Download a la Mode, Part 3:
Free Tools to Ease Data Loss/Theft Concerns

Copyright 2005 Miguel Guhlin

Read Part 1 | Part 2 | Part 2a

"The thief broke in, stole my computer, my USB external drive," the potential identity theft victim began, "and now I'm worried that my unencrypted bank account files, my social security number and health information...my whole life is out there on the Internet being shared among thieves." If you have not considered this scenario, then you need to. It can take years to get past identity theft, especially when electronic confidential data is involved (if you think you may have been the victim, take these steps mentioned in SideBar #1 immediately). As more of us work on mobile computers, we begin to save our confidential data on them. But, how do we protect that data against unauthorized use?

Encryption of data files can address these issues. There are corporate solutions (check sidebar) that your workplace may choose to use to encrypt data, but use of these may be non-existent in K-12 education. And, what do you do with the information you have at home or away from work that is confidential? This article explores how you can use free software tools--regardless of whether you are a Mac, Windows, or Linux user--to protect your confidential data.

A WARNING
If you use these encryption tools on your work computer, make sure that you provide a copy of the private key and passphrase to your employer. Since you can create multiple keys--one for use at work, the other for personal use--keep them separate or on a USB Flash Drive (e.g. Pendrive). This enables your employer to access your work data--which is within their rights since you created it for them under work for hire.

WHY PROTECT CONFIDENTIAL DATA?
Ensure you will not ever have your data used without your authorization by malicious strangers--encrypt the data on your hard drive. We so often shred paper documents that we leave unencrypted on our computers.

In addition to encrypting data on your hard drive, you are also able to encrypt email messages you send to others. While some question why they would ever encrypt their email, remember that information about you can be used by a criminal. This is especially important if you take advantage of WiFi hot spots (Read SideBar #2). Unless you are using a Virtual Private Network (VPN), your data can be easily accessed by others. Once your data has been encrypted, it is not viewable by others, even while in transit. When the encrypted email arrives at its destination, the recipient can decrypt it. Confidential data can then sit on the computer--safely encrypted--until the reader needs to access it.

MOBILE LAPTOP USER? YOU NEED ENCRYPTION!
Not sure about that? Not a high priority or encrypting your data takes too much time? Then, consider these statistics:

  • More than 600,000 laptop thefts occurred in 2004, totaling an estimated $720 million in losses and totaling an estimated $5.4 billion in theft of proprietary information. Source: Safeware Insurance, 2004
  • 73% of companies do not have specific security policies for their laptop computers. Source: Gartner Group, 2003
  • Informal surveys show that thieves are intent on selling the data in 10 to 15 percent of laptop thefts. Source: Securityfocus.com, 07/30/2001).
  • 97% of stolen computers are never recovered. Source: FBI
  • According to 2003 statistics, Texas ranks fourth per capita among all states for identity theft with about 93 of every 100,000 Texans being a victim. More than 20,000 Texans were victimized in 2003. Source: Texas ID Theft Statistics, 2003>
Let me say that again. Ninety-seven percent of stolen computers are NEVER recovered. That means your data could be out there forever, waiting like a time-bomb to explode until someone discovers it and then uses it.

As we become more mobile, there is no doubt that laptops will be stolen. The question is, "Do you know how to protect the data on your laptop or desktop in such a way that thieves can't get in?"

WHAT DO I ENCRYPT?
With this question in mind, I encrypt all critical files on my laptop. Any of the following items is considered "critical" from my perspective:

1) Name, address and birth date. This information can be used in combination with other data to impersonate you.

2) Documents with social security numbers in them.

3) Documents with credit card numbers, bank account information, etc.

4) Any information that might be considered confidential. This can be your spouse or child's medical information, house insurance, etc.

WHAT DO I DO AFTER I'VE IDENTIFIED CRITICAL DATA?
Once you have identified confidential data, realize that you should separate it from other data on your hard drive. When you do this, you make it easier to protect. Once you have encrypted the data, you can easily move it from one place to another. I often do this with my email. Since I use Mozilla Thunderbird email client--on Windows, Mac, and Linux--I follow these steps to ensure my data is protected:

1) Move all confidential data files into a common folder.

2) Use zip compression option (available via the right-mouse click on Windows, Mac and Linux) to create ONE, compressed file with your data.

3) Encrypt that zipped file with the option to wipe the original zip file.

4) Make a backup of the compressed,encrypted file to external USB drive (e.g. 120gig or PenDrive, etc.). Include a copy of the program you did the encryption with. There are several encryption programs available for your use.

BUILT-IN ENCRYPTION TOOLS
Before we jump into some specific free, open source tools, be aware that both Windows XP and Mac OS X operating systems have built-in encryption schemes that can protect your data at a basic level. Often, these encryption systems work in the background, encrypting and decrypting your data on the fly.

For example, in Windows XP, "you can encrypt a subset of files or folders or a full disk, in which case it protects the data stored in files and folders, the operating system, and any installed programs"
(Source: http://www.microsoft.com/AtWork/stayconnected/protectpcdata.mspx).

With Mac OS X, you also have a few options including FileVault which protects data placed in your home folder. Other tools include disk image encryption, and permanent delete (the equivalent of a digital shredder). Disk image encryption enables you to create a new "disk" or volume and then save data to that volume. All data saved on that volume is encrypted and prevents you from having to periodically wipe the hard drive of data (Source: http://www.apple.com/macosx/features/security/)

Although these built-in operating system tools can save you trouble, you may also want to consider additional tools shared below. The following tools can be useful if you are trying to share information with others, or if data has to be encrypted prior to transfer over the Web.

WHAT ENCRYPTION SOFTWARE SHOULD I USE?
In previous articles, I have recommended several tools. Unfortunately, while free open source encryption software tools are getting easier to use, they are not all equally easy to use. For example, the free tools for Windows (WinPrivacy Tools) and Linux (KGPG) are relatively easy to use. The Mac version still needs some work since it occasionally has to drop to a command line. Command line modification, although guided by prompts, can appear daunting to a Mac user.

In spite of that, you can still use the tools mentioned below to encrypt your data. Below is a quick overview of each of the tools:

WINDOWS PRIVACY TOOLS
For Windows, use Windows PrivacyTools. I have used this program over the last year and have been very pleased with its relative ease of use. The main benefit of WinPrivacy Tools--aside from the fact that it is free--is that once setup, it is incredibly easy to use to encrypt/decrypt files. Aside from being able to encrypt zip files--or any other file you have, whether zipped or not--is that you can also encrypt the contents of your clipboard. This is helpful when sending confidential information via email to others.

While Windows Privacy Tools comes with a built-in WIPE tool, the equivalent of a digital paper shredder, some prefer to use the right-clickable Eraser. Use Eraser to wipe the hard drive free space or to wipe individual files. This is especially important if the drive is being discarded or auctioned off since old confidential data may remain. If you do not wipe your computer using programs like WinPT or Eraser, others can use Free Undelete tools or PC Inspector File Recovery to resurrect your deleted data.

Another complementary tool that you might consider using is TrueCrypt, a free, open-source disk encryption tool for Windows XP/2000/2003. Often, we have to wipe free space on a computer because data remains even after we have deleted it (e.g. emptying the Recycle Bin). The data can remain on the disk unless it is wiped. A safer approach to wiping is to prevent the data from ever being written to hard disk in unencrypted format.

Instead, use a program like TrueCrypt to create a virtual encrypted disk. Your data is saved "inside" this encrypted disk and never touches the unencrypted hard drive. No footprints are left on the hard drive of the original data.

While this may seem complicated, it is as easy inserting a USB Flash drive (or memory stick) and having the icon appear in your MY COMPUTER area. TrueCrypt can also encrypt an entire hard disk partition or a device (such as USB Flash drives, 3.5" inch diskettes, etc).

Software Tools:
1) Windows Privacy Tools - http://www.equipmente.de/gnupt-int.exe
2) Eraser- http://www.heidi.ie/eraser/download.php
3) TrueCrypt- http://www.truecrypt.org/
4) Free Undelete Tool - http://www.geocities.jp/br_kato/
5) PC Inspector File Recovery - http://www.pcinspector.de/file_recovery/uk/welcome.htm

MACINTOSH PRIVACY TOOLS
On the Macintosh, there are several privacy tools you can use. While the Personal version of the Pretty Good Privacy, or PGP for short, (which is free but lacks disk encryption after the 30-day trial expires) is the easiest to use, there is another free, open source alternative. This alternative is a combination of FOSS tools.

While installation of these tools is straightforward, you will have to spend about an hour puzzling over the documentation to see how they all work together. Unlike Windows Privacy Tools (WinPT), there is no one unifying installer. As such, you are left trying to make all the pieces work together.

You will need to install 5 different tools on your computer. I recommend creating a new folder on your desktop, then copying the files to that folder.

As you might guess, figuring out how all these tools work together can be difficult. In reality, the process is much easier than one would think. The most difficult part of the process is actually setting up your public and private key. You may be forced to work at the command line. While there is help at the command line (just type "help" and press RETURN), you will have to read through the directions.

I have successfully encrypted emails and specific zipped files with the Mac privacy tools above, then unencrypted them with privacy tools on other platforms (e.g. WinPT on Windows or KGPG on Linux). This enables you to enjoy cross-platform security.

Software Tools:
  1. GPG Tools - http://www.tomsci.com/gpgtools/
    Graphical installer for
  2. Mac GNU Privacy Guard - http://macgpg.sourceforge.net/
    Includes most of the programs that you will need.
LINUX PRIVACY TOOLS
While there are several tools on the Linux side, KGPG is the easiest to get working (I've worked on Gnome and KDE graphical user interfaces to Linux). As mentioned earlier, an excellent tool to use for encryption includes KGPG. Installing KGPG is straightforward, especially on Debian Linux distributions such as Edubuntu, SimplyMepis, and others. You can use the built-in, graphical Synaptic to get the program or at the command line, use Apt-Get (e.g. "apt-get install kgpg").

KGPG is a nice front-end to GPG, which is already installed on your Linux system. An easy start tutorial is available online. Unbelievably, KGPG is easier to get going than the MacGPG Tools mentioned earlier!

DISCARDING COMPUTERS: WHEN ENCRYPTION ISN'T ENOUGH
If you deal with confidential data on a regular basis, you might consider using a "Boot-n-Nuke" software program to complete wipe your hard drive. This is especially useful when discarding of older computers. In this case, you may have an administrator computer that has housed documents containing sensitive data. Or, it may be one of your own computers. Either way, you need to wipe the hard drive completely.

The ultimate solution for erasing or wiping a hard drive may be a program known as Darik's Boot-n-Nuke to ensure all previous data was erased from the hard drive. According to their web site, Darik's Boot-n-Nuke works for both Macintosh and Windows computers. It is a self-contained CD that securely "wipes the hard disks" and will do so "automatically." To get the boot CD, you will need to download an ISO file and create a CD from it. Not sure how to do this? Use the free BurnCDCC to make a CD from the ISO file. (Find BurnCDCC at ://www.terabyteunlimited.com/utilities.html).

CONCLUSION
While some see the use of encryption tools like those discussed in this article as the recourse of the paranoid, remember that identity theft is the fastest growing crime in the United States. If you are a victim of identity theft, you may spend an average of 607 hours and at least, a $1000, in clearing your name. Make sure that your computer is not one of the sources of confidential information. Protecting yourself online is as much a digital literacy as being information literate. Pass it on!




Sidebar #1: Protecting Against Identity Theft

Take the following steps if you believe you have been the victim of identity theft.

1) Notify the Federal Trade Commission at (877) 438-4338 (http://www.consumer.gov/idtheft/) regarding the possibility of identity theft. Phone option #3 provides specific advice on what to do next.

2) Place a Fraud Alert: Contact one of the three major credit reporting agencies to complete an automated phone-in fraud alert process. When individuals place a free, seven year fraud alert, that agency will notify the other two agencies. Fraud alerts will then be placed automatically on the individual's accounts at all three agencies.

Contact information for the credit agencies:

Equifax (800) 525-6285; www.equifax.com
Experian (888) 397-3742; www.experian.com (fraud alert process available online)
TransUnion (800) 680-7289; www.transunion.com

Once individuals receive their credit reports, they should review them for suspicious activity. If individuals see any accounts they did not open or incorrect personal information, contact the credit agency(s) or the individual's local law enforcement agency (e.g. city police department) to file a report of identity theft.

3) Call the U.S. Social Security Administration at (800) 772-1213.

4) Password protect your bank accounts. Work with your bank to have them require the use of a password before any transactions--including withdrawals or deposits--can be made.

5) Take advantage of these resources for Identity Theft victims; the more informed you are, the better!




Sidebar #2: Commercial Virtual Private Networks
School districts often use Virtual Private Networks (VPN) to encrypt transmission of confidential data between a staff member's home computer and work servers. But, what do you do while travelling? Without encrypted wireless, your data is sent "in the clear" lacking the encryption to protect it. This means that a wireless connection at a hotel, or the local Starbucks, would allow others unauthorized access to your logins and passwords. You can use free tools to "sniff" out how much private information your sending out on a network, such as Ethernal for Mac OS X and Ethereal for Windows and Linux. About.com has a slightly longer list at their web site, http://netsecurity.about.com/cs/hackertools/a/aafreepacsniff.htm

A virtual private network is defined in the following way by **HotSpot**, a VPN provider:

A virtual private network typically provides you with a private connection to your end destination. To do this a tunnel is created through an untrusted network (the internet). Everything in the tunnel is encrypted on the way in and decrypted on the way out. It no longer matters that someone can sniff your packets. All they will see is an unreadable series of letters and numbers. Additionally, anyone snooping around on your connection will not be able to discern the final destination or the type (web, email, chat, streaming video) of service you are connected to.

Several commercial services provide VPN for you to use while in wireless environments, such as the following:
  1. HotSpot - http://hotspotvpn.com/
    Although HotSpot has flexible pricing for heavy users, as well as infrequent travellers, cost is about $8.88 per month, or annual cost of approximately $89.00.
    Compatible with Windows and Mac systems
  2. PublicVPN - http://publicvpn.com/
    Supports Windows, Mac systems, but Linux users can also take advantage of this service. Cost is about $5.95 per month or $59.95 per year. Some report that it provides better service than HotSpot.