[liberationtech] Concerns with new Stanford University security mandate
Rich Kulawiec
rsk at gsp.org
Sun Jan 26 02:36:59 PST 2014
On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote:
> To Liberation Tech:
>
> Stanford is implementing a new security policy detailed here:
>
> http://ucomm.stanford.edu/computersecurity/
First, if they were serious about security, they wouldn't be using
Microsoft products.
Second, backdooring end-user systems en masse provides one-stop shopping
to an attacker.
Third, "locating PII on systems" is not a solved problem in computing,
and for anyone to pretend otherwise is, at best, disengenuous. Not
only that, but anyone who's been paying attention to the re-identification
problem knows that non-PII is quite often just as sensitive.
Fourth, the simultaneous requirement that systems be backdoored
and searchable while their disks are encrypted strongly suggests
that they intend to have a central repository of encryption keys.
Fifth, the requirement for use of centralized backup also provides
one-stop shopping to an attacker.
Bottom line: this isn't about security, it's about control and monitoring.
---rsk
More information about the liberationtech
mailing list