I just got notified by Ralph's Mimír service about the Slashdot posting mentioning the lost customer records at the Bank of America due to some lost back-up tapes. I've mentioned public-key cryptography before, and I think this is a case where they should have been using it because those back-up tapes should have been encrypted.
The way that that should have been done is typical to PK crypto systems: encrypt the key for a symetric cipher used to encrypt the data using the public keys of the people allowed access to the data. That way even if someone snagged the raw medium, the information would still have been safe[r].
So I now ask, why don't corps come standard with a PKI? The tech has been around for a decade or more.
