- What is FileVault 2?
- Who should be using FileVault 2?
- How can I obtain it?
- How do I use FileVault 2 to encrypt my laptop?
- What should I know about decryption?
- What restrictions are there when traveling out of the country with an encrypted laptop?
A.FileVault 2 is an integral security feature for Macs that allows you to encrypt the contents of your entire drive. It uses full disk, XTS-AES 128 encryption to help keep your data secure. FileVault 2 requires OS X Lion or later, and OS X Recovery installed on your startup drive.
A. ISG recommends that faculty and staff use FileVault on their laptops if they contain Brown Restricted Information (especially frequent travelers). Use Identity Finder to determine the presence of BRI. If detected, either remove it, or if necessary, encrypt it.
A. FileVault 2 is built into the OS X operating system. It is available from the Security & Privacy pane of System Preferences. Click the FileVault tab in the Security & Privacy pane to enable or disable FileVault.
A. Detailed installation instructions can be found in the Apple document OS X: About FileVault 2.
A. When you turn off FileVault, encryption is turned off and the contents of your disk are decrypted. The decrypting of your disk could take a while, depending on how much information you have stored. However you can still use your computer to do other tasks while the decryption is occurring.
A. U.S. federal regulations control the export of "encryption commodities, software and technology" (see Code of Federal Regulations, Title 15, Section 740.17). There are, however, license exceptions that allow you to take encrypted laptops with them, provided that they return within the year and "retain effective control and ownership." This coverage is global except for the handful of embargoed countries that the U.S. government has designated as supporting terrorism. Travel to any of these countries requires that you remove any encryption technology from your laptop before entering it.
In addition, as some countries ban or severely regulate the use of encryption, you should check country-specific information before traveling with an encrypted laptop. Following is a partial list of those countries. Check the U.S. State Department website before traveling to verify that the information is still current. In addition, any faculty, post-docs, graduate students and PI's should check-in with OVPR, Insurance and Risk, and the Chief Information Security Officer (CISO) before travelling overseas.
- Burma (you must apply for a license)
- Belarus (import and export of cryptography is restricted; you must apply for a license from the Ministry of Foreign Affairs or the State Centre for Information Security or the State Security Agency before entry)
- China (you must apply for a permit from the Beijing Office of State Encryption Administrative Bureau; travelers should also refrain from purchasing a replacement laptop when visiting China as it is known; for intellectual espionage and such laptops could contain malware to steal content added to it)
- Hungary (import controls)
- Iran (strict domestic controls)
- Israel (personal-use exemption – must present the password when requested to prove the encrypted data is personal)
- Morocco (stringent import, export and domestic controls enacted)
- Russia (you must apply for a license)
- Saudi Arabia (encryption is generally banned)
- Tunisia (import of cryptography is restricted)
- Ukraine (stringent import, export and domestic controls)
Internal links about traveling:
- International Travel Information for all Brown University Travelers
- International Research Administration
External links about traveling:
- Encryption FAQs (Bureau of Industry & Security, BIS)
- EAR Controls for Items That Use Encryption (Bureau of Industry & Security, BIS)
- Department of State's Travel Alerts and Warnings
- FBI Safety and Security Guidance for Traveling Abroad
- Regulations for International Travel by US Residents
- Department of State Websites of US Embassies Consulates, and Diplomatic Missions
- Department of State Foreign Travel Registry