Guardan 23/7/99: "Straw insists on e-mail interception powers "

[Ian BROWN]

Alan Ramsbottom wrote:
>> >All supplying hours and hours of techie-fun, but what advantage over
>> >existing PGP end-to-end application layer protection? 
>> 
>> The fact that there is no key which can be demanded of you 
>> under statutory powers before or after the transmission.
>
>Agreed, but that's losing the perspective I was hoping to evoke. In this
>scenario, you still need to cleverly hide or carefully dispose of your
>sensitive data after transmission/receipt via IPSEC, otherwise it's just as
>vulnerable when the [favourite force of darkness] arrives on the doorstep.

Obviously. But since the vast majority of PGP users stick with one key pair 
for years and years, compromise of their private key allows *anything* 
encrypted to them during that time period to be decrypted, if it has been 
intercepted at any point, archived on intermediate mail servers, etc. etc.

I know some people who keep all of their sent and received e-mail, but I 
*certainly* don't and regularly run free-space wiping software! And any 
company that doesn't want to end up with its sensitive messages subpoened and 
aired in open court would be rather foolish to do otherwise (can you say 
Microsoft??)

Ian.