A case study in the pit falls of whole disk encryption and how it can be real pain.
After countless news stories of laptops lost while filled to the brim with juicy patient and employee data our UAB wise bureaucracy has leapt into action. Now mind you, the less informed might wonder why personal information was being stored in such a portable form as a laptop, and why such a tantalizing piece of electronic convenience was left unguarded. No, my university has in its wisdom declared that all university laptops be fully encrypted with university issued software.
Why should that involve a lowly grad student who's research will never involve any private data? Why should this affect the hundreds of researchers who would never have non anonymized data? Well aparently the univerity is also worried about some one stealing our scientific data too. Frankly as a scientist I can barely make a living with it; what would a common thug do with it? We're NHI funded anyways so any papers we write about the data is pubic access within 6 months.
So why the rant? Well, six month ago the people who have graciously offered to pay for my education under a federal training grant program asked me if I wanted a free laptop. Well duh, my faithful Toshiba is showing its age. Because my computer is university owned I have to go bring it in to have it encrypted. Mind you I don't keep any data on my machine for convience; instead I just remote desktop my machine at school. That machine has all the software I need and access to a shared network drive for the lab. But the university insists that all my mp3s, family vacation pictures and saved half-life2 games are safe should my computer be stolen.
I also happen to be ward clerk and keep some sensitive information on my computer too, but they didn't know about that. So in part to keep things safe and in part to play around with some freeware I had created a hidden encrypted partition with Truecrypt that I doubt the FBI could have cracked. So frankly I had things under control.
But, I aquiessed to their demands and bring my computer in to be encrypted. Three days later, after some confusion about my already encrypted partion, I get my computer back on a friday. Sunday morning at 7:20 am (yes it's early) my computer goes to sleep (not fair I wanted to sleep too). I turn it back on for the next meeting and enter my password and it crashed, the full enchalada, bluescreen, something about a memory dump, and it resets. Odd, but it reboots and the encryption software asks for my password. Then, windows declares my boot record is fubared and it needs the windows disk. Now such an catastrophe has been anticipated for. Windows can repair itself, as a Dell it has recovery partion that is bootable, once the boot record is repaired windows can use a restore point if more than just the boot record is fubared. BUTT, all of this is worthless to me becuase booting from the window disk won't allow it to read my fully encrypted hard drive and I can't get to the Dell recovery partition (als because of the encryption).
Good news I'm not fixing it, bad news it's going to take the university guys a few days to make an image of my hard drive (for safety), decrypt it (can take 24+ hrs), fix windows (this is the short part), and then reencrypt my hard drive.
Next time I ingnore the emails.
Subscribe to:
Post Comments (Atom)
.JPG)
2 comments:
Bueracracy at it's finest moment! Aren't you glad we have people worrying about taking care of our propety for us? It makes me feel so much more free when I know that I really have no reponsibility for taking care of my own things.
The creepy part was the fact they still had the back up of my hard drive from when they encrypted it. So if our family vacation photos show up on the internet I'll know who waterboard.
Post a Comment