[Dataloss] (article) "We recovered the laptop!" ... so what?

Chris Walsh cwalsh at cwalsh.org
Tue Feb 13 10:49:17 EST 2007


The laptop and the passphrase are in the same laptop bag, which is  
stolen.

Game Over.


That is why a good law will require that the key not be lost, and  
(more generally) will set a key management floor, as well as  
specifying which encryption methods are approved, and saying that  
encryption is safe harbor only for instances of physical theft of the  
device.  No current state laws do these things, IIRC.  Only one of  
them even *defines* encryption, and they (Nevada) do it horribly wrong.


On Feb 13, 2007, at 7:50 AM, security curmudgeon wrote:

>
> For the sake of argument, I'll disagree here.
>
>
> That said, can you describe a scenario other than what I described  
> above
> as a viable way to get to the client data on my laptop?


More information about the Dataloss mailing list