Spoilation, escrows, courts, pigs.
Trei, Peter
ptrei at rsasecurity.com
Thu Aug 2 07:25:19 PDT 2001
BU writes:
Peter Trei writes:
> > You may be a lawyer, but I'm a cryptographic software engineer.
> >
> > Cleansing disks and memory of keys and plaintext isn't done
> > to prevent some hypothetical court from looking at evidence;
> > there are good, legally unremarkable reasons to do so, which
> > are regarded as good hygiene and 'best practice' in the
> > industry.
>
> Unfortunately, that conduct is going to be assessed by some old guy who
> was
> once a lawyer, and who I highly doubt was ever a cryptographic software
> engineer. (The latter actually has to think hard on a regular basis).
>
> [Lots of good stuff elided for brevity]
>
> > Destroying sensitive data is part of doing the job right, in
> > a professional, 'best practice' manner.
>
> Again, it's going to be an uphill battle to get a jury of people too
> stupid to
> get out of jury duty to believe that. You might think about a side job
> offering expert testimony services for this exact thing.
>
Judges have to take testimony on subjects they know little about
all the time.
Yes, I'd consider being an EW (but generally not for free). I'd have no
problem showing that zeroisation is a standard practice - in fact, it's
mandated by some government standards for protecting classified data.
Peter Trei
More information about the cypherpunks-legacy
mailing list