Micah Lee’s arguments on The Intercept for BitLocker were very well made, most of them I agree with, and the important point is to choose wisely when it comes to disk encryption. Whether people should use BitLocker depends on why they need volume/disk encryption. If you’re one of those people ‘with nothing to hide’, and are primarily concerned about the loss or common theft of a laptop, BitLocker provides a very effective security measure. But Lee’s article was posted on The Intercept, so I’m assuming it’s about encryption in the context of protecting information from The Powers That Be, in which case it should have at least mentioned how BitLocker and the ‘lawful access’ issue are intertwined.
BitLocker (‘Device Encryption’ in the standard Windows 8 edition) has some weird key management going on. With the standard Windows installation the user must be signed into a Microsoft online account or a domain to activate BitLocker, so I’m assuming there’s no option but to upload the recovery key.
Maybe it was designed that way to make encryption ‘user friendly’ for the average consumer, but I don’t understand why a symmetric decryption key must be stored anywhere while the local machine’s switched off, and having more than one key would make it even more vulnerable. Key recovery attacks are such a common way of defeating encryption, so they strike me as odd design choices. Many of us also use encryption, in-house servers and local storage because we don’t trust ‘the cloud’ for a variety of reasons – there are service providers who aren’t above lying about their security practices or abusing positions of trust, so passwords/keys are the very last thing I’d want to upload.
Microsoft does reportedly comply only with ‘lawful’ requests, so BitLocker potentially comes with a key escrow system. Problem is the word ‘lawful’ has such a broad meaning in the United States – anyone could be labelled an ‘extremist’, and FISA (without public oversight) appears to be ‘rubber stamping’ requests. Maybe it doesn’t happen often to actual non-extremists and law-abiding citizens. Maybe it does. The point is strong encryption should provide a safeguard, at the very least against warrantless access.
I just find it odd that Microsoft’s offline device encryption isn’t supported for the average user. I also find it interesting that BitLocker wasn’t mentioned during that fuss over device encryption between Google, Apple and the FBI last year.
Anyone using Windows would have to trust Microsoft to some extent where encryption is concerned, and obviously the system running the encryption software. If you’re not using BitLocker, the chances are the alternative uses Microsoft code libraries and DLLs that could theoretically have a backdoor of sorts, or be replaced with something that contains malicious code. I doubt Windows is backdoored by default, or the NSA wouldn’t have bothered with their ‘tailored access’ exploits, or the FOXACID/QUANTUM thingy. You could, I suppose, go down the road of not trusting Microsoft entirely, in which case you might want to consider a setup like the hardened UNIX security model I blogged about last year, and use that in conjunction with disk encryption. I think that’s about as secure as you can realistically get.
Micah Lee discussed solutions that encrypt an entire primary disk, but we don’t need to be limited to that. Why not instead encrypt a partition or attached storage device, when the only real advantage being lost is protection against local tampering of the OS? One possibility is to boot into an operating system that’s fairly clean and secure, and mount an encrypted drive from there. Most tablets and laptops have an SD or microSD slot to accommodate a secondary drive that might be fully encrypted with something like DiskCryptor. The encrypted storage could also be something like an iStorage or IronKey device.
The best-known alternative is TrueCrypt, which has been audited, doesn’t have any obvious backdoors and it’s proven resilient until now. I’m still wary of using TrueCrypt for the same reason Lee gave: the project has been discontinued, and software ages fast when nobody’s maintaining it and dependency issues start surfacing. That might rule out TrueCrypt as a long-term solution, but again a secondary storage device gives us the option of using legacy filesystems. However, we can use a fork of TrueCrypt, such as VeraCrypt. Logically this is a much safer option than BitLocker, since no encryption key is uploaded or stored unless you’re creating an optional(!) key file. VeraCrypt and DiskCryptor aren’t 100% proven, but they seem the best alternatives available.