Encrypt or Lose

[This post originally appeared on Slaw.ca, October 22, 2015]

We all want to be the reasonable person. It’s a figment of the legal imagination but it’s a nice middle ground. Lawyers can protect their client confidential and private information using encryption and securing it with a strong password. At what point is a lawyer not longer acting reasonably when they don’t?

How Do I Get Encrypted?

Since the early 2000s, we have had free full disk encryption software (TrueCrypt) and password managers (KeePass). Cost has not been an obstacle, although you might have needed some technical chops to use them. Then Apple and Microsoft put full disk encryption in your operating systems. Well, they did if you bought a Windows operating system other than a consumer-level Home version.

encryption-and-passwords-over-time-600x446

One obstacle, even when you have the software, is not knowing how to turn it on. You can activate full disk encryption (which means that your entire hard disk is encrypted) by selecting the option in your operating system and turning it on. That will require you to add a password – it should be a strong password, of course – and then the computer will go through an encryption process. This can take hours.

The other may be lack of awareness that the software is available. Only 50% of lawyers responding to the 2015 ABA Legal Technology Survey Report (volume 2, p. 43) indicated they had encryption software available at their firm. The top providers were Adobe, Microsoft Outlook, and Symantec. More than half the law firms responding to the 2014 ILTA Technology Survey (p. 281) were using encryption on laptops, and 14% on desktops. I touched on encryption and key ownership last year but let’s get to the basics.

I Don’t Trust My Operating System

Encryption uses a system of keys, which are stored on your computer’s hard drive. Microsoft can now backup those up and store them in your Microsoft cloud if you use a version of Windows that has it and your system administrator isn’t controlling the keys. Bitlocker allows you to back up your keys to a file, USB drive or even print it off.

If you ever have a problem accessing your encrypted computer, you can get recovery keys from Microsoft. You need to have keys somewhere, or else you can end up with an encrypted drive that no-one can access, if you forget your password. That’s great if you have a backup and it’s someone else trying to access the information. Not so great if it’s you and there’s no backup.

If you use a version of Windows that does not come with Bitlocker activated, there are still many choices of stand-alone full disk encryption. When Truecrypt came to the end of its life, I switched to Veracrypt, a free open source encryption tool.

The primary difference between setting up Windows Bitlocker and Veracrypt or another third-party encryption app is that it operates like any other application. Veracrypt will do a pre-test when you ask to encrypt your hard drive.

veracrypt-pretest-600x394

This is helpful because you don’t want to encrypt your hard drive and then not have it restart. For instance, Windows computers come with two types of firmware. Older computers will have BIOS software that handle what happens when your computer turns on, before your operating system starts. Newer ones will use UEFI. Some full disk encryption software is not compatible with UEFI. Veracrypt isn’t; if you need one that works with UEFI, try Bestcrypt.

Once the pre-test is ready, you will be asked to create a recovery CD. This is similar to the storage of the recovery keys in Microsoft’s cloud or local key management. It enables you to recover should you forget your password and find yourself locked out of your PC. As Gandalf might say, keep it secret, keep it safe. You should not leave this lying around.

veracrypt-recovery-iso-600x483

Once your computer is encrypted, you won’t notice anything particular. Windows runs the same as it did before; the encryption is just a wrapper, and you open it to use your computer. When you restart your computer, you will see a black screen with a password prompt on it. Type in your encryption password. The encryption software will unlock your drive encryption and your computer will start normally. While you are working on it, the system remains unencrypted. Turn off your computer to turn on the encryption again.

Encrypt your computer hard disk so that if it’s ever lost or stolen, you do not have to worry that confidential client information is lost. Activate the disk encryption on your phone and tablet as well, and encrypt portable USB drives by default. The tools are free, usually embedded in your operating system, and easy to use. If your clients ask about the encryption, you can let them know you take your responsibility to protect their information seriously.