In message
<[log in to unmask]>, at
13:44:17 on Fri, 1 Oct 2010, Ray Cooke <[log in to unmask]> writes
>You might find this link to ICO guidance useful
>
>http://www.ico.gov.uk/news/current_topics/our_approach_to_encryption.asp
x
That's mainly about encrypting the [whole of] computers [or storage
devices] at either end, rather than the communications between them.
Which is great for the situation when the PC is stolen, but if it's
plugged in and running then it will happily unencrypt the files for any
software, including malware, running on the PC (otherwise they'd be
uselessly inaccessible).
I understand that many security geeks have long been worried by the NHS
scheme that as long as you encrypt the transmission, it doesn't matter
if the material is available "in the clear" at both ends (and indeed on
intermediate servers).
The number of times things are intercepted whilst whizzing along through
fibre between manhole covers is pretty small. They are much much more
likely to leak off the end points.
Of course, you can also use a fundamentally unencrypted transmission
technology (such as basic e-mail) to send files [attachments] which have
been separately and individually encrypted. The problem with this is
that while it's OK for two people to arrange to exchange encryption keys
[complex passwords] for special occasions, to build a system where even
as few as a few thousand people can randomly exchange such files
relatively painlessly is very difficult.
And even if you've done that (I'd love to hear of any fairly big set of
regular correspondents who have actually achieved this) it's entirely
undermined if the people at either end then store individually
unencrypted versions of the files on their PCs.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|