PGP: Whole disk encryption for Mac OS X is 'in active development'

PGP Corp. is planning to release a version of its whole-disk encryption software for Apple Macintosh computers running OS X.

Jon Callas, PGP's chief technology officer, told me on Monday that the software is "in active development" and will run on Intel-based Macs. Callas didn't want to elaborate on a shipping date, unfortunately.

This promises to be a boon for OS X users, especially laptop users who are more likely to lose their machines or run into snoopy border police and airport security guards who want to poke around the contents of their hard drives. Right now there's no way for OS X users to encrypt their entire boot disks.

OS X already features FileVault, of course, but that focuses on encrypting the user's home directory. Without whole-disk encryption, Unix-derived systems including OS X store in unencrypted form details about VPN usage, login times, and what applications are installed in the default location. Some applications including Thunderbird save working copies of documents in an unencrypted area outside the home directory.

Another problem with FileVault is that it hasn't always been implemented that securely. Earlier versions of OS X didn't encrypt the swapfile used for virtual memory, meaning the password could in many cases be easily extracted. And a paper (click for PDF) published last year by Jacob Appelbaum and Ralf-Philipp Weinmann found other potential security weaknesses.

PGP released its whole-disk encryption utility for Windows in May 2005. A perpetual license for PGP Whole Disk Encryption 9.8 for Windows costs $149.

I should also note here that a free volume encryption utility called TrueCrypt was released for OS X last week (it was previously available for Windows and Linux). TrueCrypt doesn't do whole-disk encryption, but it does offer a way to conceal the fact that an encrypted volume exists--although that handy feature isn't yet available on OS X and Linux.

[amandachuck]

Airport security guards can't and won't do that...

Sorry to burst your bubble, but the only people "snooping" are <br />customs and immigration officials as you enter the country, <br />something they have ALWAYS had the right to do so. All your <br />belongings were and are subject to search, and some new <br />electronic gadgetry doesn't change that. And encrypting your <br />data will not prevent them snooping, as you either must comply <br />with their request to enter your password or be detained while a <br />judge decides if you shall comply. It is no different than if you <br />are arrested for a crime. You can give permission to be <br />searched, or a judge can force you. When entering the country, <br />you are not assumed innocent nor have you ever been... ;)<br /><br />If you want real privacy, don't carry secure information on your <br />person when entering the country from a "volatile" nation.<br /><br />This program will protect you if you lose your laptop or it is <br />stolen. It would, hopefully, prevent these stupid bank and credit <br />employees from losing laptops with 300,000 customers' data <br />and put their data at risk.

[The_Decider]

I see you haven't been paying attention

Recently, there was a court ruling about a case with suspected child porn on a laptop crossing the border.<br /><br />The ruling said that he doesn't have to give up the passphrase because that violates the right against self-incrimination.<br /><br />So your statement is false.

[nicmart]

Wrong number

Governments don't have "rights," citizens do. Governments have <br />powers. Governments -- now don't laugh -- are instituted to <br />protect the rights of the people. Or at least that is how it was <br />sold.

[declan00]

Airport security guards

You assume that all airport security guards are in the United States. I would humbly suggest this is a false assumption. (And, yes, for the record, I agree that searches of laptops at U.S. airports would be subject to 4A analysis.)<br /><br />Also, you should read up on the current Boucher case re: compelled 5A disclosure. It shows that your assumption in that area is wrong as well.

[FellowConspirator]

Search by customs...

Keep in mind that Customs officials right to search your <br />personal effects is expressly limited to contraband and illegal <br />materials. They do have a right to search your laptop, physically, <br />but there is currently no law requiring you to share information <br />on your laptop / personal electronics with them or authorizing <br />them to compel you to do so. Not that they have not forced <br />people to do so - just that they don't actually have the legal <br />authority to (but what are you going to do, stick up for your <br />"rights"? They DO have the authority to detain you indefinitely <br />without cause, and their parent agency has been implicated in <br />extraordinary rendition, which might give you reason to comply <br />with an extra-legal request of that nature).<br /><br />Further, information you possess might be classified, sensitive, <br />or subject to some level of obligatory confidentiality; perhaps <br />something that Customs agents are not authorized to access or <br />become party to. Such things exist. If you have any of that <br />information, you probably have the legal obligation to keep it <br />private and may well not have the authority to make it known. <br />Think intelligence data, psychiatric or medical evaluations, legal <br />documents, trade secrets, letters to clergy from parishoners, etc.<br /><br />Not only are your 4th amendment rights not trumped by their <br />mission, but neither are those of your clients or correspondents. <br />Further, if you actually had illegal information (perhaps copies of <br />top-secret documents for which you were not authorized), <br />compelling you to divulge how to access them would constitute <br />self-incrimination, something you cannot be compelled to do <br />(yet; pesky 5th amendment - but that specific question is before <br />the courts right now).<br /><br />Illegal information really is a tough nut to crack. Keep in mind <br />that more and more public documents are being classified each <br />day. You could go to interview someone for your book, only to <br />return and find out that many of the documents for your <br />research which were public records were now classified and you <br />aren't authorized to possess them (I only mentioned it because <br />that's happened to several people I know). Of course, they ask <br />you to politely destroy the documents and forget that you saw <br />them - but they could arrest you.

[rcrusoe]

Forget the government

Anyone traveling with a laptop, smartphone, or flash drive, etc. <br />should assume that some third party is going to gain access to <br />everything on your devices - and plan accordingly.<br /><br />For example. If you keep sensitive data on your computer it <br />should be encrypted. Better yet, keep your encrypted data on a <br />server somewhere if you need it while traveling.<br /><br /> "Shred" your sensitive files using Secure Empty Trash (Mac) or <br />whatever you can find to do the job on a PC. <br /><br />If you don't want someone gaining access to your passwords <br />don't save them on your computer. <br /><br />A few years ago, it was reported that the majority of laptop <br />thefts accrued while going through airport security. <br /><br />What's the difference in the Feds taking your computer vs some <br />other thief?

[nenewsjunkie]

I usually just use the built in encrypted disk image function of MacOS X's built in Disk Utility to create easy to use encrypted disk images, This way I don't have to encrypt my entire drive or deal with the possible issues that may raise, and the disk image is actually much more portable, I can move it from machine to machine with ease, all while maintaining the security i need for my documents. I posted a quick little video tutorial on my blog about how to use this function of Disk Utility. Check it out!<br />http://www.tz42.com/blog/2009/06/30/mac-encryption-using-disk-utility/