An organization received a subpoena requesting access to data that resides on an employee’s computer. The organization uses PKI. Which of the following is the
BEST way to comply with the request?
A.
Certificate authority
B.
Public key
C.
Key escrow
D.
Registration authority
E.
Key recovery agent
I think its C since “Key Escrow” is used in cases where a third-party needs access to encrypted data, as defined by law (so if you get a court order to decrypt data), while a “Recovery Agent” is someone who is permitted to decrypt another user’s data in case of emergency and has a key that can accomplish the decryption. The question states that “organization received a subpoena (from court?)[…]”
0
0
Think the answer is correct. See below about escrow:
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is key disclosure law, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntary self incrimination. The ambiguous term key recovery is applied to both types of systems.
Then read this article:
https://www.schneier.com/academic/archives/1997/04/the_risks_of_key_rec.html skip down to 1.2 and it states key recovery agent is still valid for third parties
0
0