RE: Spoilation, escrows, courts, pigs.
From: Black Unicorn[SMTP:unicorn@schloss.li]
I also made some speculative suggestions about what encrypting such data might look like in a test case extending the facts to be a bit more edgy just to see where the limits were. Such a test case (of which there are none to my knowledge) would easily present a close issue to argue if a savvy prosecutor were around. I'm not sure anyone could tell how it would come out. Consider it a cautionary note for cypherpunks designing evidence destroying (concealing, whatever) systems.
BU: You may be a lawyer, but I'm a cryptographic software engineer. Cleansing disks and memory of keys and plaintext isn't done to prevent some hypothetical court from looking at evidence; there are good, legally unremarkable reasons to do so, which are regarded as good hygiene and 'best practice' in the industry. You've seen the posts on the 'sircam' virus, haven't you? All kinds of private documents flying around the world due to some asshole who gets egoboo out of smashing things. Keeping your documents encrypted helps protect against this kind of illegal surveillance. Backing them up on other computers (encrypted or otherwise) prevents them from being lost to a destructive virus. This is often easier than making copies on removable media. Running wipe programs such as BCwipe is also best practice - I've seen attacks which were based on searching swap files, end-of-file slack space, and unused blocks for 'interesting' data - whether keys (which can be recognized by their low redundancy) or passphrases (look for a printable string on it's own among a sea of binary data as the first cut). Did you know that Windows NT includes a switch to zeroize the swap file on system shutdown? Does Microsoft also need the 'cautionary note' you refer to above? (Yes, they did the right thing at least once :-). As one of the more experienced cryptoengineers at my company, I often wind up training new hires in the ways writing sensitive security software differs from ordinary programming. One of the most important lessons I impart is the necessity of zeroizing all sensitive data as soon as it's need has passed. The programmers also need to be very aware of how procedure calls use the stack, how the heap works, and the implications of garbage collection, disk and memory defragmentation. Destroying sensitive data is part of doing the job right, in a professional, 'best practice' manner. Peter Trei RSA Security
----- Original Message ----- From: "Trei, Peter" <ptrei@rsasecurity.com> To: "Tim May" <tcmay@got.net>; <cypherpunks@cyberpass.net>; "'Black Unicorn'" <unicorn@schloss.li> Sent: Wednesday, August 01, 2001 7:21 AM Subject: RE: Spoilation, escrows, courts, pigs.
From: Black Unicorn[SMTP:unicorn@schloss.li]
I also made some speculative suggestions about what encrypting such data might look like in a test case extending the facts to be a bit more edgy just to see where the limits were. Such a test case (of which there are none to my knowledge) would easily present a close issue to argue if a savvy prosecutor were around. I'm not sure anyone could tell how it would come out. Consider it a cautionary note for cypherpunks designing evidence destroying (concealing, whatever) systems.
BU:
You may be a lawyer, but I'm a cryptographic software engineer.
Cleansing disks and memory of keys and plaintext isn't done to prevent some hypothetical court from looking at evidence; there are good, legally unremarkable reasons to do so, which are regarded as good hygiene and 'best practice' in the industry.
Unfortunately, that conduct is going to be assessed by some old guy who was once a lawyer, and who I highly doubt was ever a cryptographic software engineer. (The latter actually has to think hard on a regular basis). [Lots of good stuff elided for brevity]
Destroying sensitive data is part of doing the job right, in a professional, 'best practice' manner.
Again, it's going to be an uphill battle to get a jury of people too stupid to get out of jury duty to believe that. You might think about a side job offering expert testimony services for this exact thing.
-- "Trei, Peter
Cleansing disks and memory of keys and plaintext isn't done to prevent some hypothetical court from looking at evidence; there are good, legally unremarkable reasons to do so, which are regarded as good hygiene and 'best practice' in the industry.
Black Unicorn
Unfortunately, that conduct is going to be assessed by some old guy who was once a lawyer,
Then we are all guilty, and not one person has been prosecuted yet, which is as close to being legal as any act can possibly be in today's America. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3MMmQiEVIfvH6y20TVf6+DEUtNHLYjeZtBX1MaTH 4acehcMco5Ge0UNNFSiMi2j8dkV+0u416jba1q5DZ
At 04:15 PM 8/1/01 -0700, Black Unicorn wrote:
Destroying sensitive data is part of doing the job right, in a professional, 'best practice' manner.
Again, it's going to be an uphill battle to get a jury of people too
stupid to
get out of jury duty to believe that. You might think about a side job offering expert testimony services for this exact thing.
"You mean to tell the court that you not only shred old documents, you *use a cross-cut* shredder too? What, a regular shredder isn't good enough? Obviously you were hiding something" ....... "PCBs may be destroyed by hacking with a fire ax and scattering the pieces." --IMPLEMENT A COMSEC EMERGENCY PLAN, US ARMY
participants (4)
-
Black Unicorn -
David Honig -
jamesd@echeque.com -
Trei, Peter