Simple (simplistic?) question.
If the data are encrypted when they are collected, stored encrypted, and
only decrypted by a known set of people with a known set of keys, then is
it not true that:
a) you are no longer reliant on the operating system or network security at
all, because, at best, the data can only be removed and replaced with
substitute data, which seeing that the data contains reasonably unique
"identifying data" would be very difficult or impossible: in essence, the
data could only be trashed, not falsified, and more importantly it could
*not* be stolen
b) you have reduced security to a key management problem (stolen keys,
borrowed keys, etc.)?
I'm very interested in the answer to this perhaps overly elementary question.
John
P.S. The question ignores the issue of electronic signatures, but that
question is derivative I would say.
