[Dataloss] (article) "We recovered the laptop!" ... so what?
Chris Walsh
cwalsh at cwalsh.org
Tue Feb 13 10:49:17 EST 2007
The laptop and the passphrase are in the same laptop bag, which is
stolen.
Game Over.
That is why a good law will require that the key not be lost, and
(more generally) will set a key management floor, as well as
specifying which encryption methods are approved, and saying that
encryption is safe harbor only for instances of physical theft of the
device. No current state laws do these things, IIRC. Only one of
them even *defines* encryption, and they (Nevada) do it horribly wrong.
On Feb 13, 2007, at 7:50 AM, security curmudgeon wrote:
>
> For the sake of argument, I'll disagree here.
>
>
> That said, can you describe a scenario other than what I described
> above
> as a viable way to get to the client data on my laptop?
More information about the Dataloss
mailing list