A couple of weeks ago on SysAdmin day, I was speaking with a favorite sysadmin and the conversation turned to encryption. Yes, if you hang out with a sysadmin and a security guy, the conversation is that interesting. (Insert yawn here.)
Encryption is the method used to scramble the contents of a file or an entire disk so that it is unreadable to anyone who does not have the decryption password.
While there are different encryption “strengths” that you can use, most of the commercially available products on the market offer encryption that is strong enough that most criminals cannot unscramble or undo the encryption.
In fact the criminals now use encryption in their own operations.
Ransomware, for instance, encrypts your files and demands payment for the decryption key. Even some police organizations have resorted to paying the ransom.
The sysadmin I was chatting with did not believe in the power of encryption. As far as he was concerned, the big government organizations (NSA, FBI, GCHQ, and those types) have already figured out how to break all of the encryption. That type of mindset is not just simple paranoia, it is ADVANCED paranoia!
This is a general problem in the security industry. We want to educate our users about good security, but we sometimes lose sight of what we are really trying to accomplish. If we want to teach folks how to protect their data with encryption, it is counter-productive to then go off the extreme edge about how a government agency can break any encryption.
Don’t encrypt your data because you’re worried that a government will access it. Encrypt it so when you accidentally lose your laptop or portable USB drive, the person who finds it cannot simply read all your private, sensitive information.
I am not myopic. I know that the big government entities can find something incriminating about all of us if they are in a “prosecutorial mood”. After all, all they have to do is turn on the microphone on my cell phone to hear my version of automobile commuter karaoke – hours worth of entertainment.
The commercial products available, such as PGP and even Microsoft’s BitLocker, do an excellent job of protecting your data from prying eyes. (While there are free encryption tools available, my personal recommendation is that you use one that offers good support, just in case you need assistance with it.)
Most of the products are easy to use and require little technical expertise to get set up and running. Of course, I am moderately paranoid, so I recommend you encrypt your entire hard disk rather than just individual files.
Protect your data, and let’s keep singing in our cars to keep the Federal Agents entertained.