1993-11-18 - Encryption: A Testimonial

Header Data

From: Arthur Chandler <arthurc@crl.com>
To: cypherpunks@toad.com
Message Hash: ee790eb4ca52c95454a46c626fa9e333157afb0340f1058d2dc44cca47b66104
Message ID: <Pine.3.87.9311171553.A1230-0100000@crl.crl.com>
Reply To: <Mgueoiy00awJMEBnVh@andrew.cmu.edu>
UTC Datetime: 1993-11-18 00:24:29 UTC
Raw Date: Wed, 17 Nov 93 16:24:29 PST

Raw message

From: Arthur Chandler <arthurc@crl.com>
Date: Wed, 17 Nov 93 16:24:29 PST
To: cypherpunks@toad.com
Subject: Encryption: A Testimonial
In-Reply-To: <Mgueoiy00awJMEBnVh@andrew.cmu.edu>
Message-ID: <Pine.3.87.9311171553.A1230-0100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain

  For a while, I thought that encryption was just for folks who had 
something REALLY important in their files -- formulas for the Neutron 
bomb, sales reports to crack dealers, illicit love letters, etc. :<) -- 
so I never bothered. Then, before I left on a sabbatical from my 
university, I reviewed the personal files in my computer there.
  "Hmmm.... only class syllabi, notes, committee reports. Nothing here 
to... Wait a minute!"
  It then occurred to me that some sections of those reports hold very 
sensitive information dealing with retention, tenure, and promotion of 
colleagues. There were also letters of recommendation for students in there.
  "Well, no one's going to look in here. Most of my colleagues are still 
using manual typewriters anyway. But, just in case, I'll just lock these 
files up with Norton Encrypt." -- Not exactly a heavyweight program, but 
adequate to my purposes.
  Then, a couple of months later, I get a call from the Dean. The 
University has  decided to give my computer an Ethernet connection; and 
one of the  techies has asked her (the Dean) for the password to my files 
so he can install the appropriate software.
  Wants the password to my personal files?
  So I went out to the university and confronted the man. Why did he feel 
he needed the password to my personal files in order to install ethernet 
protocol software? 
  I got a song and dance about how some of the software "wasn't working 
right" and so he thought that I might have something in there that 
conflicted with the ethernet software. 
  "But why didn't you just have the Dean contact me to come out and look 
in those files? And don't you think that you should ask before going 
into someone's computer, even to install ethernet software?"
  His answer was this: "These machines belong to the State of California. 
You don't own them. The State does. And any employee of the state -- like 
myself -- can go in any time and do whatever we feel is necessary to 
maintain the machines."
  What a case of chutzpah used to cover up moxie! 
  Needless to say, I objected strongly to this line of "reasoning" and 
suggested -- politely, of course -- that neither he nor anyone else was 
to get into the computer in my office without my express sayso. He walked 
out the door affirming his right to poke around in my computer in the 
name of the state.
  So my files stay encrypted. And if anyone on this list works for an 
organization that holds similar views on the nature of personal files 
within an organization-owned machine, I strongly recommend locking all 
sensitive files -- or putting a password on the whole machine.
   I realize that such tales may have been told in *Cypherpunks* before. 
But there's mine, just for the record.