On Fri, Nov 21, 1997 at 10:02:22AM +0000, Ian Brown wrote:
Several people have made the point that, while companies may wish to be
able to recover some stored e-mail, they most definitely do NOT want
other items to be recoverable in the case of court demands that material
be handed over. Microsoft is providing a prime example of this right
now. The Department of Justice is using, to great effect, internal
Microsoft e-mail to show that they did not originally intend to
integrate Internet Explorer with Windows.
[...]
Your company may take great steps to securely delete such sensitive
mail. If it has already travelled over an insecure network, it could be
intercepted and stored by a competitor. Encryption will prevent them
reading it then. But what if they get a court order demanding you hand
over your Corporate Message Recovery Key? If all your mail is also
encrypted to this CMRK, you're in trouble.
Of couse, this is a problem intrinsic to either CMR or CKE. You are in
precisely the same trouble with key escrow -- they save the mail, then
demand the escrowed key via court order.
--
Kent Crispin "No reason to get excited",
kent(_at_)songbird(_dot_)com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html