneier) talking about a variety of these issues:
http://www.schneier.com/news-085.html
Search for “Outlook” to jump down to the section most relevant to the topic at hand, but the whole interview is interesting.
A couple of quick comments…
1. Everyone should use encryption, not just criminals. (I couldn’t tell if you were arguing otherwise)
2. If you want to keep your actions private for whatever reason you shouldn’t own or use any mobile devices. Period. It’s not a “phone”. It’s a powerful desktop computer from 2 years ago with built in GPS tracking, wifi-network triangulating, microphone, gait-detecting, etc. etc. device. It’s the most powerful surveillance tool ever devised.
Peter
My Droid X (Verizon) has a “data encryption” feature. There is scant information about it on the web. This is the most informative thing I found:
https://motorola-enterprise.custhelp.com/app/answers/detail/a_id/57094
It appears to be a Motorola add-on and not part of the stock Android, and it seems to work like the Encrypting File System (EFS) in Windows:
– The device must be locked with a pattern, PIN, or password. (I hope it’s used to protect the encryption key.)
– Only files created after the encryption feature is enabled will be encrypted.
– File *names* seem to remain unencrypted.
Also, speaking from experience, this seems to render the device unable to be mounted as removable USB storage. The files show up but their contents are illegible. Apparently, you’re supposed to use the Motorola Phone Portal, which publishes the device’s contents by means of an HTTP server on the device. Blech.
I suspect that this feature was rushed out the door for enterprise customers.
I use the home directory encryption in OSX (not the new one available in Lion).
It does work. But it does seem to slow down the computer sometimes and it means you can not use the time machine backup (to an external disk) unless you log out of your account.
I think the key to situations like this one:
http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/
Is to never acknowledge that you currently know the password. The very first thing you should say is that the password was complex and based on the tenth word of the first six chapters of a certain book, with certain numeric and punctuation for character substitutions and certain capitalized characters and gosh darn it, you forgot it. Been trying to remember for the last month. You will certainly do your best to help the police get the right password but over the last 1000 attempts you have not figured it out so the probability is actually pretty low. Sorry.
I think the biggest reason encryption isn’t more widespread is simply convenience. My guess is that whole-disk encryption will become more popular than file-by-file encryption, once the performance problems mentioned by Matt have been worked out. (Apple seems to have a pretty good implementation in OS X.)
Puppy Linux (which I’m running on my EEE netbook) includes whole-disk encryption, more or less by default. Everywhere else I’m just using file-by-file encryption (openssl + wrapper scripts). Now that you’ve mentioned it, though, I’m going to take a look at Ubuntu’s support for whole-disk encryption, and for encrypting your home directory.
One of the issues with using file encryption is that you need to make sure that the software will be available when it is time to decrypt the document, which may be many years into the future. This tends to rule out binary-only vendors of encryption, or for that matter even PGP, which is a commercial closed-source vendor (yes, I know their source code is available, but only for review).
GnuPG is a file encryption tool that is based on OpenPGP but its interface is virtually unusable. It is neither fully scriptable nor can one build a GUI for it without using screen scraping. In short, it is not usable by anyone other than the technically adept, and that too, those with plenty of free time on their hands.
Over the past few years, I’ve found truecrypt a useful solution. Source code is free, so there’s a good chance it will exist in some form when the time comes to decrypt. Besides, its a whole-disk encryption system, so once you’re done with mounting the disk, you have little overhead. Not being a cryptographer I cannot say how strong it is, and that’s where the rub lies.
Why isn’t file encryption more popular?
I don’t know. After interning at a DA’s office and seeing people’s most embarrassing google searches of their life, hand-selected from their own computer’s cache from the past couple years, read aloud in court, I run truecrypt on all my PC’s. It’s set so it requires a password on boot up and just presents a “OS not found” error message instead of a password prompt. Provides some deniability and real encryption even if they see past the little boot-up ruse.
I don’t plan on breaking any laws. But if I’m ever accused of it and my computers are taken, I’ll rest easy knowing some ambitious prosecutor won’t be parading around whatever wacky thing I was reading about at 2am, 12 weeks ago and presenting it in a way to make me look like as a much of a weirdo perv as is possible.
I run Debian. There is a simple option, present at install time, to enable full-disk encryption. It “just works”. You can have multiple passwords, and can add and remove passwords at any time, so for insurance you can add a 20-char random string and give it to someone you trust in case you forget the password you usually use. You can also easily enable an option to automatically log in some particular user at boot time without a password, so you only have to type one password (the whole-disk decryption one) at boot time and don’t have to type another after it finishes booting. It is also trivially easy to format a USB disk as encrypted; the system will (unless instructed otherwise) remember its password and automatically mount it when you plug it in. Ubuntu probably inherits all this stuff including the easy installation.
Personally,
I’ve been waiting for hardware encryption to become main stream in laptops. I want the whole drive encrypted so I don’t need to worry about saving things to a specific location, secure deletes of cached files, etc.
As for the general public, I believe that social media and cloud computing are changing attitudes towards privacy in all but a few cases. People are used to sharing, and less used to hiding things. They would rather think about things that give more immediate gratification, like will I see Phil at EAA Airventure this year?
There’s an inherent problem with “Forgetful Boi’s” suggestion of claiming to forget a “complex” password. Let’s suppose the prosecutor is intent enough on getting a conviction to send the computer to the FBI for “advanced” decryption, and it results in uncovering something suspicious. The charges will be amended to include making false statements to a government official, obstruction of justice, interfering with the investigation of a crime, conspiracy, and as many other charges as the vindictive prosecutor can dredge up from the law books.
Even if the defendant is cleared of whatever crime prompted the demand for the password, he could end up in prison for decades because he didn’t cooperate. Prosecutors have numerous ways to wreak pure vengeance on defendants who defy them or otherwise piss them off. Remember, for example, that Martha Stewart went to prison not for insider trading, but for failing to cooperate with the investigation of her broker who improperly used insider information to advise her to sell stock.
Currently there doesn’t seem to be any settled case law on whether police or prosecutors can compel someone to disclose an encryption key. My prediction is that it will eventually end up before the Supreme Court, where the “conservative majority” will issue a 5-4 ruling consistent with their ideological bias toward police and prosecutors.
Disk encryption is complicated and risky (what about back ups?). Vendors are usually not very good at it (My WD World Book freezes too often when using the built-in hardware encryption). That’s why encryption isn’t more popular.
On my Windows laptop I have Truecrypt running. Half of the disk space is a Truecrypt volume labelled “personal”. I use a password like “nincompoop” to access it. Inside the Truecrypt volume there’s a hidden volume called “Top secret”. That’s where I store the pictures of the war crimes my government will do anything to suppress.
If a thief steals the laptop, he will not be able to acces my personal stuff. I might catch him using http://preyproject.com/
If the gubbermint seize me I will, after a little bit of torture, reveal the nincompoop password. They will read my mail (the 0.1% they haven’t already read) and see my other personal stuff. Hopefully that’ll be the end of the story. Should they get the impression there’s a hidden volume, I will most surely have forgotten the passphrase.
I do backups of the encrypted volumes using http://crashplan.com and http://code.google.com/p/duplicati/
Truecrypt is a breeze under Windows. Setting it up on Linux is way more difficult. Haven’t tried it on a Mac.
“There’s an inherent problem with “Forgetful Boi’s” suggestion of claiming to forget a “complex” password. Let’s suppose the prosecutor is intent enough on getting a conviction to send the computer to the FBI for “advanced” decryption, and it results in uncovering something suspicious. The charges will be amended to include making false statements to a government official, obstruction of justice, interfering with the investigation of a crime, conspiracy, and as many other charges as the vindictive prosecutor can dredge up from the law books. ”
Not really. Just because the FBI decrypted it doesn’t mean I remembered my password, just that the FBI discovered the password. Both can be true at the same time.
My story is the same, I forgot the password. But thank you for finding it.
This assumes that the FBI can decrypt anything which is a huge assumption.
Martha Stewart didn’t go to prison for not cooperating. She went to prison beacuse they could prove she lied. But what I propose can only be prosecuted if you change your story.
To me, losing data is a bigger worry than the wrong person getting access to it.