New Interest in an Old Security Device: Automatic Data Encryption on Hard Drives

The loss or theft of computers containing sensitive data has cost governments and corporations millions of dollars. Spurred by such events, the world's largest hard drive manufacturer, Seagate Technology LLC (Seagate), has turned the security spotlight away from the conventional solutions, which employ software and firewalls, to the use of automatic encryption in hard drives. In a common application, a laptop with Seagate's technology would require the user to enter a password or key before the computer would boot up and the user could gain access to the hard drive. Without the key, all data on the hard drive would be inaccessible. As described by a spokesperson for Seagate, "The encryption keys … are hidden in what we call secure partitions. If you take, for instance, a 200 GB drive, about 10 per cent of that storage is unaddressable by outside resources. We store the encryption keys in that hidden space so that none of other resources in this computer can get to it, [whereas] with software encryption, you have the keys floating around in the [operating system]". While not an entirely new concept, it appears that this time round hard drive encryption will receive much more serious attention. A technology consultant, IDC, predicts that this approach will become the industry standard, in particular, for laptops used within large enterprise organizations. As with many other advances, this innovation is likely to bring with it new challenges. Data recovery will become much more difficult, even impossible, in some cases. Also, automatic encryption could increase the complexity of document discovery under Ontario Civil Procedure Rules 30.01 and 30.02. Electronic discovery of documents pertaining to a case could be "lost" inside one of these hard drives. If it is possible to retrieve the data, it will no doubt be an additional cost to an already expensive process. For articles in IT.business.ca and in The Globe and Mail, see: http://www.itbusiness.ca/it/client/en/home/News.asp?id=40983 http://makeashorterlink.com/?Z43121F1E For a string of Q&As and comments on the topic, see Bruce Schneier's blog on security and security technology at: http://www.schneier.com/blog/archives/2005/06/seagates_full_d.html Summary by: Oren Weichenberg