Encryption – Who Needs It?

At Data Clinic we take it in turns to answer the enquiries that come in to us out-of-hours. Lately I’ve taken a few calls from distressed students, lecturers and academics who have some very precious work, sometimes several years worth, stored on their pen drives or memory sticks.

There seems to be a trend now for these devices to be encrypted. When the device is first bought the user chooses a password. This password becomes the encryption key and from this point all data stored on the device is encrypted, meaning that unless you have the password you will not be able to decrypt the data.

There are various strengths of encryption (see more on Wikipedia here http://en.wikipedia.org/wiki/Key_size), and different manufacturers will use varying strengths of encryption on their devices.

This is all well and good but what happens when (as we’ve seen lately) the memory stick no longer responds to the password or stops responding altogether? In both cases, recovering and decrypting the data from such devices is far from straightforward.

A common form of damage to memory sticks we see at Data Clinic is the interface that plugs into the computer gets bent, often the result of the computer falling to the ground and landing on the memory stick. Sometimes the USB connector can detach completely, other times it just bends, often it’s not possible to access the data on it afterwards. Impact damage on memory sticks can cause a lot more problems than just a bent interface connection. The circuit board inside the device can be damaged and in extreme cases the memory chip containing the the data can snap. Once this happens the data is gone for good and not even Data Clinic can recover it.

On other occasion the subroutine that handles the encryption / decryption process can be damaged and stop responding, so the data is left on the memory stick, encrypted with no way of accessing it unless the memory stick is reprogrammed or the memory chip read on a chip reader and subsequently decrypted and the data stitched back together. This is a long and arduous task to say the least.

Decryption adds another layer of protection to our data but do we really need it? I don’t know about you but other people’s data really isn’t that interesting. Most pen drives contain pictures, music, some documents and perhaps a movie or two. It’s hardly the data James Bond would be sent on a mission to retrieve, so why do people see the need to encrypt it? The probably answer is that they don’t, instead manufacturers have made encryption a unique selling point that gives their devices an apparent advantage over non encrypted ones. This may be true in some situations but in others, like when the memory stick fails, and encrypted device is a distinct disadvantage.