[cap-talk] More Heresey: ACLs not inherently bad

[Raoul Duke]

> Your first sentence is a widely stated fallacy, most often applied to encryption.  Encryption, the argument goes, hinders accessibility.  However, if the data is important enough to be protected, and encryption is not used, more draconian measures will be needed.  For example, if I don't encrypt customer data, I won't be allowed to carry it on my laptop, which means it is less accessible to me.

unfortunately, i think the comp.risks feed indicate it isn't the case,
at least often enough to make me sad; what regular folks do, even in
jobs where they are supposedly supposed to be careful, is the worst of
both worlds: they have no encryption and they carry the data around on
optical disks or laptops, and then lose it.

if those things were encrypted, then you have to ask how much of a
burden the decryption process is from a usability perspective. if it
is a large burden, i would not be surprised when people then write the
password down on a post-it note stuck to the same laptop etc.

sincerely.