The following text is copyright 2006 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
Private Folder: It seemed like a good idea at the time
By Scott Bradner
Microsoft introduces a way for users to protect some of their files and corporate America goes crazy - crazy mad. One would think that this sort of thing would be welcomed in an era when laptops full of corporate and personal secrets are stolen on a daily basis but that seems not to be the case. It only took Microsoft a week to get the message and remove the application from their download area.
At first the idea seemed like a good one - provide a "private folder" where a computer user could put files that would be encrypted and password protected. Just the thing that could be used by parents who want to hide the family finances (or "grownup content") from their kids on the family computer or by anyone with a laptop computer to reduce the risk when a laptop gets stolen. (Note I said "when" not "if" -- for security planning you must assume that laptops will get stolen and make sure that important data will not be compromised when they are.) (See Laptop security: Do companies care? http://www.networkworld.com/columnists/2006/061206bradner.html)
What is wrong with such a function? Within a few hours of the program being made available complaints began to show up on Microsoft related blogs. All the comments I saw concerned the impact of Private Folder in corporations. These comments fell into two categories. First; worry about giving employees the ability to hide files from their bosses -- one can imagine all sorts of evil things that an employee might want to hide from purloined copies of the corporate family jewels such as the formula for Coke to love letters to a coworker. Second; worry about dealing with the inevitable forgotten passwords -- from experience, one of the biggest corporate support problems is the ability for some people to forget their passwords over a long weekend. In addition, employees could encrypt important files then be fired or suffer 'truck fade' and the IT department not have a way to recover the files.
Apple has had an equivalent function in OSX, called "FileVault," for a while with few complaints. I expect that most of the lack of complaint comes from the fact that there is so little penetration of Macs in corporate America but the way the application is designed lends itself better to centralized IT management. FileVault has a "master password" that can be set by the IT group and used to unlock any FileVault on the individual computer.
Seems to me that the issue is more than a bit over hyped. Users have had the ability to password protect or encrypt files on Windows machines for years. Applications such as WinZip and Microsoft's own file and folder encryption function for Windows XP. (See http://www.microsoft.com/windowsxp/using/security/learnmore/encryptdata.mspx) I'm not sure why Private Folder created such a stir -- maybe because it was so easy to use and because the pundits did not have much else to talk about that week.
It is a shame that this function is now lost to individual users who badly need something like this but Microsoft's loss is their competitors gain -- there are a bunch of companies that stand ready to sell you file, folder or whole-disk encryption applications. If you keep any confidential information on your laptop, and you do not have a Mac, you should look into them.
disclaimer: Harvard has the same operations issues as any other $2 B per year business but has no opinion on how you should protect your data (unless it's also Harvard data).