FTC CTO: Full Disk Encryption Is Important In Preventing Crime
from the taking-a-stand dept
While the FBI and NSA continue their campaign to fight against allowing encryption for devices, it’s clear that not everyone in the government agrees. It does appear that there’s a bit of a fight going on within the administration over where to come down (as President Obama himself admitted), and in a recent blog post, it seems pretty clear where the FTC comes down in this debate. The FTC’s CTO, Ashkan Soltani, who has long been a strong user-privacy advocate (and before joining the FTC helped in some of the reporting on the Snowden documents), wrote the blog post celebrating the virtues of full disk encryption and other “end user device controls.” It starts out by noting that when he recently lost his own laptop, he wasn’t that worried, thanks to the fact that it was encrypted.
Strong end-user privacy and security controls, such as device encryption and firmware passwords, not only protect personal information from unwanted access ? they can also make it easier to recover lost or stolen devices as well.
Last month, I had the misfortune of having a personal laptop stolen.
Fortunately for me, while I was a bit bummed about losing my two-year-old laptop, I backup regularly and always enable disk encryption which is an important step to protect the information stored on the hard-disk from unwanted access by criminals, employers, or other actors (with the exception of very sophisticated adversaries).
He notes that this actually allowed him to help track down the device, because whoever ended up with the “useless” laptop tried to bring it to an Apple Genius Bar, which resulted in Soltani receiving an email.
Fast forward to a few weeks later, when I received an email to my personal account notifying me of an upcoming Apple Genius Bar visit. I was initially confused by the email but soon realized that it’s probably the thief (or the undiscerning buyer) of my laptop trying to take it into Apple for repair ? likely because they?re unable to use it without knowing the firmware password I set.
I immediately began calling local law enforcement and the nearby Apple stores notifying them of the theft and this development. After a few phone calls and the help of a fantastic Sergeant in the Local Crimes Unit of the Sacramento Police department, I was able to coordinate an agreement whereby Apple would notify law enforcement if the new user brought the machine in for repair. After an initial disappointment on account of the suspect skipping his Genius Bar reservation, a representative from Apple Customer Relations notified me that the device was brought into another store and they were coordinating with Sacramento Police Department to return it to me. I?m unclear as to whether they were able to track down the original thief.
And thus, the FTC’s CTO makes it clear that full disk encryption has benefits beyond even just keeping your own data safe:
In the end, strong end-user controls like device encryption and firmware passwords not only protect sensitive info stored on the device, they also prevent criminals from utilizing stolen property. The more devices feature strong end-user controls, the less likely thieves can profit from their theft on the open market.
Given that the FBI is supposed to be interested in preventing crime, you’d think James Comey would support that kind of thing…