What's Missing From File / Disk Encryption?

lockDrive asks: "Every month, we read a news about personal information leak. Most of the time, either a laptop or a hard disk that contains sensitive information is stolen from a government or corporate office, and the data are not encrypted. Recently, Department of Veterans Affairs had lost a laptop which contained confidential information for 26.5 million veterans. The data were not encrypted. There are many products that provide a solution to such a problem. Microsoft Encrypting File System (EFS), which comes with Windows 2000 and later, encrypts data in a file system and seems to have a decent key recovery system in Windows 2003 Server CA. Products like SecureDoc and DriveCrypt encrypt an entire disk. I have tried some of them and they are not that difficult to use. What is holding people who handle sensitive information (government, health-care, insurance ...) back from encrypting their data? Are the products still too hard to use? Are they concerned about performance loss? Are they not convinced with the security gain? Are they just not adopting the technology quickly? Is there anything missing in the technology?"

Re:encryption is a speed bump.

Simple, first kidnap you and your kids. Then slowly torture one of your kids to death to prove I am serious. After that you would do anything, even give up the key/passphrase to save your other kid. I am sure you can come up with several other methods that would work for people without children.

Re:encryption is a speed bump.

[Bazzargh]

Simple, first kidnap you and your kids. Then slowly torture one of your kids to death to prove I am serious. After that you would do anything, even give up the key/passphrase to save your other kid. I am sure you can come up with several other methods that would work for people without children.

I keep one of the twins, Alice, in the firesafe to prevent this kind of attack. Bob is kept offsite as a backup.

Re:-truecrypt?

[jrockway]

> throw you in jail for contempt

That could be good. Let's say they're investigating you for drug trafficing, but really you're planning to overthrow the government and all the plans are on your hard drive. OK, so they assume "the worst" and that you're a big drug dealer, and they throw you in prison for 15 years or something. Meanwhile, your rebel co-conspirators weren't revealed, and they successfully overthrew the government. Obviously you are freed from jail, and everyone is happy. (I should write movies :)

And anyway, crypto isn't always about protecting yourself -- it helps keep honest people honest, too. Do you really want your bored UNIX admin reading your mails from your girlfriend about how much she likes your hair (or whatever)? No; so encrypt it.

(As for disk encryption, do you really want your relatives going through your e-mail and IM conversations [or pr0n stash] if you suddenly die or something? No; so encrypt it.)