Truecrypt and collateral damage

Last week, the free full-disk encryption program Truecrypt was abruptly discontinued, for reasons that made no sense, and making equally nonsensical recommendations about substitute products to use.

There’s speculation that the creators of Truecrypt received a National Security Letter, but can’t say anything about it. Right now we have to take it as a rumor–it’s bad if governments are cracking down on encryption, but we’ll save that discussion for another day, when we know whether they actually are. Let’s talk instead about why you need encryption if you own a computer, just like you need locks on your front door.

Do you have tax returns on your computer? Have you ever viewed a bank statement online? Have you ever conducted any other personal business on your computer?

If your computer ever gets stolen, or if you ever have to return that hard drive under warranty, or if you ever sell that hard drive to finance the purchase of a new drive, you’ve given that information up to someone else who can potentially misuse it. Unless, of course, you encrypt it. In which case it doesn’t matter, because unless someone knows the password to unlock the drive, they won’t bother.

So if you want to be able to safely travel with your computer, or safely resell your computer or its hard drive someday or even return it under warranty, you need to encrypt the drive. Many people only encrypt laptops, but it makes just as much sense to encrypt desktop computers as well. The likelihood of a desktop computer being stolen is lower, but the other two reasons still apply.

My current and immediately previous employer encrypted all of their computers for just these reasons. We need to do it too.

Unfortunately the current version of Truecrypt is now read-only. Use Veracrypt instead.

But right now, the best thing to do is to take encryption mainstream. Everyone needs encryption, but very few people do it. Indeed, when I say the word “encryption” to financial professionals, who should understand this as part of their job, generally they roll their eyes at me or look at me like I’m from another planet. That needs to stop. You don’t have to be able to design an engine in order to drive a car, and you don’t have to understand the math in order to use encryption to protect your computer. Just do it–here’s a nice guide I found for creating an encrypted volume to hold your My Documents folder, which is a good start. Bo knows enough to do encryption; you do too.

2 thoughts on “Truecrypt and collateral damage

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux