An Encryption Primer for Educators
|Update 05/28/2014 - TrueCrypt is now defunct|
|Image Source: http://img.wonderhowto.com/img/36/18/63486535133239/0/send-encrypted-spy-messages-through-gmail-google-chrome.w654.jpg|
Earlier today, a colleague asked me, "Miguel, I still don't get the encryption of confidential data piece. Could you explain what you would use?"
What a fun question to answer. First, let's review what you should encrypt--Personally Identifiable Information (PII). I originally wrote about this topic in this blog entry, Protecting Personally Identifiable Information (PII).
It's worth revisiting the information shared. Afterwards, I also share again my updated approaches to encrypting email and files.
To better protect SCHOOL DISTRICT staff, campuses and departments should avoid unencrypted personally identifiable information being shared. PII data includes the following and should not go unencrypted:
1. Names such nicknames, maiden name, mother’s maiden name, or alias.
2. Personal identification numbers, such as social security numbers, passport number, driver’s license number, taxpayer identification number, financial account or credit card number.
3. Home mailing address information, such as street address or personal email address.
4. Your years of marriage, the name of your spouse and/or children, as well as relatives.
5. Date of birth, place of birth, race, religion, weight, activities, geographical indicators, medical information, financial information.
Do not post the information for any individual staff member—or student as defined in the Family Educational Rights and Privacy Act (FERPA)--on the Web, or make it available via email or in files sent via the open web (e.g. Gmail, Hotmail, Yahoo).
Some simple encryption suggestions.
Suggestion #1 - Encrypt Your Email
There's no reason why you should avoid encrypting email that contains information of a sensitive nature, whether it's PII or not. If you do, you can avoid getting "pie on your face" (pun intended...sigh).
Some ways to easily encrypt your email communications:
A) Use Enlocked.com, although you'll want to also read this admonition (be sure to read the comments). The main objections are summarized in this way:
Enlocked requires that all of your e-mails go to Enlocked’s servers before encryption/decryption takes place, and Enlocked can therefore see your message in plain text. So you need to trust Enlocked, and be OK with their ability to read all of your e-mails.A quick overview:
Enlocked works by offering an encryption option that can be applied on a message-by-message basis. A user who has downloaded the Enlocked app would see the “secure send” option as they’re sending an email. If the sender opts to send it with encryption, the recipient then receives two emails: One informing him or her that an encrypted email is about to come through, and another that is the actual email. (Source)I've used this before with "lightly confidential" stuff and it's a cinch, even with folks who've never used encryption before. If you have concerns after reading the admonition, you could type your emails as a text or word processed document, then encrypt the file using one of the tools below.
Other email approaches: GPG4Win, SafeGmail add-on to your Chrome browser, use Thunderbird email program with Enigmail for OpenGPG/PGP compatibility (down the encryption rabbit hole, though).
B) Put your email in a text document, and encrypt it using a file compression program like Keka on the Mac, or 7zip.org on Windows or Linux.
- On Windows, use 7zip.org compression tool.
- On Macintosh, use Keka, a wonderfully "new" 7zip tool for Macintosh that should replace your compression utilities.
Encryption...it's not just for the CIA anymore!
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure