Was catching up on Bruce Schneier’s blog when I came across this posting. Immediately made me think of a conversation me and several members of our skywalk team were having on Friday over lunch at one of the local pubs. We were talking about the inadequacies of various types of security measures being considered by the UK Government, in particular the laughable ID Card Scheme. Rob made some interesting points about the government push of ID Cards in the UK and the relationship or lobbying for them by PKI vendors, im hoping he’ll blog about soon….anyway…
I remember rather anecdotaly mentioning during the conversation that whilst at aQtive Justin, Alan and myself briefly worked with a company called topsoft, who almost a decade ago had developed a full disk encryption system, which they were selling to other companies and the UK DoD. FDE systems have often been considered overkill, but encrypting every bit of information on a machine does mean that you dont need to rely on the user consciously choosing what to encrypt and what not to.
It is interesting that the US Government has decided to open up this selection of a product in the form of a competition … I find myself agreeing with Schneier’s assessment that:
It’s certainly a high-stakes competition among the vendors, but one that is likely to improve the security of all products. I’ve long said that one of the best things the government can do to improve computer security is to use its vast purchasing power to pressure vendors to improve their security.
But I’ve always been really wary of the whole idea of Key Escrow, the system just seems far too easy to abuse, and some of the worse violations of privacy, encroachment of civil liberties and indeed human rights have been perpetrated by so called patriots under the banner of “national security“.