[Top] [All Lists]


1997-11-21 23:58:57
On Fri, Nov 21, 1997 at 10:02:22AM +0000, Ian Brown wrote:
Several people have made the point that, while companies may wish to be
able to recover some stored e-mail, they most definitely do NOT want
other items to be recoverable in the case of court demands that material
be handed over. Microsoft is providing a prime example of this right
now. The Department of Justice is using, to great effect, internal
Microsoft e-mail to show that they did not originally intend to
integrate Internet Explorer with Windows.


Your company may take great steps to securely delete such sensitive
mail. If it has already travelled over an insecure network, it could be
intercepted and stored by a competitor. Encryption will prevent them
reading it then. But what if they get a court order demanding you hand
over your Corporate Message Recovery Key? If all your mail is also
encrypted to this CMRK, you're in trouble.

Of couse, this is a problem intrinsic to either CMR or CKE.  You are in
precisely the same trouble with key escrow -- they save the mail, then
demand the escrowed key via court order.

Kent Crispin                            "No reason to get excited",
kent(_at_)songbird(_dot_)com                    the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55

<Prev in Thread] Current Thread [Next in Thread>