Suggestions for a more privacy conscious email provider

Naslund, Steve SNaslund at medline.com
Mon Dec 4 23:22:48 CST 2017


There are all kinds of factual issues with the arguments in the referenced document.

1.  During Desert Storm I personally sent hundreds of STU-IIIs to the sandbox.  They didn't go in diplomatic pouches, they went as Air Force cargo like everything else.  The State Department did not have to "smuggle" anything.  They use diplomatic pouch as a way to prevent the receiving country from inspecting the shipments.  This is common for all cryptographic devices, classified or not.  Also commonly used for Playboy magazines and bottles of scotch going into Saudi Arabia.

2.  Treason is not applicable here because there must be a declared war.  Treason requires interaction with a declared enemy during a time of war.  I know that term gets thrown around haphazardly lately but it is a very specific legal term.

3.  Asking a government agency act as the KDF is so demonstrably brain damaged we don't even need to go into the problems with that.  They have shown that:

	a. They are not interested in keeping your data secure, in fact they would like to keep as much of it in their databases as possible.

	b.  Most of the organizations you listed have been breached multiple times and receive failing grades under their own IT standards for security.

	c.  International organizations are even worse.  So, if my keys are stored by the IEEE does that mean that only countries that are part of the United Nations can get access to my data.  I feel much better now :)

4.  Sending a device or technology out of the US does not equal an export under ITAR.  In your example, if a device is going to be used by US Government employees or military personnel and kept under their control, it is not an export.  As a matter of fact a US company can use export restricted software and hardware in foreign countries in most cases if it is under to control of US Nationals.  i.e. US company can use high encryption licenses for Cisco devices inside of China branch offices to secure their VPN connections.  My company has this in writing, we did all of the appropriate export paperwork and then was told it was unnecessary since the software remains under the control of US nationals (of course they know that all the foreign intel agencies already have it so they are not worried about James Bond sneaking in the middle of the night to reverse engineer it).

5.  The DirNSA has a vested interest in the collection of intelligence and the security of US GOVERNMENT systems as his primary responsibilities.  Securing US private entities is way down his list of priorities and if in conflict with his primary missions will take a back seat.  Not treason my friend just focus on his mission. 

Steven Naslund 
Chicago IL

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Brad Knowles
Sent: Monday, December 04, 2017 4:55 PM
To: valdis.kletnieks at vt.edu
Cc: nanog at nanog.org; Grant Taylor
Subject: Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:51 PM, valdis.kletnieks at vt.edu wrote:

>> Do I count?  I only accused the Director of the NSA of High Treason 
>> in my letter to the editors of the Communications of the ACM (see 
>> <http://www.shub-internet.org/brad/cacm92nov.html>).
> 
> Treason fail.  What declared enemy of the US did the Director provide 
> aid and comfort to?



More information about the NANOG mailing list