The elementary OS team is working with System76 to come up with a better, more user friendly way to protect user data with disk encryption on OEM installs. "The problem in the past has been that, as a desktop Linux OEM, you cannot encrypt the installation before it's in the user's hands because then there is no guarantee that the encryption key is unique to that user. So customers would reinstall the entire OS from scratch immediately after receiving their computer - downloading the latest release of the OS, digging up a USB drive, flashing the drive, rebooting their computer, walking through the installer, and finally rebooting to finally use the computer. That's not ideal." The blog post goes on to discuss ways of enabling secure encryption by default while giving people the ability to opt-out of using encryption.