U.S. spy agencies ... email for cybersecurity
George - AD7RL
nanog at armorfirewall.com
Tue Jul 10 22:22:47 UTC 2012
To be fair, we really should listen to what he had to say;
The introduction by Wolfowitz doesn't really help the credibility, but the
master of FUD knows you have to build a foundation of truth in order to
layer on the FUD.
Alexander's technical discussion is pretty good. He seems to at least know
the basics of the issues he addresses. It's his conclusions I have trouble
First and foremost, he proposes addressing the problem of insecure systems
by layering on another system. This approach hasn't worked yet, and is
even less likely to work in the future.
If they build this system, can they keep malicious hackers out? Chinese?
Russians? If they can build this system securely, why not just go without
it, and rebuild the existing systems securely?
While they may only be interested in data streams, and not email content,
as he said: How will you build it with the capability of examining binary
attachments or links, but not email content? By nature, this system would
have the capability of reading our mail, even if that's not the stated
purpose. How long until mission creep starts looking for keywords?
Then there's issues of concern mainly to technical people. Many on this
list have the capability of doing some really bad stuff to the network.
Would it be justifiable to watch these people a little more closely than
the general public? The public might not mind (yet), but should all of our
discussions (i.e., intellectual property) be automatically forfeited to
Both signed and proposed legislation have opened the door to "greater
cooperation between the military and homeland security". Should this
capability of the military be available to DHS to hunt out "subversives"?
Can they guarantee that there will be no mission creep? No searching (or
archiving) of email contents? And most of all, can they guarantee that it
will never get pwned?
More information about the NANOG