[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Having your own computer means never having....
-----BEGIN PGP SIGNED MESSAGE-----
[email protected] +1-510-484-6204 scribbles:
> > >Beyond that, unrestrained encryption is dangerous to corporations, because
> > >what's to stop a ticked off employee from encrypting everything in the office
> >
> > What to stop him/her from shredding everything in the office? This is a
> > personnel/legal problem; there's nothing special about the use of
> > cryptography (except that it might be reversable).
> Reversability is the main difference - the disgruntled fired ex-sysadmin
> can encrypt everything and promise to restore it for big bucks plus amnesty.
> On the other hand, hiding the backup tapes and shredding everything is
> relatively reversable as well, and has the advantage that you can
> threaten to sell it to the competitors, so it's not much different.
OK. What's to stop this irked employee from simply *taking*
everything? I just don't see how encryption has any special
significance here.
In either case, the person would probably find themselves in the
middle of some fairly big criminal and civil litigation.
> When I was an undergrad, an ex-sysadmin left the University,
> and a week or so after he was gone, the database system announced
> that it would self-destruct in a week. They had to keep the system
> shut down for a couple of weeks and change the system clock while
> they hunted for the time-bomb, and the same sort of thing could be
> done in many modern systems without crypto, though crypto makes it easier.
I'm still not sure how it makes it easier. If you're a programmer,
it's probably easier to insert a trapdoor than to set up some kind of
encryption to take place after the fact. If you are just hiding data,
taking it is as effective and encrypting it. Safer, in fact, because
it wouldn't be open for cryptographic attack.
The only real use I could see is getting data out of a company to a
competetor, and if security is lax enough to let encrypted email out,
it's probably lax enough to walk out with a 8mm tape and 5+ GB of
data.
Bob
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLgcgguS0CjsjWS0VAQH6sQP/Wc1aWslwUYyLwQvKtpkXda2qqrjc9D70
PWx4FRwT+j1lXSGQvel3Aq+KDzW93qtCpEk7ugZCKssDiM4y/lZ0408CQVVSmccj
jLEYbGrxP8/DIl9aT4mc6u4hU+UsJdT9fMLCMlplux0quUILOdg0JBRIdCb5pLii
ibUgPkgL01A=
=RGOW
-----END PGP SIGNATURE-----