From: smb@research.att.com
Date: Sun, 19 Jun 94 06:39:26 PDT
To: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
Subject: Re: Having your own computer means never having....
Message-ID: <9406191339.AA24789@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 I can't think of any real security risks introduced by allowing
	 employees the use of encryption, that weren't present already.
	 Certainly none mentioned thus far fit the bill. 

Have a look at Matt Blaze's paper from Usenix last week.  He describes
a smart-card based key escrow system for file encryption -- the risk
to the company is that an employee will quit, forget a password, walk in
front of a truck, etc. -- at which point they're unable to get at the
files that this person created -- files that the company owns in
accordance with the provision of the free-market contract willingly
agreed to by this employee.