I HAVE A SET OF SIX password-protected final examination papers that I work on my desktop after I boot up to my college working enivronment. I do not log onto the college network while editing these exam papers because data encryption secures information only when the data remains encrypted. When you unlock the data on your personal computer and decrypt your data, then anyone with physical access to your computer will also be able to access your data. There's another concern I have in my specific case. When I sign onto my local area network, my temporary cached files are stored 35 miles away and part of their transit is wirelessly over an unsecured link. If my local area network collapses, there is a potential for unencrypted data to be left exposed in several places along the route between my desktop and the temporary cache files. Back in the early 90s, I was suspended from a sensitive planning cell (under the tall pine trees behind me at left) after elements of my workspace ended up in a file storage system without data encryption. The security violation was not my fault. It occurred because of a power failure compounded by a data disk failure. Nonetheless, the three weeks I sat idle left seared in my mind an indelible operating principle. I don't open encrypted files when networked and when I have an encrypted file open on my laptop, I ensure I am not running a wireless data connection (wifi or 3G) either.
John Markoff in the New York Times -- "A Method for Critical Data Theft", 22 Feb 08.
John Naughton -- "So you thought encrypting data on government laptops would make them safe?"
Ed Felton -- "Cold boot attacks on encryption"