Posted on Jun 7, 2016 by Rick Falkvinge

Privacy habits: Full-disk encryption goes from optional to very recommended

As US authorities decide they have the right to seize any data, the mandatory privacy suite expands: full-disk encryption goes from optional to very recommended, in addition to using a firewall and some sort of encrypting anonymizer.

A decision by a U.S. appeals court says that all your hard drives can be searched without warrant to determine if you’re guilty of a crime, any crime. This means that in addition to an encrypting anonymizer (such as Tor or a VPN) and a good firewall, full-disk encryption is now a must not just for geeks and nerds, but for everybody.

Technically, the appeals court didn’t rule that no warrant was necessary, as in not necessary ever – but it did rule that no warrant was necessary to charge with the crime discovered in the data. A search warrant had previously been issued for a completely different reason, and as the hard drive was being examined, other things were discovered.

This means that as of this verdict, unencrypted hard drives in people’s homes are fair game for any authority. This means that it’s no longer enough to protect the data you transmit out of home, counting on due process to protect you from unreasonable search and seizure and your home being your castle, but also must protect the personal data you store inside of your home from snooping. (At least in the United States, which is primarily affected by this verdict; other countries have other levels of protection, both higher and lower.) Protecting data in transit and in storage are two completely different types of protection – and require different mechanisms.

While you protect the data you transmit and receive using an encrypting anonymizer, such as Tor or a VPN (or preferably both), from this point on, you should also be using something to protect the data you store at home – on your local computer or computers.

Encrypting files one at a time can be a tedious process. No, scratch that. It is a tedious process. Therefore, the go-to solution to safeguard entire computers is something called full-disk encryption. The term means that the computer doesn’t even start until you’ve provided a password which unlocks the hard disk’s encryption, and everything else works just as before. Data is written encrypted to disk, completely transparently to you.

For GNU/Linux users, you’re asked if you want to use full disk encryption when you install. If you have the technical knowledge to use GNU/Linux in the first place, I’m assuming you also have the awareness to already use full disk encryption. Otherwise, look up the LUKS utilities right away in your favorite manual reader (usually Wikipedia).

For Windows users, there’s the built-in BitLocker, which is from Microsoft and therefore untrustworthy by design (sorry Microsoft, but you really really blew your trustworthiness with the malware behavior of the Windows 10 “upgrade”). Instead, the go-to full disk encryption of choice for Windows is still something called TrueCrypt, which has been audited to be secure – at least for the time being – and can be downloaded from Gibson Research. It has the ability to encrypt your entire drive in the background while you keep working, and once it’s done, it will require a passphrase to unlock your computer every time it boots – just the way you want it. After you enter that passphrase, decryption and encryption happens in the background without you noticing, just the way it should be.

The important part here is that an authority which does not have the password has no access to the data on your hard drive. (Unless they throw you in jail indefinitely until you “voluntarily” surrender that password, which the United States has also been known to do. For this reason, TrueCrypt also has an option to use a second fake password to present something that looks like your computer but isn’t.)

The third and fourth important components for privacy is to prevent against intrusion, using some sort of firewall, and identity theft, being careful with credentials and passwords. There are many levels and standards for this and we’ll examine them in a future article.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service

Leave a Reply

Your email address will not be published. Required fields are marked *

3 Comments

  1. Justin Ray Ball

    As a very privacy oriented user, I believe the article could have been better updated to recommend Veracrypt instead of outdated Truecrypt. Veracrypt fixes many problems and offers many improvements. It is also still open source as well.

    2 years ago
    Reply
  2. Michael DiGregorio

    I have yet to go the route of full disk encryption because I am not sure how to enter the needed password (and thus start up the computer) if I were to reboot it remotely. Is there any solution to this on a Windows (10) device?

    2 years ago
    Reply
  3. John Foitik

    You can lock down unused ports, use two way firewall, VPN, antilogger, virtual browser and encrypt your drive; lock down that computer!!! But when you overdo it doesn’ that draw undue attention from the FEDs? I mean, why lock it all down if you have nothing to hide? Isn’t that something to think about?

    1 year ago
    Reply