On Tue, Apr 04, 2017 at 05:40:54PM -0700, james woodyatt wrote: > On Apr 3, 2017, at 08:26, Rich Kulawiec <rsk@xxxxxxx> wrote: > > > > - if the data they provide access to will be retained > > > - if the data protected by the password will be modified or deleted > - if the software on the protected device will be modified or deleted You're absolutely right, those should be on the list. Let me also add two more. (1) Given the long, steady, depressing history of massive breaches of various governments' databases, there is no way to know if passwords acquired and data siphoned off will be adequately protected. (2) There's also no way to know what any enterprising person will independently choose to do with this veritable goldmine of saleable information -- doubly so given the lack of checks and balances, audits, controls, etc. ---rsk