Re: [privacy] Red Cross Laptop with Donor Information Stolen

[Peter Kosinar <goober () nuf ksp sk>]

> Do you still have to declare the loss of the data even if it was
> encrypted ?

> Yes.
>
> Or rather -- yes, that would be preferred, methinks.
>
> - ferg

Agreed.

First, without knowing anything about the "encryption" used, one cannot 
make any assumptions about the actual "security" (secrecy in particular) 
of the data. After all, a shift cipher (a variation on the Caesar theme) 
is a form of encryption, just a bit unsafe for data of substantial size 
[*]

Second, if I encrypt a critical file on my machine and then leave the 
decryption key lying right in the same directory, does it still classify 
as encryption? Yes, it does... yet the provided security is next-to-none.

Third, the "encryption" itself might be secure, yet it might be used in 
insecure fashion -- like, leaving temporary copies lying all around the 
disk. Moreover, it happens more often than not that a determined 
individual (attacker / forensic analyst) can find -very- interesting 
pieces of information in the unused portions of the filesystem.

So, the answer should be "YES, OF COURSE!"; and if it is not, something is 
definitely wrong... and it'll only get worse.

Peter

[*] Well, it IS absolutely secure for data one character long :-)

-- 
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278


_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy