Self-encrypting discs will lock down your data

时间:2019-03-07 11:09:03166网络整理admin

By Joel Shurkin A new way to protect digital secrets promises an end to accidental leaks, but may dismay law enforcers IN JUNE 2009, 45,000 people linked to Cornell University in Ithaca, New York, suddenly had their privacy compromised. Personal data including social security numbers of students, former students, staff and faculty were exposed. But this was no high-tech hack – all of the information was contained in a single stolen computer. Had the data been safely encrypted there would have been virtually no risk, but typical encryption methods require specialised software that few are willing to invest in. Computers are usually protected by a password stored in the disc’s operating system, such as Windows or Mac OS. But the data on the disc itself is not protected, so a savvy technician can sidestep the password protection and access the information. There is a solution: hard disc and flash drive manufacturers have begun distributing storage media that automatically encrypt data as it is stored and decrypt it when it is read back. With only a password required, the need for special security software is eliminated. Within a year or two, researchers say, all hard discs will be protected using this method, known as full-disc encryption. Many businesses and governments use software-based full-disc encryption to protect against such intrusions, but that requires installing software above and beyond standard security packages, which are geared towards defending against viruses and online attacks. Even then, such encryption software can be difficult to use effectively, as a user must specify which files need special protection. Self-encrypting devices instead pack the encryption process into a chip on the disc or drive. Everything on the disc – not just the operating system, but file directories and all of the files themselves – is automatically encrypted and can be accessed using a conventional password only the computer user knows. Anyone trying to access the disc without the password would have to contend with protection that rivals 128-bit or 256-bit Advanced Encryption Standard keys, which are virtually unbreakable. “Hardware is faster than software, more reliable and harder to hack,” says Simson Garfinkel at the Naval Postgraduate School in Monterey, California. Of course, if the password to a drive protected in this way is lost, the data is essentially locked forever, making it a very unforgiving system for everyday consumers. Still, manufacturers including Samsung, Fujitsu, Seagate, Western Digital and Hitachi have all recently announced plans to begin producing self-encrypting media. Government agencies will likely be their first customers: between 50 and 60 per cent of US-government laptops are currently unprotected by specialised encryption software, says Jon Oltsik, an analyst for the Enterprise Strategy Group, an IT and business strategy firm based in Milford, Massachusetts. Such devices becoming widely available to all will likely prove to be a massive headache for law enforcement agencies, because their investigations often depend on recovering stolen or illicit information held on the computers of suspects. Since 2005, over 500 million electronic records containing sensitive personal information have been lost in security breaches, including many from private business, according to Privacy Rights Clearinghouse, a non-profit consumer group. Missing information can mean lost revenue, public relations disasters and law suits. And US law require businesses to immediately report any computer security breach, adding to the expense. “Safe harbor” laws in 45 states protect companies from such exposure, but only if they take measures to encrypt their data, making it likely that businesses will be among the first in line for self-encryption devices in the US. More on these topics: