Re: (article) "We recovered the laptop!" ... so what?

[Chris Walsh <cwalsh () cwalsh org>]

The laptop and the passphrase are in the same laptop bag, which is  
stolen.

Game Over.


That is why a good law will require that the key not be lost, and  
(more generally) will set a key management floor, as well as  
specifying which encryption methods are approved, and saying that  
encryption is safe harbor only for instances of physical theft of the  
device.  No current state laws do these things, IIRC.  Only one of  
them even *defines* encryption, and they (Nevada) do it horribly wrong.


On Feb 13, 2007, at 7:50 AM, security curmudgeon wrote:

> For the sake of argument, I'll disagree here.
>
>
> That said, can you describe a scenario other than what I described  
> above
> as a viable way to get to the client data on my laptop?
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.