== The drawback of full disk encryption Via [[Hacker News http://news.ycombinator.com/]] I saw that the EFF's suggested New Year's resolution is [[full disk encryption on every computer you own https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own]]. When I saw this I did something halfway between wincing and grinding my teeth. The issue is that full disk encryption has a significant downside, and because of this downside choosing full disk encryption is making a much deeper choice than you might think. The downside is simple: the failure mode for meaningful full disk encryption is ~~catastrophic data loss~~. If you forget your password it is game over; there is no recovery possible. Whether temporary or permanent, unless and until you remember the encryption password all of your data is gone. There is no secondary access password, no emergency back door, no special rescue mode the way there is with most other security measures. (Some disk encryption schemes will also cause total data loss on other events, but let's assume that your disk encryption software is perfect.) Fundamentally, using disk encryption is [[rainbow book security WhyHighSecurityDisinterest]] in that explicitly or implicitly ~~you're choosing non-disclosure over availability~~, where you would rather risk losing your data entirely than for potential bad people to have access to it. Under some circumstances this is the right decision; for example, if you can easily restore all of the data on your machine from other sources (and especially if the data is sensitive). Under many circumstances it is probably not the right decision; you would rather have less chance of losing the data even if it means that a bad person might get access to it. Certainly the latter is the case for me. I would generally much rather have a bad person have my data (or a copy of my data) than run the risk of losing it; in the long run my data is (much) more valuable than my privacy. I don't object to people who've considered these issues deciding that full disk encryption makes sense for them and going ahead with it. But I get annoyed when a respected source gleefully advises people to do this without talking seriously about the very real downsides and risks. The EFF does advise you to save your password somewhere, but I don't think that this goes far enough. (You may think that the risk of forgetting your password is very low. Let me assure you that over the years I have temporarily forgotten or gotten confused over at least my ATM PIN, my Unix login password, and more than one root password, all of which I use all the time. Perhaps I'm unusual, but with frequently used passwords I get to a state where I don't actually think about the password as I enter it and in fact getting jarred into thinking about what the password actually is is a great way to get completely confused about it, much like [[the centipede and his legs http://en.wikipedia.org/wiki/Centipede%27s_dilemma]]. The less I'm normally aware of the password, the harder it is to recover from this.)