What's Missing From File / Disk Encryption?

lockDrive asks: "Every month, we read a news about personal information leak. Most of the time, either a laptop or a hard disk that contains sensitive information is stolen from a government or corporate office, and the data are not encrypted. Recently, Department of Veterans Affairs had lost a laptop which contained confidential information for 26.5 million veterans. The data were not encrypted. There are many products that provide a solution to such a problem. Microsoft Encrypting File System (EFS), which comes with Windows 2000 and later, encrypts data in a file system and seems to have a decent key recovery system in Windows 2003 Server CA. Products like SecureDoc and DriveCrypt encrypt an entire disk. I have tried some of them and they are not that difficult to use. What is holding people who handle sensitive information (government, health-care, insurance ...) back from encrypting their data? Are the products still too hard to use? Are they concerned about performance loss? Are they not convinced with the security gain? Are they just not adopting the technology quickly? Is there anything missing in the technology?"

Answer: The government's backdoor

[Zweideutig]

We need an act to mandate a functional backdoor so that authorized government agencies can access classified data to fight terrorism more effectively.

Re:encryption is a speed bump.

[Jerf]

Only in Hollywood can a brilliant physicist sit down and crack encryption in five or ten minutes, no matter how strong.

Out here in the real world, you're not going to crack correctly-applied encryption in your lifetime, even if your Bruce Scheier, the guy who wrote the book on encryption.

A lot of encryption is misapplied, but short of leaving the password on a post-it note on the machine, or leaving the machine on all the time, full-disk encryption is pretty easy-to-use.