Ahem. Anyone else spotting the uk-sized loophole?
Noone employed in those affected departments are allowed to bring the data out of the hose on enencrypted passwords.
How many consultants are they currently hiring?
And, have the UK all-of-a-sudden standardized on a sane encryption scheme that couldn't be decrypted using a 1940s computer setup?
Are they supplying all of their contractors with something resembling a sane standard to use for those CD's they are sending out to developers?
How about the data they are shipping abroad, quite possibly to countries where encryption that cannot be brute-force opened on a 1990s pda, such as France?
I guess the real improvement will only happen when an EU-Directive establishing a standard for encrypting private data surfaces, and this standard of course should establish a clear and consise method for several vendors to implement software to handle the files. Any other option would be illegal, since there would be no possibility for competing products. Since such a standard would have to be established all over EU, the maximum level of encryption, would be the lowest common multiplum limited by local laws. Unless our frogeating friends has fixed their hopeless law, we can look forward to a standard resembling the CSS of DVD. Thus, the encryption will be on level with ROT13.
Isn't this wonderful?
//Svein