Portable computing

Virtual Safe Deposit Box?

A bank safe deposit box, securely stored in a vault behind several feet of concrete on five sides with a virtually impenetrable combination-and-time-lock-protected door on the sixth side, is about as safe a storage place as you can get for your cash, gold, jewels, important documents, and other valuables. You rarely hear of anyone losing valuables from a safe deposit box, but there’s an almost daily news story about sensitive data being lost or stolen. This makes for an interesting thought experiment.

While it’s not possible to provide the physical security of a bank vault on a laptop or other portable storage device, it is possible to protect the information itself with encryption so that only authorized persons can access it.  Take the bank’s physical security out of the mix for a moment, making it possible for someone to walk right into the vault; they still can’t unlock your box without access to the bank’s key and your key. Similarly, encryption requires two keys: the encryption key and a passphrase; without both, the encrypted volume won’t open.

One could say, therefore, that an encrypted volume is a virtual safe deposit box for your valuable data.

If Your Laptop is Stolen, Will Your Identity be Stolen?

We frequently hear news of a laptop holding sensitive information having been stolen. Bad in itself, but the reports often note that the information was unencrypted. Doubly bad. The news rarely focuses on personal laptop thefts, however because there’s no news value in reporting the loss of Joe Citizen’s personal files; nothing of value there, they think. But Joe’s entire life savings may soon be wiped out if he has ever used that laptop for online banking or other financial transactions.

Recently, a friend of mine (who shall remain nameless for security reasons) had his laptop stolen out of his car. Fortunately, he had just purchased it and there was nothing of value on it, but there could have been–he’s an oil company executive. Modern thieves know that if they can get their hands on a computer holding sensitive information — particularly bank or credit card information — they can sell that computer for tens or hundreds of times the value of the hardware. The hardware is virtually worthless to them. From the thief’s point of view, any laptop sitting on the seat or floor of a decent car or a desktop PC in a middle class home office could belong to someone who has access to valuable information.

But, if the data is encrypted, the thief is out of luck.

I’ll cover physical security later. For now, I present Maxim #7:

If you store sensitive information on a PC or laptop, even if it’s only personal information, encrypt the folders or drives where the information is stored and use an unguessable passphrase as the encryption key.