The WSJ reports that Motorola was caught selling pre-owned (technically, refurbished) Xoom tablets with the prior owner's data on it. I've often noted that the use of data encryption like AlertBoot is a precautionary measure because you never know what might happen. This is not quite what I had in mind.
According to wsj.com, 100 of 6,200 Xooms sold via woot.com may have contained personal data such as email and social media passwords. I guess Motorola failed to erase the devices properly. Not that the previous (temporary) owners of the devices ought to be blamed, but if they had turned on the encryption software setting for their Xoom tablets, they wouldn't have this problem. From the Motorola site (my emphasis): Motorola XOOM - Data EncryptionDoes the Motorola XOOM support data encryption?====================Yes, the Motorola XOOM does support data encryption. You can encrypt your accounts, settings, downloaded applications and their data, media, and other files. Once you encrypt your tablet, you can't unencrypt it except by performing a factory data reset, erasing all the data on your tablet. Encryption takes up to an hour. You must start with charged battery and keep your tablet plugged in until encryption is complete. If you interrupt the encryption process, you will lose some or all your data. Since Motorola was reselling these, they had to make sure that it looked and operated as close to brand new as possible. I'm an iPad user myself, but I assume that with encryption turned on, a password is always required to access the device. Otherwise, what's the use, no? It'd be like taking an extremely expensive personal safe and using it as an open bookcase. Anyhow, consider Motorola's position: here's a device that's about to be sold as a refurbished item and nobody can get in the device because of the password. What do they do? Reset the encryption (i.e., blow away the encryption key), erasing all the previous data in the process. In fact, I'd probably do it the lazy way: 10 wrong password entries and Bob's your uncle.
According to wsj.com, 100 of 6,200 Xooms sold via woot.com may have contained personal data such as email and social media passwords. I guess Motorola failed to erase the devices properly. Not that the previous (temporary) owners of the devices ought to be blamed, but if they had turned on the encryption software setting for their Xoom tablets, they wouldn't have this problem. From the Motorola site (my emphasis):
Motorola XOOM - Data EncryptionDoes the Motorola XOOM support data encryption?====================Yes, the Motorola XOOM does support data encryption. You can encrypt your accounts, settings, downloaded applications and their data, media, and other files. Once you encrypt your tablet, you can't unencrypt it except by performing a factory data reset, erasing all the data on your tablet. Encryption takes up to an hour. You must start with charged battery and keep your tablet plugged in until encryption is complete. If you interrupt the encryption process, you will lose some or all your data.
Motorola XOOM - Data EncryptionDoes the Motorola XOOM support data encryption?====================Yes, the Motorola XOOM does support data encryption.
You can encrypt your accounts, settings, downloaded applications and their data, media, and other files. Once you encrypt your tablet, you can't unencrypt it except by performing a factory data reset, erasing all the data on your tablet.
Encryption takes up to an hour. You must start with charged battery and keep your tablet plugged in until encryption is complete. If you interrupt the encryption process, you will lose some or all your data.
Since Motorola was reselling these, they had to make sure that it looked and operated as close to brand new as possible. I'm an iPad user myself, but I assume that with encryption turned on, a password is always required to access the device. Otherwise, what's the use, no? It'd be like taking an extremely expensive personal safe and using it as an open bookcase.
Anyhow, consider Motorola's position: here's a device that's about to be sold as a refurbished item and nobody can get in the device because of the password. What do they do? Reset the encryption (i.e., blow away the encryption key), erasing all the previous data in the process. In fact, I'd probably do it the lazy way: 10 wrong password entries and Bob's your uncle.
Regardless of what the device happens to be, if you carry sensitive data on a digital device, you're best off using full disk encryption on it. What is full disk encryption? As the name implies, it's when the entire hard disk is encrypted so that the contents are protected no matter what. This way, there are no loose ends when it comes to your data security. For example, you won't be left wondering whether that last file you received via email was actually encrypted or not. As you can see from Motorola's explanation, disk encryption takes a little time to complete. In fact, it's directly proportional to the capacity of the storage media: generally, the bigger it is, the longer it takes. The speed of the CPU, the amount of RAM, and other factors do play a factor, but the biggest by far is the capacity. After all, we're talking about encrypting every single bit, every single byte, every single sector on the disk. But, it's worth the wait. You only need to encrypt it once -- unlike file encryption, which requires one to go through the encryption process each time you create a new file -- and after that your only worry is trying to not forget your password. (Of course, managed encryption service providers like AlertBoot have ways to reset your password after confirming your identity, as well as providing reports for monitoring and audit purposes. That's the beauty of having a third party manage stuff for you.)
Regardless of what the device happens to be, if you carry sensitive data on a digital device, you're best off using full disk encryption on it. What is full disk encryption? As the name implies, it's when the entire hard disk is encrypted so that the contents are protected no matter what. This way, there are no loose ends when it comes to your data security. For example, you won't be left wondering whether that last file you received via email was actually encrypted or not.
As you can see from Motorola's explanation, disk encryption takes a little time to complete. In fact, it's directly proportional to the capacity of the storage media: generally, the bigger it is, the longer it takes. The speed of the CPU, the amount of RAM, and other factors do play a factor, but the biggest by far is the capacity. After all, we're talking about encrypting every single bit, every single byte, every single sector on the disk.
But, it's worth the wait. You only need to encrypt it once -- unlike file encryption, which requires one to go through the encryption process each time you create a new file -- and after that your only worry is trying to not forget your password.
(Of course, managed encryption service providers like AlertBoot have ways to reset your password after confirming your identity, as well as providing reports for monitoring and audit purposes. That's the beauty of having a third party manage stuff for you.)
Related Articles and Sites:http://blogs.wsj.com/digits/2012/02/03/oops-motorola-resells-uncleared-xoom-tablets/https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/62464/~/motorola-xoom---data-encryptionhttp://androidcommunity.com/refurbished-xoom-units-from-woot-contain-old-user-data-20120203/