In message
<[log in to unmask]>,
at 16:53:12 on Thu, 6 Mar 2008, "Tinsley, Chris"
<[log in to unmask]> writes
>Most people would have no qualms about looking through a wallet or
>handbag to find out ownership, so personally I would delve in to the
>USB stick.
I agree with that part.
>If you don't want somebody to look at it, firstly don't lose it
But that's too flippant, you could say the same about a wallet. Who
actually *wants* to lose a wallet, but people still do.
>secondly encrypt it
Which doesn't get Andrew any further forward, it just moves his question
every slightly to:
"what checks should it make before giving the encrypted USB
stick to the first person who turns up and claims it's theirs?"
And as ever, what's the threat model? Someone wanting a £20 memory stick
free (which they'll wipe anyway), or a voyeur who wants to see what a
random memory stick might contain? If it's someone who knows very well
that it's not their stick, and whose it is, and they have some crafty
reason for wanting to see it - well that's getting into quite marshy
territory as one of my old bosses used to say.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|