1994-06-21 - Re: Having your own computer means never having….

Header Data

From: Bob Snyder <snyderra@dunx1.ocs.drexel.edu>
To: bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Message Hash: 60d291efb9d82ac0feb67b960b0338603fc88e4b1cbf5652d5adbd91fd032547
Message ID: <199406211717.NAA22170@dunx1.ocs.drexel.edu>
Reply To: <9406210653.AA24992@anchor.ho.att.com>
UTC Datetime: 1994-06-21 17:19:08 UTC
Raw Date: Tue, 21 Jun 94 10:19:08 PDT

Raw message

From: Bob Snyder <snyderra@dunx1.ocs.drexel.edu>
Date: Tue, 21 Jun 94 10:19:08 PDT
To: bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Subject: Re: Having your own computer means never having....
In-Reply-To: <9406210653.AA24992@anchor.ho.att.com>
Message-ID: <199406211717.NAA22170@dunx1.ocs.drexel.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

bill.stewart@pleasantonca.ncr.com +1-510-484-6204 scribbles:

> > >Beyond that, unrestrained encryption is dangerous to corporations, because
> > >what's to stop a ticked off employee from encrypting everything in the office
> > 
> > What to stop him/her from shredding everything in the office?  This is a
> > personnel/legal problem; there's nothing special about the use of
> > cryptography (except that it might be reversable).

> Reversability is the main difference - the disgruntled fired ex-sysadmin
> can encrypt everything and promise to restore it for big bucks plus amnesty.
> On the other hand, hiding the backup tapes and shredding everything is
> relatively reversable as well, and has the advantage that you can
> threaten to sell it to the competitors, so it's not much different.

OK.  What's to stop this irked employee from simply *taking*
everything?  I just don't see how encryption has any special
significance here.

In either case, the person would probably find themselves in the
middle of some fairly big criminal and civil litigation.

> When I was an undergrad, an ex-sysadmin left the University,
> and a week or so after he was gone, the database system announced
> that it would self-destruct in a week.  They had to keep the system
> shut down for a couple of weeks and change the system clock while
> they hunted for the time-bomb, and the same sort of thing could be
> done in many modern systems without crypto, though crypto makes it easier.

I'm still not sure how it makes it easier.  If you're a programmer,
it's probably easier to insert a trapdoor than to set up some kind of
encryption to take place after the fact.  If you are just hiding data,
taking it is as effective and encrypting it.  Safer, in fact, because
it wouldn't be open for cryptographic attack.

The only real use I could see is getting data out of a company to a
competetor, and if security is lax enough to let encrypted email out,
it's probably lax enough to walk out with a 8mm tape and 5+ GB of
data.

Bob

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgcgguS0CjsjWS0VAQH6sQP/Wc1aWslwUYyLwQvKtpkXda2qqrjc9D70
PWx4FRwT+j1lXSGQvel3Aq+KDzW93qtCpEk7ugZCKssDiM4y/lZ0408CQVVSmccj
jLEYbGrxP8/DIl9aT4mc6u4hU+UsJdT9fMLCMlplux0quUILOdg0JBRIdCb5pLii
ibUgPkgL01A=
=RGOW
-----END PGP SIGNATURE-----




Thread