Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!emory!rsiatl!jgd From: jgd@rsiatl.UUCP (John G. DeArmond) Newsgroups: comp.org.eff.talk Subject: Re: "Bad" backups Message-ID: <4752@rsiatl.UUCP> Date: 11 Nov 90 07:05:46 GMT References: <46473@apple.Apple.COM> Organization: Radiation Systems, Inc. (a thinktank, motorcycle, car and gun works facility) Lines: 42 landon@Apple.COM (Landon Dyer) writes: >As an additional prescription against disaster, encrypt the backups. >This gives you: > o Plausible deniability. "Gosh, sir, it looks like *all* of my > backups are bad like this. Holy cow!" > o The ability to stonewall. The interesting question is, are > you required to reveal the key if your backups are siezed? > Ah, but human memory can be _so_ frail.... I don't know why we spend so much time thinking up trite methods to skirt the law. The fact is that if reading a tape backup became an issue in court, and you had the data encrypted, the judge WOULD order you to reveal the password (I know from experience.), perhaps under seal. If you "forgot" the password, the judge would most likely allow you to reconsider your memory loss while sitting in jail on contempt. If you lie about it, you'll probably spend a LOT of time in jail thinking about perjury. When that issue came up in a case I was involved in, my attorney warned me that the WORST thing I could do would be to have a memory loss. We did keep the tapes secret but it was because we convinced the judge that we'd suffer irreprable harm if the contents were released to the other side and NOT because we tried to fool the court with juvenile tricks. BTW, I DID have to give the judge ALL involved passwords and they WERE kept from the other side. Since the law almost always looks at intent, the mere fact that a proprietary file is on a backup tape that is generally inaccessable to users is not incriminating. Inaccess coupled with the fact that you have made no illegal use of the data is adequate defense. Of course, if you have a handle like "Lord of Data Death" and enjoy cracking others' computers, you maybe should be paranoid and degauss the tapes BEFORE it becomes an issue. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"