security policy question

[Tom Thomson]

I would be inclined to be a nuisance and insist on a change of wording: for example to somehing like "carried out under my personal password and code while that password and code are being used by me or with my consent."

Tom

-----Original Message-----
From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-bounces at chiark.greenend.org.uk] On Behalf Of Root
Sent: 04 March 2013 23:30
To: ukcrypto at chiark.greenend.org.uk
Subject: security policy question

Hi All,

I am not sending this from my usual account as gmail seems to have hit 
various blacklists. Even though the 2 factor auth and MITM detection seems 
to be a good thing in a web-mail service. So instead i am probably going to 
be giving spamd on this OBSD box a good work out.

I am looking for a bit of advice.
I work for part of the NHS and was recently given a new version of our 
security policy to sign.
It contains the usual i will be a good citizen, take care of the datas, 
not hand out my password or transfer data onto unencrypted memory 
sticks/laptops and leave them in taxis etc.

I am generally in favor of these and usually have no problems appending my 
signature but the difference between the old and new policy is the 
following:
"I further understand that I am responsible for any transactions carried 
out under my personal password and code"

I have no confidence that it wouldn't be trivial for someone to get hold 
of my user-name and password by methods which don't involve me being 
irresponsible. 

Any advice would be very helpful before i make a nuisance of myself.

thanks
mike