----- Original Message ----- From: "Trei, Peter" <ptrei@rsasecurity.com> To: "Tim May" <tcmay@got.net>; <cypherpunks@cyberpass.net>; "'Black Unicorn'" <unicorn@schloss.li> Sent: Wednesday, August 01, 2001 7:21 AM Subject: RE: Spoilation, escrows, courts, pigs.
From: Black Unicorn[SMTP:unicorn@schloss.li]
I also made some speculative suggestions about what encrypting such data might look like in a test case extending the facts to be a bit more edgy just to see where the limits were. Such a test case (of which there are none to my knowledge) would easily present a close issue to argue if a savvy prosecutor were around. I'm not sure anyone could tell how it would come out. Consider it a cautionary note for cypherpunks designing evidence destroying (concealing, whatever) systems.
BU:
You may be a lawyer, but I'm a cryptographic software engineer.
Cleansing disks and memory of keys and plaintext isn't done to prevent some hypothetical court from looking at evidence; there are good, legally unremarkable reasons to do so, which are regarded as good hygiene and 'best practice' in the industry.
Unfortunately, that conduct is going to be assessed by some old guy who was once a lawyer, and who I highly doubt was ever a cryptographic software engineer. (The latter actually has to think hard on a regular basis). [Lots of good stuff elided for brevity]
Destroying sensitive data is part of doing the job right, in a professional, 'best practice' manner.
Again, it's going to be an uphill battle to get a jury of people too stupid to get out of jury duty to believe that. You might think about a side job offering expert testimony services for this exact thing.