On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote:
> To Liberation Tech:
> 
> Stanford is implementing a new security policy detailed here:
> 
> http://ucomm.stanford.edu/computersecurity/

First, if they were serious about security, they wouldn't be using 
Microsoft products.

Second, backdooring end-user systems en masse provides one-stop shopping
to an attacker.

Third, "locating PII on systems" is not a solved problem in computing,
and for anyone to pretend otherwise is, at best, disengenuous.  Not
only that, but anyone who's been paying attention to the re-identification
problem knows that non-PII is quite often just as sensitive.

Fourth, the simultaneous requirement that systems be backdoored
and searchable while their disks are encrypted strongly suggests
that they intend to have a central repository of encryption keys.

Fifth, the requirement for use of centralized backup also provides
one-stop shopping to an attacker.

Bottom line: this isn't about security, it's about control and monitoring.

---rsk
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Reply via email to