It’s been a while since we have had a high-profile news story about stolen laptops. You know the story. Some company or government agency or organization had some laptops that contained social security numbers or financial records or credit card numbers or confidential medical information. These laptops were stolen or misplaced or they mysteriously disappeared. The organization notified the affected people whose data might be compromised, and cautioned them to be on the lookout for identity theft.
The costs of this type of data breech can be enormous. According to the 2007 Ponemon Institute study, the average cost of a data breech in 2007 was $197 per record. The average breech contained about 32,000 records, for an average cost of $6.3 million.
In the schools, we worry about the hardware. If someone steals my laptop, I don’t have a laptop anymore. Getting that replaced may be difficult, especially with the eternally gloomy financial picture in public education. But the value of the hardware pales in comparison to the value of the data on it. Sometimes, we forget that.
Sure, we don’t have 30,000 financial records on school-owned laptops (at least, I hope we don’t). So in our case, a lost computer isn’t likely to cost us millions of dollars. But consider these scenarios:
- A special education teacher writes student IEPs on a laptop. Because she doesn’t have Internet access for the laptop, she writes them in Word and saves them on the local computer. Loss of that laptop would be a violation of the Family Educational Rights and Privacy Act (FERPA), because it would give the thief access to confidential student information.
- A health care coordinator keeps track of student medical conditions in a spreadsheet. In case of an emergency, school staff members need to know if a student has severe allergies, chronic medical conditions, medication needs, etc. This information is typically provided to teachers and others who work with kids. A school group goes on an overnight field trip, and this confidential medical file is loaded on a laptop taken along on the trip. If the laptop doesn’t come back, it’s likely that HIPAA has been violated.
- A principal emails a teacher about a confidential personnel issue. Or maybe she sends a message to a group of teachers about a student. Or maybe the counselor sends a message to the principal about something that’s going on with a student. Sure, the email messages are stored on the server. But they’re cached on the laptop. They’re confidential, and they’re available to anyone with physical access to the computer.
- We use an emergency notification system to keep parents informed of school emergencies and weather-related cancellations. I have a data file on my laptop that contains the home, work, and cell phone numbers of just about every parent in the district. There are more than 10,000 phone numbers in the list. This data shouldn’t be on this laptop. I know that. But I was troubleshooting a problem, and grabbed a copy of the file, and forgot to delete it. Sure, home phone numbers are directory information. But work and cell numbers aren’t. (Excuse me for a moment while I go delete some files…)
- I also know better than to let my computer “remember” passwords, but that doesn’t mean they’re not cached somewhere on the computer. I would guess that a determined hacker with my laptop could do some serious damage to my network.
Where is this leading? The best way to secure data is to not make it accessible. Get big desktop computers and chain them to the tables. Don’t connect them to networks, and don’t allow any kind of removable media. The data on the computer is then as secure as the physical security. If you can lock the door, you can protect the data.
But that’s not very practical. We need to have networks to get our jobs done, and mobility has allowed us to become more efficient. But we’ve been reluctant in the schools to pursue data encryption. Our staff members don’t typically choose strong passwords. They rarely change them. And, we’ve had problems with staff members forgetting their passwords, especially over the summer. Using data encryption technologies is a one-way street. If you forget the password, you can’t get to the data. There aren’t any back doors.
Then, there’s the issue of what to encrypt. Training teachers to put sensitive, confidential files in a secure, encrypted location would be difficult and fallible. So up to now, we’ve stayed away from encryption, centralized the storage of data as much as possible, and limited the number of mobile devices in use.
Yesterday, I started playing with the new version of the free TrueCrypt software. This has the potential to alleviate some of these problems. TrueCrypt has a mode that will encrypt your entire hard drive. Once this is done, it uses a boot loader to confirm your passphrase before decrypting and running Windows. If you don’t enter the passphrase, it can’t decrypt the drive. If you boot from removable media, the computer will work fine, but the hard drive will appear to be unformatted. If you take the drive out and put it in another computer, you won’t be able to read it unless you boot from it, and even then you have to have the passphrase.
I installed it this morning on my laptop. Before my computer boots, it asks for the passphrase. After I correctly enter it, the computer boots and runs like normal. But if you don’t have the passphrase, you can’t access the data. Note that this is a passphrase, and not a password. The minimum length for a passphrase in Truecrypt is 20 characters. So we use sentences instead of words. When I was testing this on a different computer, I used “We are not afraid to fail!” as the passphrase. Ideally, I would have included more upper case letters, punctuation, and symbols in there, but I was just trying it out.
Here’s the nice part from a district perspective: the software requires you to make a rescue disk as part of the installation. It waits for you to burn the disk, and checks to see that it’s a working disk before continuing the install. If you have the rescue disk, and the laptop, and the passphrase, you can decrypt the drive.
How would this work, then? The tech department would install TrueCrypt and set a default passphrase. As part of that installation, a rescue disk would be made and kept on file. When the computer is delivered to the user, he or she would change the passphrase and use the computer. If we ever need to recover data, we can do so by booting from the rescue disk and entering the original default passphrase. This gives us access to the data when needed, but makes it sufficiently difficult to decrypt the drive to keep the data safe.
As I mentioned, Trucrypt is now installed on my laptop. I’ll try it for a while and see how it goes. If everything works as I expect it to, we may begin using it on laptops this spring.