[Clips] Storm Brews Over Encryption 'Safe Harbor' in Data Breach Bills

Adam Shostack adam at homeport.org
Fri Jun 3 07:56:43 EDT 2005


On Fri, Jun 03, 2005 at 12:12:31AM -0400, Thierry Moreau wrote:
| Here is a suggestion for an encrypted data exception based on reasonable 
| key management principles:
| 
| --------------------
| 
| Sec xyz) The [breach notification requirement set forth in section ...] 
| does not apply to [breached data portions] for which the following 
| conditions are demonstrably met:
| 
| a) the [breached data portion] is in an encrypted form using an 
| encryption algorithm and an encryption key that can be shown to be 
| [resistant / comptatible or equivalent to NIST recommended practice for 
| encrypting classified data],
| 
| b) the said encryption key has always been under the sole control of the 
| [data originator],
| 
| c) the [data originator] is in a position to retire every copy of the 
| said encryption key from operations, and
| 
| d) the [data originator] takes all resaonable steps to so retire every 
| copy of the said encryption key from operations as soon as the [data 
| breach event] is known to [the data originator], and completes such 
| retirement within [a delay e.g. the same delay as for notification].
| 
| The evidence that conditions a) to d) are met shall be [kept for auditor 
| review / filed with an incident report otherwise mandated]
| 
| --------------------
| 
| Is that actually a reasonable key management principle?

No.  If I get your database with SQL injection, all conditions are
met, and I have your plaintext.  But, the data is in an encrypted
form, and you're saved.

Adam

| Is it possible the the US law-makers adopt such sensible approaches?
| 
| -- 
| 
| - Thierry Moreau
| 
| CONNOTECH Experts-conseils inc.
| 9130 Place de Montgolfier
| Montreal, Qc
| Canada   H2M 2A1
| 
| Tel.: (514)385-5691
| Fax:  (514)385-5900
| 
| web site: http://www.connotech.com
| e-mail: thierry.moreau at connotech.com
| 
| 
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list