PGP: Whole disk encryption for Mac OS X is 'in active development'
PGP Corp. is planning to release a version of its whole-disk encryption software for Apple Macintosh computers running OS X.
Jon Callas, PGP's chief technology officer, told me on Monday that the software is "in active development" and will run on Intel-based Macs. Callas didn't want to elaborate on a shipping date, unfortunately.
This promises to be a boon for OS X users, especially laptop users who are more likely to lose their machines or run into snoopy border police and airport security guards who want to poke around the contents of their hard drives. Right now there's no way for OS X users to encrypt their entire boot disks.
OS X already features FileVault, of course, but that focuses on encrypting the user's home directory. Without whole-disk encryption, Unix-derived systems including OS X store in unencrypted form details about VPN usage, login times, and what applications are installed in the default location. Some applications including Thunderbird save working copies of documents in an unencrypted area outside the home directory.
Another problem with FileVault is that it hasn't always been implemented that securely. Earlier versions of OS X didn't encrypt the swapfile used for virtual memory, meaning the password could in many cases be easily extracted. And a paper (click for PDF) published last year by Jacob Appelbaum and Ralf-Philipp Weinmann found other potential security weaknesses.
PGP released its whole-disk encryption utility for Windows in May 2005. A perpetual license for PGP Whole Disk Encryption 9.8 for Windows costs $149.
I should also note here that a free volume encryption utility called TrueCrypt was released for OS X last week (it was previously available for Windows and Linux). TrueCrypt doesn't do whole-disk encryption, but it does offer a way to conceal the fact that an encrypted volume exists--although that handy feature isn't yet available on OS X and Linux.
Declan McCullagh, CNET News' chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan. 
customs and immigration officials as you enter the country,
something they have ALWAYS had the right to do so. All your
belongings were and are subject to search, and some new
electronic gadgetry doesn't change that. And encrypting your
data will not prevent them snooping, as you either must comply
with their request to enter your password or be detained while a
judge decides if you shall comply. It is no different than if you
are arrested for a crime. You can give permission to be
searched, or a judge can force you. When entering the country,
you are not assumed innocent nor have you ever been... ;)
If you want real privacy, don't carry secure information on your
person when entering the country from a "volatile" nation.
This program will protect you if you lose your laptop or it is
stolen. It would, hopefully, prevent these stupid bank and credit
employees from losing laptops with 300,000 customers' data
and put their data at risk.
The ruling said that he doesn't have to give up the passphrase because that violates the right against self-incrimination.
So your statement is false.
powers. Governments -- now don't laugh -- are instituted to
protect the rights of the people. Or at least that is how it was
sold.
Also, you should read up on the current Boucher case re: compelled 5A disclosure. It shows that your assumption in that area is wrong as well.
personal effects is expressly limited to contraband and illegal
materials. They do have a right to search your laptop, physically,
but there is currently no law requiring you to share information
on your laptop / personal electronics with them or authorizing
them to compel you to do so. Not that they have not forced
people to do so - just that they don't actually have the legal
authority to (but what are you going to do, stick up for your
"rights"? They DO have the authority to detain you indefinitely
without cause, and their parent agency has been implicated in
extraordinary rendition, which might give you reason to comply
with an extra-legal request of that nature).
Further, information you possess might be classified, sensitive,
or subject to some level of obligatory confidentiality; perhaps
something that Customs agents are not authorized to access or
become party to. Such things exist. If you have any of that
information, you probably have the legal obligation to keep it
private and may well not have the authority to make it known.
Think intelligence data, psychiatric or medical evaluations, legal
documents, trade secrets, letters to clergy from parishoners, etc.
Not only are your 4th amendment rights not trumped by their
mission, but neither are those of your clients or correspondents.
Further, if you actually had illegal information (perhaps copies of
top-secret documents for which you were not authorized),
compelling you to divulge how to access them would constitute
self-incrimination, something you cannot be compelled to do
(yet; pesky 5th amendment - but that specific question is before
the courts right now).
Illegal information really is a tough nut to crack. Keep in mind
that more and more public documents are being classified each
day. You could go to interview someone for your book, only to
return and find out that many of the documents for your
research which were public records were now classified and you
aren't authorized to possess them (I only mentioned it because
that's happened to several people I know). Of course, they ask
you to politely destroy the documents and forget that you saw
them - but they could arrest you.
should assume that some third party is going to gain access to
everything on your devices - and plan accordingly.
For example. If you keep sensitive data on your computer it
should be encrypted. Better yet, keep your encrypted data on a
server somewhere if you need it while traveling.
"Shred" your sensitive files using Secure Empty Trash (Mac) or
whatever you can find to do the job on a PC.
If you don't want someone gaining access to your passwords
don't save them on your computer.
A few years ago, it was reported that the majority of laptop
thefts accrued while going through airport security.
What's the difference in the Feds taking your computer vs some
other thief?
- by nenewsjunkie June 30, 2009 8:39 AM PDT
- I usually just use the built in encrypted disk image function of MacOS X's built in Disk Utility to create easy to use encrypted disk images, This way I don't have to encrypt my entire drive or deal with the possible issues that may raise, and the disk image is actually much more portable, I can move it from machine to machine with ease, all while maintaining the security i need for my documents. I posted a quick little video tutorial on my blog about how to use this function of Disk Utility. Check it out!
- Like this Reply to this comment
-
(17 Comments)http://www.tz42.com/blog/2009/06/30/mac-encryption-using-disk-utility/