Interesting People mailing list archives
IP: Another worthwhile for Corp Execs -- Computer hard disc
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 24 Aug 1998 10:33:55 -0400
Date: Sun, 23 Aug 1998 21:08:34 -0600 (MDT) From: Colin Plumb <colin () nyx net> To: farber () cis upenn edu Does anyone know just *how* this scanning works? Do they take the hard drive out of the laptop, or interface to it somehow? What connector do they use? What do they do if the laptop doesn't have that connector? Can they deal with zip disks? Jaz? Syquest? Those new 120 MB superfloppies? SCSI? PCMCIA hard drives? PCMCIA flash memory cards? I mean, geez, if I want to smuggle data, a waveLAN with a high-gain directional antenna will span the straits of Dover very nicely. (Okay, maybe assuming good weather is a bit optimitic, but there's *some*.) What I wonder is what happens when I present the customs inspector with a thick non-disclosure agreement specifying in excruciating detail the logging and auditing procedures for access to the data in question, requiring that fingerprints for each individual with access be maintained on file, along with proof of residency in a county with an extradition treaty for trade-secret violations, that challenge inspections of access logs be made available, with the cost to be borne by the maintainer if any irregularities are uncovered, that liability insurance in the about of $1,000,000 be maintained against unintentional disclosure, etc. etc. Of course, I have several such (slightly different) agreements with different organizations. Since I am a big important crypto consulatant, they are organizations with absolutely masses of lawyers on staff. (Heck, let on eof them be the American Bar Association.) It would almost be fun to land in Heathrow with a fingerprint pad and be prepared to *do* all this, while explaining to the customs inspector that I can authorize disclosure to him/her personally, but if he is doing this on behalf of H.M. Customs, I need to bind H.M. Customs and need him/her to affirm in writing that he/she is an officer of the agency empowered to make such agreements, and present them with a frightening-looking form enumeating the penalties for falsely representing oneself as an officer of H.M. Government. Oh, more scary legalese ideas... Challenge ispections cease when the disclosee has submitted a notarized affadavit attesting to the destruction of all copies of the secret material and handed over final copies of the access logs. Complicated instructions to executors and heirs on the disposal of the material in the event of the demise of the disclosee. Even more complicated instructions in the event of the disappearance and presumed death of the disclosee. All this, of course, requires three disinterested witnesses. Fortunately, such are in plentiful supply at airport customs, but they will have to be filled in on the details of what's happening... "*Then*, inspector, I can decrypt the files for your inspection." (I mean, with penalties like these for accidental disclosure, of *course* I keep it securely encrypted.) An interesting question is whether they'd accept deletion in lieu of disclosure, and whether they have any idea about undeletion. (I could easily build a disk-wiper that pretended to do random overwrites, but really just re-encrypted the data.) -- -Colin
Current thread:
- IP: Another worthwhile for Corp Execs -- Computer hard disc Dave Farber (Aug 24)