New Year's Resolution: Full Disk Encryption on Every Computer You Own
The New Year is upon us, and you might be partaking in the tradition of making a resolution for the coming year. This year, why not make a resolution to protect your data privacy with one of the most powerful tools available? Commit to full disk encryption on each of your computers.
Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it's free. So don't put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012.
Here's some basic info about full disk encryption. You can read this and much more (including information on password security) in our recent whitepaper on protecting privacy at the border.
Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. This mathematical protection works independently of the policies configured in the operating system software. A different operating system or computer cannot just decide to allow access, because no computer or software can make any sense of the data without access to the right key.
Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.
Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.
Choosing a Disk Encryption Tool
Choosing encryption tools is sometimes challenging because there are so many options available. For the best security, choose a full-disk encryption tool that encrypts everything on your computer rather than a file-encryption tool that encrypts individual files separately. This may need to be set up at the time your operating system is first installed. Every major operating system now comes with encryption options.
- Microsoft BitLocker in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows.
- TrueCrypt has the most cross-platform compatibility.
- Mac OS X and most Linux distributions have their own full-disk encryption software built in.
For more detailed information about the advantages and disadvantages of various tools, check out this Wikipedia article comparing full-disk encryption software.
Make a Strong Passphrase and Don't Lose It
Full-disk encryption is most effective if you make a strong passphrase using a technique like Diceware. This or other modern passphrase-making techniques can produce a strong but memorable passphrase.
Remember that access to your data is dependent on having access to your passphrase. By design, if you lose it, your computer and data will be completely unusable. So, make sure your passphrase won't be lost! For many people, this could involve writing it down and keeping a copy someplace different from where you keep your computer. (You can combine your encryption resolution with a resolution to make regular backups, if you're not already doing so. And you can also choose to encrypt your backups.)
Full disk encryption is one of the most important steps you can take to protect the privacy of your data. If you haven't done it yet, resolve to encrypt in 2012.
Read our whitepaper on Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices:
Take the border privacy quiz:
Sign the petition calling on DHS to publish clear standards of handling sensitive data collected at the border:
Recent DeepLinks Posts
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games