On Mon, 30 Oct 1995, Doug Hughes wrote:
Since you deal with security issues maybe you can help me to learn about some issues with encryption. I am talking with one of the administration people about putting PGP on the system for everyone to use, but there are issues for them (the admin) as they might be liable, even if they can't read the e-mail. What other legal considerations should be evaluated? Is there any large organizations (like any other universities) that allow their students to use PGP, and have the system in place to make it easier for the students? If it is offered here I might be the one to add to the mail program (pine) that is generally used to transparently use PGP, which is what I mean by having a system set up for the encryption.
We have approx 1000 machines and 5000 user accounts and have pgp installed. I can't think of any reason not to have it installed, and lots of good reasons for having it installed.
"Me too," except the numbers are higher. I would think that you would worry more about your users getting a false sense of security from storing secret keys on a large multiuser system than about being held liable for naughty PGP-encrypted traffic. I don't see how you could be held liable anyway. How is PGP that much different from allowing your users to set a password on their account? It makes it harder for root to invade their privacy, but in general, we have very stringent requirements that must be satisfied before we'll read user directories or mail. -rich