Educause Security Discussion mailing list archives
Re: Encryption of university data
From: Steve Werby <smwerby () VCU EDU>
Date: Fri, 21 Jul 2006 09:18:02 -0400
Stephen C Gay wrote:
unlawful data may be stored on University resources. One possible way to get around this would be a key escrow which, with proper authorization, would allow specified administrators to reset the encryption hash & decrypt the data. This would resolve any legal investigation issues.
This is probably also desirable for other situations such as a user forgetting the password on a volume or being unable or unwilling to provide it. However, as long as a user can install other encryption software or transfer encrypted data to a university resource, a user will be able to store prohibited or unlawful data on a university resource.
I'm interested in learning what the group thinks about the use of encryption in an educational environment and how it may (or may not) have been implemented in your respective organizations.
It's almost becoming a necessity to avoid public relations fiascos and comply with applicable laws. We're in the beginning stages of exploring technology, policies and procedures for encrypting data on laptops. I've been using TrueCrypt in projects outside the university where I'm employed and have had good success with it so that's the technology we're focusing on. -- Steve Werby Office of Information Technology VCU School of Dentistry 804-827-1585 smwerby () vcu edu
Current thread:
- Encryption of university data Stephen C Gay (Jul 19)
- <Possible follow-ups>
- Re: Encryption of university data Steve Werby (Jul 21)
- Re: Encryption of university data Harold Winshel (Jul 21)
- Re: Encryption of university data Chris Green (Jul 21)