Strong End-User Device Controls Protect Personal Information, Says FTC Chief Technologist
“Strong end-user privacy and security controls, such as device encryption and firmware passwords, not only protect personal information from unwanted access -- they can also make it easier to recover lost or stolen devices,” wrote FTC Chief Technologist Ashkan Soltani in a blog post Thursday. Soltani said that during a family trip to the West Coast last month, his personal laptop was stolen from a rental car. “I backup regularly and always enable disk encryption” to protect the information stored on the hard-disk from “unwanted access” with the exception of that by very sophisticated adversaries, he said. “I had also set a firmware password, which is an end-user control that essentially prevents the machine from being booted up or reset without knowing the password.” A few weeks later, he received an email from Apple reminding him of an upcoming visit to an Apple tech at an Apple Genius Bar and realized the thief likely needed help unlocking the computer. He notified law enforcement and Apple. Soltani received a call from Apple notifying him it was working with law enforcement to return the computer to him. The moral of the story is “strong end-user controls like device encryption and firmware passwords not only protect sensitive info stored on the device, they also prevent criminals from utilizing stolen property,” Soltani said. “The more devices feature strong end-user controls, the less likely thieves can profit from their theft on the open market.”