This story appeared on Network World at

http://www.networkworld.com/columnists/2006/072406bradner.html

Microsoft's Private Folder: It seemed like a good idea at the time

'Net Insider

By Scott Bradner, Network World, 07/24/06

Microsoft introduces a way for users to protect some of their files and corporate America goes crazy - crazy mad. In an era when laptops full of corporate and personal secrets are stolen on a daily basis, you would think this sort of security offering would be welcomed, but that seems not to be the case. It took Microsoft only a week to get the message and remove the application from its download area.

At first it seemed like a good idea: provide a private folder where a user could put files that would be encrypted and password-protected - just the thing for parents who want to hide the family finances (or grown-up content) on the family computer, or by anyone with a laptop to reduce the risk when it gets stolen. (Note I said "when," not "if." For security planning, you must assume they will be stolen and make sure important data will not be compromised when they are.)

What is wrong with Private Folder? Within a few hours after the program was made available, complaints began to show up on Microsoft-related blogs. All the comments I saw concerned the impact of Private Folder in corporations.

These comments fell into two categories: First, worry about giving employees the ability to hide files from their bosses; one can imagine all sorts of things an employee might want to hide, from purloined copies of the corporate family jewels to love letters to a co-worker. Second, worry about dealing with forgotten passwords: From experience, one of the biggest corporate support problems is some people's ability to forget their passwords over a long weekend. In addition, employees could encrypt important files, then be fired or hit by a truck - leaving the IT department without a way to recover the files.

Apple has had an equivalent function for a while - FileVault, in OS X - with few complaints. I expect most of the lack of complaint comes from the fact there is so little penetration of Macs in corporate America, but in addition, the way the application is designed lends it better to centralized IT management. FileVault has a master password that can be set by the IT group and used to unlock FileVaults on individual computers.

It seems to me the issue with Microsoft's technology is more than a bit overhyped. Users have been able to password-protect or encrypt files on Windows machines for years. Applications exist such as WinZip and Microsoft's own file- and folder-encryption function for Windows XP.

I'm not sure why Private Folder created such a stir - maybe because it was so easy to use, and because the pundits did not have much else to talk about that week. It is a shame this function is now lost to users who badly need something like this, but Microsoft's loss is its competitors' gain: There are a bunch of companies ready to sell you file-, folder- or whole-disk encryption applications. If you keep confidential information on your laptop, and you do not have a Mac, look into them.

Disclaimer: Harvard has the same operations issues as any other $2 billion-per-year business, but has no opinion on how you should protect your data (unless it's Harvard data).