On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote: > To Liberation Tech: > > Stanford is implementing a new security policy detailed here: > > http://ucomm.stanford.edu/computersecurity/
First, if they were serious about security, they wouldn't be using Microsoft products. Second, backdooring end-user systems en masse provides one-stop shopping to an attacker. Third, "locating PII on systems" is not a solved problem in computing, and for anyone to pretend otherwise is, at best, disengenuous. Not only that, but anyone who's been paying attention to the re-identification problem knows that non-PII is quite often just as sensitive. Fourth, the simultaneous requirement that systems be backdoored and searchable while their disks are encrypted strongly suggests that they intend to have a central repository of encryption keys. Fifth, the requirement for use of centralized backup also provides one-stop shopping to an attacker. Bottom line: this isn't about security, it's about control and monitoring. ---rsk -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.