17 Dec
2003
17 Dec
'03
11:17 p.m.
I can't think of any real security risks introduced by allowing employees the use of encryption, that weren't present already. Certainly none mentioned thus far fit the bill. Have a look at Matt Blaze's paper from Usenix last week. He describes a smart-card based key escrow system for file encryption -- the risk to the company is that an employee will quit, forget a password, walk in front of a truck, etc. -- at which point they're unable to get at the files that this person created -- files that the company owns in accordance with the provision of the free-market contract willingly agreed to by this employee.