Interesting People mailing list archives
IP: COMMENTARY on MEEK's DEADMAN WALKING
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 28 Oct 1996 16:24:23 -0500
-- Dave: If you use this, let's make it anonymous -- better that way. Less likely to be scurrilous backlash. [from a very experienced senior scientist djf] ================== On a humorous note .... If, as Brock Meeks writes, the "Key Recovery Access Policy [is] better known by its stunningly apt acronym, KRAP", then Mr. Spock would almost surely observe that "it is logical for the so-called 'key recovery access providers' to be known KRAPers." On a serious note... Remember that there was a big flap within the last 5 years when some company holding large databases of personal information (medical perhaps) was sold, perhaps at a bankruptcy sale. The databases of sensitive personal information were suddenly in the hands of an organization having no relationship to the original purpose for which the data was collected -- a privacy infraction, and not necessarily subject to the same safeguards and protection -- a security infraction. When Brock Meeks asks: What happens if one of the so-called "key recovery access providers" goes bankrupt while in possession of millions of keys? Are those keys automatically turned over to the FBI for "safekeeping"? Are they "auctioned off," much like the Resolution Trust Corporation auctioned off real estate it foreclosed on? Another question should be added: Are these millions of keys to be seen as assets of the bankrupt business, to be disposed of to any buyer as part of a fire sale? Or a variation on the issue: What happens if a provider sells itself to another organization, not necessarily in the business of being a provider? Do the legal obligations imposed on the provider -- whatever they turn out to be -- transfer as legal obligations on the acquiring organization? As so often observed in recent times ... the devil is in the details.
Current thread:
- IP: COMMENTARY on MEEK's DEADMAN WALKING Dave Farber (Oct 28)