#8 Jun 2022 Q3(e) 2 marks 1.4.2 encryption purpose

Question

Lead-in: A library has a LAN.

(e) The library does not use encryption when data is transmitted through the network. Give two reasons why the library should use encryption.

1 ......................................................................
2 ......................................................................

[2]

Why this question is tricky

A common misunderstanding was that encryption stops data being intercepted. The data can still be intercepted, but when opened it will be meaningless.— J277_01_ER_Jun2022.txt lines 251-253

MS complexity 3/10: Low marks but a top-cited misconception in the entire J277 ER corpus. The same trap is replayed in the Jun25 MS for Q2(b)(ii).

Full-marks model answer

  1. If data is intercepted during transmission it cannot be understood — encryption makes the data meaningless to anyone who does not have the key.
  2. Only authorised users with the decryption key can access the confidential personal data of library users, so the library protects confidential information.
Mark allocation (2 marks)
  • MP1: "Data cannot be understood if intercepted // the data will be meaningless".
  • MP2: "So that only authorised users can access the confidential material // protect confidential/personal/user/library data".
  • Alternative MP: "To follow legislation (e.g. DPA)".

Watch out for...

Never write "encryption stops data being intercepted". The data is intercepted; encryption makes it unreadable. This is the most-cited misconception in J277. Use the words meaningless or cannot be understood.