"MI5 laptop snatched"

Joe Dauncey toothbrushhead at yahoo.com
Tue, 28 Mar 2000 11:50:25 +0100 

Hi,

The problem is that the business chaps understand the legal/financial
liability that lies upon them and so takes measures to secure those keys
respective to that liability. If PC Plod then takes those keys, for which they
have no liability, then they are not so motivated to implement appropriate
security.

Also, as far as the business chap is concerned, there is a (relatively) warm
and cosy feeling when those keys are locked up in front of him, but when they
disappeared out of the building in PC Plod's briefcase/pocket, there is no
control over the security measures accorded to those keys.

There has just been something on the lunchtime news about an MI6 laptop being
pinched.

Cases like this do not suggest the entire physical security infrastructure of
the intelligence services is rubbish, but it does little to inspire
confidence. This is the reason that the measures accorded to securing keys is
so important to the business people who are affected by this bill.

Joe

Barnaby Prendergast wrote:

> >From: Ian G Batten <I.G.Batten@ftel.co.uk>
> >Reply-To: ukcrypto@maillist.ox.ac.uk
> >To: ukcrypto@maillist.ox.ac.uk
> >Subject: Re: BBC Online 24/3/2000: "MI5 laptop snatched"
> >Date: Mon, 27 Mar 2000 16:23:33 +0100 (BST)
> >
> > > Point being that if MI5 can be duped in public by "children", there is
> > > not an awful lot of hope for the AT&T chaps's keys being secure in an
> >
> >I think it is hubris of the highest form to assume that MI5 are
> >universally idiots while noble upstanding cheers cheers commercial folk
> >have security absolutely sorted.  Instead of worrying about plod seizing
> >keys and then exposing them, you should also worry about their being
> >exposed in the natural course of business.  If MI5, with support from
> >CESG and GCHQ, cannot build a secure system, we must at least accept the
> >possibility that commercial organisations may fail as well.
> >
> >ian
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Fair enough, but I don't think anyone would suggest that giving up
> keys would have a neutral efect on security risks. An insecure system
> just becomes worse, a good system is compromised, probably to an
> unacceptable level.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBON+JlsQoIXoJnS0EEQLa8QCg6jwkTP4GeezC80oAsqvJIfi3wysAnie3
> 6q42/jqMBQ/l9JXwncefpKOv
> =o9SP
> -----END PGP SIGNATURE-----
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com




__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com