U.S. spy agencies ... email for cybersecurity

George - AD7RL nanog at armorfirewall.com
Tue Jul 10 22:22:47 UTC 2012


To be fair, we really should listen to what he had to say;

http://www.c-span.org/Events/Director-of-NSA-Outlines-New-Threats-to-Security-and-Economy/10737432170-1/

The introduction by Wolfowitz doesn't really help the credibility, but the 
master of FUD knows you have to build a foundation of truth in order to 
layer on the FUD.

Alexander's technical discussion is pretty good. He seems to at least know 
the basics of the issues he addresses. It's his conclusions I have trouble 
with.

First and foremost, he proposes addressing the problem of insecure systems 
by layering on another system. This approach hasn't worked yet, and is 
even less likely to work in the future.

If they build this system, can they keep malicious hackers out? Chinese? 
Russians? If they can build this system securely, why not just go without 
it, and rebuild the existing systems securely?

While they may only be interested in data streams, and not email content, 
as he said: How will you build it with the capability of examining binary 
attachments or links, but not email content? By nature, this system would 
have the capability of reading our mail, even if that's not the stated 
purpose. How long until mission creep starts looking for keywords?

Then there's issues of concern mainly to technical people. Many on this 
list have the capability of doing some really bad stuff to the network. 
Would it be justifiable to watch these people a little more closely than 
the general public? The public might not mind (yet), but should all of our 
discussions (i.e., intellectual property) be automatically forfeited to 
the government?

Both signed and proposed legislation have opened the door to "greater 
cooperation between the military and homeland security". Should this 
capability of the military be available to DHS to hunt out "subversives"?

Can they guarantee that there will be no mission creep? No searching (or 
archiving) of email contents? And most of all, can they guarantee that it 
will never get pwned?



Cheers,
G_






More information about the NANOG mailing list