Toshiba will soon debut a series of hard drives that can automatically erase or prevent access to their own data should the drives end up in the wrong hands.
The company’s new self-encrypting drive family will include a new feature that detects if the drive is connected to an unknown and undefined computer or other system. If so, the drive can either securely wipe all of its data or just deny access to that data. Customers can apply the feature to specific data on the drive and choose how and when to render the data indecipherable, according to Toshiba.
The drives are designed to provide an extra layer of security, especially for corporations, government agencies, and other organizations that need to adhere to certain security and data privacy requirements. The security technology itself is built on the “Opal” specification from the Trusted Computing Group, which dictates certain requirements for data protection in enterprise environments.
Or did/will the government require Toshiba and hardware manufacturers using these drives to build in back doors?
0
Support the Blog — Buy This Book!
For Kindle and with free ePub version. Only $9.49 Great reading.
Here is what Gary Shapiro CEO of the Consumer Electronics Association (CEA) said: Dvorak's writing sings with insight and clarity. Whether or not you agree with John's views, he will get you thinking and is never boring. These essays are worth the read!
Put this ad on your blog!
Syndicate
Subscribe to Main Blog feed here:
Subscribe to Comments too (below):
Junk Email Filter
There is no question that the government will require a backdoor.
Look at this:
“Essentially, officials want Congress to require all services that enable communications — … — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation.”
http://nytimes.com/2010/09/27/us/27wiretap.html?_r=1
That’s right. The OBAMA administration is seeking to EXPAND wiretaps, extending the reach of the Patriot Act.
If you are really worried about this, the this might be the ticket.
http://pcworld.com/downloads/file/fid,22393-order,4/description.html
I don’t know if it works on Vista or Win 7, but I bet it will since it works on XP, which has the same file system.
Yea right. Like the Feds can’t crack this yesterday.
Like all other commercial companies that make these types of products, toshiba will be able to provide any government with tools (or do it themselves and pass the data to the authorities) to recover un-written over data from any locked/erased drive.
Everyone interested in these drives would be better saving their money (coz these will definitely cost a premium) and learn how to use TrueCrypt instead.
All current IDE and SATA type drives already have the ability to encrypt data if the hardware in the PC supports it, so this ‘new’ kind of hard drive is really nothing new, just a slight evolution of tech we have had for over a decade yet nobody uses.
Nothing beats a truecrypt volume with multiple volumes each decrypted using a different key.
Is there a way to configure the drives to erase all their data when I reach for my pants?
Joe…
Hummm. A new application for the Xbox Kinect?
One more a-la-cloud solution. Technology exists that is in your control and if you use proper (long and random) password, unbreakable for the age of the Universe… and it is free. Best implementation – Truecrypt.
But, same as “cloud solution”, there is fashion to delegate your responsibility to someone out there and be stupid. Getting in the end what you deserve.
Let’s be clear here. What the Fed Gov would do with such a hard drive is to pull it apart in a clean room and put the disk into a different drive then copy all the files. They don’t need a back door.
On the other hand if you put the files in TrueCript or better yet the entire drive they are either going to have to make you tell them the password, find out where you wrote it down, or guess your password _if_ the machine was turned off when they get there.
The FBI has already failed to crack one such system when asked to do so for Brazil or at least that is what I read. Of course they may force somebody to put a back door in TrueCript.
Oh please, all this bullshit ‘concern’ by individuals. Thus is intended for enterprise customers protect their intellectual property.
Nob
Hows that comic go?
Fantasy Tech Solution:
“Lets build a million dollar server array to crack this guys password”
Reality:
“Here is a $5 wrench and blow torch, use them on him till he cracks and gives his password!”
For the hard drive under discussion I’d guess a few thousand should do it if it cost that much.
For TrueCript, which you can download free, a 100,000,000 super computer would almost certainly fail to break a proper password in any sort of time frame a human needs to worry about so it’s torture or failure unless you get fed a copy with a back door.
I quit buying Sony after the 2005 rootkit too. Then, a few years later, I wanted a VHS DVD combo unit to transfer some old VHS family movies to DVD. For whatever reason I bought a Sony. Maybe give them another chance. Still, several years after the rootkit, even though the VHS tapes were my own unprotected family movies, Sony was so worried about copy protection that the two devices in the unit would not talk to each other. I could not transfer from VHS to tape. Unbelievable. Twice bitten, haven’t bought Sony since.
dusanmal and deowll,
Truecrypt (and PGP I believe) are fantastic security tools — if companies cared enough about our privacy to use them!
The problem is that big corporations are more concerned about profits than their customers. Security protocols are more work, which is less profit.
So, the government has to FORCE corporations to start protecting our private information in the form of really big fines when they fail to do so.
But, the conservatives are absolutely against consumer protection and would surely obstruct any attempt to hold corporations accountable for their actions.
What’s that pictured, about a ten yarder? Trust’m as far as I can throw’m.
AES, Serpent, Blowfish… et al.
Nobody knows whether the NSA has broken any or all of these.
NOBODY. Because nobody can prove whether NP-Complete problems (which encryption algorithms may or may not be, also unprovable) can be solved in polynomial time.
This is the greatest question in computer science.
I’m sure most experts agree that it’s UNLIKELY that the NSA has cracked the newer algorithms, but it IS possible.
Deliberate data fragmentation and disk registry hardware encryption on the hard drive circuit board would pretty much get around the “swap” trick.
The last gasp of a dieing HD mfg?
If it’s known this drive is involved in a case, forensic examination isn’t hopeless. It should be fairly simple (not trivial) to swap out the electronics board and access the drive.
Ultimately destined to FAIL.
#13 GregAllen
You seem to lay most of the blame on corporations and conservatives. I don’t think it’s anything that sinister.
We already have HIPAA and Sarbanes–Oxley. Visa and Master Card have strict standards to follow when handling credit cards. So I think the regulatory framework is already there.
But to implement true security is a lot of work and I think a lot of times it just falls through the crack. The IT folks will be overworked to the max and will keep putting the security stuff off. After all none of the business areas are calling for new encryption. From their viewpoint it doesn’t add anything. They want the latest products in the system. Then when it comes time for an audit everyone tries to cover up or just takes a few hits and goes on as before.
So if my computer dies, I won’t be able to put this drive in another computer and transfer the data off or use it in a new computer? You could make backups, but those could be compromised by devious individuals too.
Gubbermint don’t need no STINKING WIRETAP SUBPOENAS !!! They have “National Security Letters”, something defined NOWHERE IN THE CONSTITUTION, to get what they want !!! They are IN CONTROL, WE ORDINARY CITIZENS ARE OUT OF CONTROL AND ***TOTALLY SCREWED*** (AS LONG AS WE ALLOW IT TO HAPPEN) !!!
#15 the main proof that they haven’t is that their enemies are still using these algorithms.
If the NSA could read all of the secret services secrets, or the secret service reads the CIA’s, or the army reads the navy’s etc – it would have leaked out by now.
Or alternatively the white house, secret service, CIA, army etc have already been taken over by NSA agents……
Its there to make it harder to recover your data when (not if, but when) your hard drive finally craps out.
Keep multiple backups with varying levels of access, from mirrors to secondary drives, to cloud based incremental backups, to off-line media.
If you want to have your data kept safe and secure, keep it away from a computer, or at least from the internet. (I have a “sneaker” net to get data to [but not from,] my really secure machine.)
No.
Mextli,
I actually don’t blame the corporations on any moral level. Corporations have one rule — make as much money as possible.
So, if virtually no security on credit cards makes the most profit but wreaks havoc in the lives of their customers, that’s what the corporations are going to do.
So, that’s why the government needs to force the corporations to do the right thing. But, conservative philosophy says that the government only CAUSES problems, never solves problems. i.e. the least government is the best government. So, they block all efforts at regulation or consumer protection.
I’m not wrong on any of the above, am I?
There is room for debate on how much security credit card companies take. My web browser has 256 bit encryption but my credit card has a 3 digit security code! In the age of high powered computers, that’s just sad.
I know the credit card companies monitor irregular charges but, by then, it’s too late. The Romanian mafia already has my identity! Yes, you can get the charges cancelled but that’s often just the beginning of the grief with identity theft.
A real consumer value added innovation might be to load the drive with random porn and then erase it prior to shipment.
That is about the only think consumers care about concealing from prying eyes. You can always argue that it wasn’t yours.
#12 AlanB – The Motion Picture Association of America supported the import ban into the US of integrated dual-well VCRs in the late 1980s & early 1990s. It’s interesting that your VCR/DVD integrated unit is having the problem with recording from the VCR to the DVD.
Questions and one comment: Does the unit even support recording from the DVD to the VCR? Can the DVD record as well as playback, or are both the DVD & videocassette devices both players? (This unit may be effected by the ban mentioned above.)
Sony is now the owner of an MPAA studio. Try a device from a manufacturer that doesn’t have an interest in an MPAA member.
@11, you dont’t have to worry about back doors in TrueCrypt because it’s open source. That means anyone can download the code, examine it for anything suspicious, recompile it, etc.