So far, I heard of MAC due to the heavy hit of MacDefender malware nowadays. Anyway, great information to share there.

A good email encryption solution will use powerful cryptography techniques to ensure your messages are both stored and transmitted securely, and that only you and your recipients have the capability to decrypt your message data. There are free email encryption services out there that users can try (without having to download or install anything). I use this free email encryption service that lets me send messages and attachments in encrypted form and it’s free for you and for message recipients. I use it when I need to include confidential info in my emails. All you need to do is use the secure Web form at https://www.sendinc.com/ to type your message, list the recipients, and send the message.

Cheers,
Kyler
IE Outreach

I don’t know the specifics of this case but the aforementioned seems extremely likely, and I’ve never, ever heard of someone giving consent to the search and then being able to revoke that consent before the search is complete. You can say yes or no, not yes then no. In fact by saying yes then no the police are likely to use the “suspicious behavior” loophole to continue the search.

There’s another “attack” out there. In one recent case, a guy crossing the border into the US let cops see his data. They thought (right or wrong, I don’t know) that there was ‘questionable content’ on there. Somehow the machine got turned off, and had hardcore encryption in place. So they went to court and a judge signed off on a subpoena forcing the guy to give up his password, on the basis that once he’d given permission to search he couldn’t revoke it.

And a Federal appeals court (I *think* the Second Circuit in New York?) upheld this.

So: we cannot ever give law enforcement in the US permission to search our disks as we can’t revoke it later.

Fortunately, this is the sole exception I’m aware of to the US 5th Amendment right not to give up your password voluntarily. So in the US, you don’t have to hide the fact that you’re doing encryption as you cannot be held in jail until you cough it up.

In too many other countries, the real risk is “rubber hose decryption” – passwords extracted via torture. If there’s ANY risk of that, and so far I’m willing to say there isn’t in the USofA, you have to go to either hidden encryption, or double layer where they “force” one password out of you not knowing there’s another layer. The TrueCrypt documentation covers these cases.

I’m in the US and doing whole-disk “in your face” encryption through DM-Crypt (Ubuntu Linux alternate install CD).

Without exception, companies should look for a specialist disposal organisation that can guarantee secure data erasure. The process should be accredited to Infosec 5 standards with a similar HM Government vetting of the physical security of the premises the equipment is stored in.

The other advantage of using a specialist IT disposal expert is that following disposal, equipment can be re-used, as opposed to recycled. This then means that revenue return can be used to cover the data erasure and other service costs. In Tier 1′s case, 85% of our clients pay nothing for a secure and ethical service, with the majority actually receiving revenue back. When green services are usually accompanied by a premium price tag, this makes a refreshing change, and the Cost / Risk conundrum is made considerably easier to handle.