I don’t find this story reported anywhere else, so I’m debating whether it’s apocryphal; but if true, wow—those Canadians are becoming less friendly each passing year. According to NowPublic.com, a civil servant said that “Service Canada did not want to invest to protect Canadian’s data” after losing a USB flash drive with information on 1500 citizens (ah…here it is; and from an authoritative site, no less. I hope you understand French.) I guess trying to hook up this department with data security solutions like hard drive encryption would be next to impossible.
If you do read French, then you’ll find that the above translation is not off the mark at all. You’ll also find that the answer was prompted by Reine Fraser, one of the affected, when she called up Service Canada and asked, “why was the information on the USB drive not protected?” I’ve read and heard all those (admittedly biased) stories of how rude and inconsiderate the French are, but maybe it’s not the French but l’idiome francais? After all, Canadians don’t think of themselves as French; they go crazy for the English Queen, implying they think themselves as Anglo-Saxon, no? I don’t know. I can’t understand a nation that prefers reading to TV, anyway.
Coming back to the original subject, what exactly is the mandate of Service Canada? According to their website, they are “about improving the delivery of government services.” I’d say they’ve got their work cut out from them (Rim shot! Thank you! I’ll be here all week; try the veal!)
On the other hand, I must say that this approach is quite refreshing. No claim that the information is password?protected, or other similar attempts at appeasement that are revealed, eventually, to be not information security. For external drives, such as USB flash drives, the only way to protect the data comes in two ways: file encryption or full disk encryption. Of course, one can also use both, which is why encryption solutions providers like AlertBoot offer full and file encryption under one roof. (There is a third method, although it’s not technically protection: not saving sensitive data on such devices to begin with. However, let’s concentrate on the realistic approaches to data security, shall we?)
So, what makes hard drive encryption so special that it is considered data protection, whereas password?protection is not? Well, the all things considered, I guess it revolves around this: in either encryption or password?protection, if a guy does not know the passwords, how easy is it for him to gain access to the data?
If one used encryption to protect the whole disk, the answer is pretty hard—he may need a couple of decades with all the current computing power in the world. Whereas if password?protection was used, then five minutes ought to be enough. It’s no wonder that those who did suffer a data breach eventually decide to sign up for file encryption.