A military laptop and a 500‑gigabyte external hard drive were reported as missing earlier today.  Encryption solutions like AlertBoot full disk encryption would have prevented the incident from turning into an information security breach; however, the story has a happy ending.  It looks like the devices were recovered hours ago.

According to thenewstribune.com and columbian.com a civilian contractor had lost the two devices from his unlocked (!) truck last week.  While the information stored on those devices did not contain classified information, the personal details of over 800 Fort Lewis soldiers were included as part of the stored data.

Military spokespeople declined to reveal what type of personal details, stating that they’d “rather not specify.”  Understandable, on the one hand.  Why let the thief know what type of goldmine he’s sitting on?  On the other hand, announcing that there is personal data of any kind at all defeats the purpose—the criminal’s interest would be piqued.

What’s really not understandable is why there wasn’t any laptop security, like disk encryption software, installed.  It’s my understanding that the military had begun, earlier this year, a program to encrypt any and all computers that had data‑at‑rest.  That’s essentially another way of saying electronic data that’s not moving over wires (including wireless networks…which ultimately require wires).

However, it may all be a moot point.  A 17‑year‑old was arrested in connection with the theft, and the laptop has been recovered.  From the looks of it, this guy has been involved in a number of break‑ins, and the guys at Fort Lewis got a break.  Who knows what would have happened if the thief had decided to lay low for a while?

When it comes to security issues, it’s usually human behavior that puts data at risk.  The technology for keeping data safe has existed for decades now.  Advances in technology have made the use of such security solutions easier than ever.  Advances in technology have also made it pertinent to use security solutions.  I mean, 500 gigabytes?  How can one even guarantee that sensitive information was not saved anywhere on that disk?

And yet, as the above case shows, all of this brouhaha because one guy decided not to follow orders.  This is the main reason why I recommend the use of full disk encryption over other types of encryption, like file encryption.  They’re both powerful ways of safeguarding data.  However, file encryption requires that every single file of interest be tagged for encryption—which introduces the human element for every single file.  On the other hand, disk encryption introduces the human element only once: when you first have someone install whole disk encryption on that computer.

Related articles: