Federal Computer Week is reporting that the US Army is starting a pilot program to encrypt all data on all mobile devices. But that’s not all:
In the coming weeks, the secretary of the Army will release a new policy on data encryption mandating that each Army laptop PC be designated and clearly tagged as travel or stationary. All travel computers must use commercially available encryption software until an enterprisewide tool is chosen. . . .
The Good News: They Can’t Read The Data. The Bad News: Neither Can We.
Both Windows XP and Mac OS X have encryption options: XP has Encrypting File System; OS X has FileVault. I’m not familiar with the details of EFS, but FileVault is pretty secure – if you lose your password it is all over – you’ve got to wipe all your data. Which is one of the reasons I’ve never used it. Nor have most XP and OS X users. When we think of all the stupid and embarrassing reasons one can lose all data, forgetting the password has to be near the top of the list.
Apple’s FileVault has a Master Password option that will unlock any FileVault account, so a wily admin can set up a way to save forgetful users.
Yet this whole effort is back to relying on passwords, which are usually hackable, to secure data. Not to mention the organizational angst required to manage tens of thousands of passwords. It seems to be a choice among several sub-optimal solutions.
Despite the issues I applaud the Army for mandating encryption. There is nothing like a massive customer spending money to get ingenious people working on better solutions. A large scale test of those solutions will shake out the bugs faster than any beta program. With the Army’s action perhaps we will see more secure and usable encryption options on the market sooner rather than later.