Re: Encryption of university data

[Steve Werby <smwerby () VCU EDU>]

Stephen C Gay wrote:
> unlawful data may be stored on University resources. One possible way to
> get around this would be a key escrow which, with proper authorization,
> would allow specified administrators to reset the encryption hash &
> decrypt the data. This would resolve any legal investigation issues.

This is probably also desirable for other situations such as a user
forgetting the password on a volume or being unable or unwilling to
provide it.  However, as long as a user can install other encryption
software or transfer encrypted data to a university resource, a user
will be able to store prohibited or unlawful data on a university resource.

> I'm interested in learning what the group thinks about the use of
> encryption in an educational environment and how it may (or may not)
> have been implemented in your respective organizations.

It's almost becoming a necessity to avoid public relations fiascos and
comply with applicable laws.  We're in the beginning stages of exploring
technology, policies and procedures for encrypting data on laptops.
I've been using TrueCrypt in projects outside the university where I'm
employed and have had good success with it so that's the technology
we're focusing on.

--
Steve Werby
Office of Information Technology
VCU School of Dentistry
804-827-1585
smwerby () vcu edu