Mrs. Mecomber's Scrapbook

Talking technology, computers, and the Internet… for the average computer user

Posts Tagged government

Government Gmail Use: Is It Wise?

Jan 14

Posted by Mrs. Mecomber in Google, crime, email programs, news | 2 Comments

I saw this excellent article by Paul Strassman (writing a guest post for Larry Dignan) at ZDNet. I admit, though- I did not know that government officials– in this case, the Department of Defense– use Gmail for their government correspondence. Holy cow!

Federal Chief Information Officer Vivek Kundra has been a consistent advocate of increasing the government’s use of commercially available technologies, such as Gmail. In fact, as the District of Columbia’s chief technology officer, Kundra implemented Google Apps, including Gmail, for all District employees.

A number of Department of Defense (DoD) organizations are already using Gmail. Meanwhile, Google has made secure Gmail the default choice in light of the cyberattack the company detailed on Tuesday.

…Once you can wiretap, you can eventually figure out how to distinguish Gmail traffic from other traffic, and reverse engineer how Gmail data is replicated across servers.

There is no defense against a hostile party with full physical access to your server room. That is why Google’s only logical option is to withdraw all physical servers from China.

There are two Google data centers in China, almost surely co-hosted on shared facilities and not owned by Google. Similarly, there is a co-hosted facility in Russia. Unless a facility is owned and operated by Google it would be always suspect, and even then it would not qualify to operate DoD classified mail.

DoD should therefore not consider Gmail as a viable option because it cannot be trusted. Only a secure DoD Private Cloud, isolated from the Internet, can be seen as an acceptable option.

It’s a contentious issue- the comments on the post are filled with such incredulity as I express. And an update to the post was issued later today, when Google spokesman spoke out:

The premise of Mr. Strassman’s post is without merit: there’s no need to withdraw servers that store Gmail information from China because there aren’t any there.

I think Mr. Strassman’s post IS merited… because while Mr. Strassman does mention the recent cyberattack on Google’s Gmail as an impetus for moving DoD mail away from Gmail, the premise IS that the DoD, and truly all government offices, should have their own secure email system outside of the “cloud” maintained by global business. It’s just good sense. It blows my mind that the DoD has email with Gmail! Doesn’t the government have their own system?! It mirrors the same bafflement that I have regarding the SSL issues with online banking websites– their security is pitiable, whereas my photo-sharing account is tighter than a drum. Crazy!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , ,

Microsoft Denies NSA Backdoor in Windows 7

Nov 30

Posted by Mrs. Mecomber in computers, crime, surveillance | 4 Comments

This is eyebrow-raising.

Microsoft denies it built ‘backdoor’ in Windows 7
Don’t worry, company tells users; NSA involved only in security compliance standards

November 19, 2009 (Computerworld) Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.

“Microsoft has not and will not put ‘backdoors’ into Windows,” a company spokeswoman said, reacting to a Computerworld story Wednesday.

On Monday, Richard Schaeffer, the NSA’s information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 “to enhance Microsoft’s operating system security guide.”

Pardon me, but I find it VERRRRY hard to believe anything Microsoft OR the NSA has to say. Maybe they did, maybe they didn’t. It does not help that both companies resort to Newspeak, either: “enhance” the security guide?? Enhance, huh?

*bells and whistles*

The story goes on:

Microsoft’s rejection of the idea that it’s hidden a backdoor in Windows came as no surprise to security researchers, who yesterday expressed doubt that the company would put its reputation at such risk. “I can’t imagine NSA and Microsoft would do anything deliberate, because the repercussions would be enormous if they got caught,” Roger Thompson, the chief research officer of antivirus vendor AVG Technologies, said yesterday.

John Pescatore, an analyst with Gartner Research, agreed. “[The concerns] are way overstated,” he said today in an e-mail. “NSA worked with Microsoft and others, like Cisco, on security configuration standards for [their] products.”

Cisco, in fact, has built “lawful intercept” capabilities into its products, including its Internetworking Operating System (ISO) and its VoIP (Voice over Internet Protocol) lines. The term describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications under authorization, such as electronic wiretap orders.

“Lawful intercept” capabilities, eh? What law? This is surveillance without probable cause. I’d like to know where in the Constitution it says government can monitor the activities of American citizens.

It’s getting crazy out there…

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , ,

Federal Data-Protection Law

Nov 24

Posted by Mrs. Mecomber in crime, security news | Comments off

On the surface, this sounds like good news. Basically, it’s a bill that would create a national standard for protection of data, and would require notification of breaches of sensitive data. Data breaches, data sharing, and data theft has become FAR too common, and businesses and the government have treated it very lightly. So, I’m hoping this new bill would help resolve it– of course, I’m also hoping the government hasn’t added a ton of pork or liberty-killing bills dog-eared with this bill. :-p

Federal data-protection law inches forward
The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration.

If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data, and protecting data while it is in transit and at rest.

The bill would introduce a federal breach-notification standard under which companies would be required to notify not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures — such as encryption — to protect sensitive data. Companies would also not be required to immediately disclose a breach if it would hinder a criminal investigation. But such exemptions would need to be vetted by the Secret Service. The law provides for penalties against executives of companies that willfully conceal a data breach.

Here’s hoping we see some change….

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , , ,

More Thought Control Regulations Coming

May 29

Posted by Mrs. Mecomber in Internet, crime, news | 3 Comments

I happened across this news alert at the Volokh Conspiracy website. Yikes!!

Federal Felony To Use Blogs, the Web, Etc. To Cause Substantial Emotional Distress Through “Severe, Repeated, and Hostile” Speech?

That’s what a House of Representatives bill, proposed by Rep. Linda T. Sanchez and 14 others, would do. Here’s the relevant text:

Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both….

["Communication"] means the electronic transmission, between or among points specified by the user, of information of the user’s choosing, without change in the form or content of the information as sent and received; …

["Electronic means"] means any equipment dependent on electrical power to access an information service, including email, instant messaging, blogs, websites, telephones, and text messages.

1. I try to coerce a politician into voting a particular way, by repeatedly blogging (using a hostile tone) about what a hypocrite / campaign promise breaker / fool / etc. he would be if he voted the other way. I am transmitting in interstate commerce a communication with the intent to coerce using electronic means (a blog) “to support severe, repeated, and hostile behavior” — unless, of course, my statements aren’t seen as “severe,” a term that is entirely undefined and unclear. Result: I am a felon, unless somehow my “behavior” isn’t “severe.”

2. A newspaper reporter or editorialist tries to do the same, in columns that are posted on the newspaper’s Web site. Result: Felony, unless somehow my “behavior” isn’t severe.

3. The politician votes the wrong way. I think that’s an evil, tyrannical vote, so I repeatedly and harshly condemn the politician on my blog, hoping that he’ll get very upset (and rightly so, since I think he deserves to feel ashamed of himself, and loathed by others). I am transmitting a communication with the the intent to cause substantial emotional distress, using electronic means (a blog) “to support severe, repeated, and hostile behavior.” (I might also be said to be intending to “harass” — who knows, given how vague the term is? — but the result is the same even if we set that aside.) Result: I am a felon, subject to the usual utter uncertainty about what “severe” means.

4. A company delivers me shoddy goods, and refuses to refund my money. I e-mail it several times, threatening to sue if they don’t give me a refund, and I use “hostile” language. I am transmitting a communication with the intent to coerce, using electronic means “to support severe, repeated, and hostile behavior.” Result: I am a felon, if my behavior is “severe.”

5. Several people use blogs or Web-based newspaper articles to organize a boycott of a company, hoping to get it to change some policy they disapprove of. They are transmitting communications with the intent to coerce, using electronic means “to support severe, repeated, and hostile behavior.” Result: Those people are a felon. [sic] (Isn’t threatening a company with possible massive losses “severe”? But again, who knows?)

6. John cheats on Mary. Mary wants John to feel like the scumbag that he is, so she sends him two hostile messages telling him how much he’s hurt her, how much she now hates him, and how bad he should feel. She doesn’t threaten him with violence (there are separate laws barring that, and this law would apply even in the absence of a threat). She is transmitting communications with the intent to cause substantial emotional distress, using electronic means “to support severe, repeated, and hostile behavior.” Result: Mary is a felon, again if her behavior is “severe.”

The examples could be multiplied pretty much indefinitely. The law, if enacted, would clearly be facially overbroad (and probably unconstitutionally vague), and would thus be struck down on its face under the First Amendment. But beyond that, surely even the law’s supporters don’t really want to cover all this speech.

More and more laws are being passed that are something very akin to “thought control” laws. I was recently interviewed by the Associated Press (more on that later) about the FTC’s upcoming vote on whather to pass a law that restricts bloggers from expressing opinions about advertising.. it’s a very convoluted issue, made very murly by the FTC itself.. I’ll have more on it later. You can read about the issue here if you want.

But have you been paying attention to the pattern? The government wants more and more control of the Internet, especially the “little guys” and their opinions and thoughts. It’s getting PRETTY scary, folks. I think it’s getting time to put away the tuxedo shirts, stop playing Mr. Nice Guys, and roll up the sleeves for some pushing back. This is OUR Internet and I am very happy being independent without YOU, Mr. Government. :-p

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: ,

Changes Are in the Air

Jan 10

Posted by Mrs. Mecomber in Internet | 1 Comment

The coming conversion of television reception from analog airwaves to digital is bringing much more than a switch from one converter box to another. This is going to really shake things up, quite a bit. I remain skeptical (as I usually do with anything the government puts its hand into).

This could be good, could be bad:

WASHINGTON — Before he steps down as chairman of the Federal Communications Commission, Kevin Martin still hopes to win approval for his plan to auction off a slice of the airwaves for a free nationwide wireless broadband network.

So to increase the chances that his proposal will win the support of his fellow commissioners, Martin said this week that he has removed one especially contested element: a requirement that the provider of the wireless network filter Internet content to block any material deemed inappropriate for children.

The only problem with government beneficence is that government control always follows. As much as I think I like the idea of freely-accessible, free WiFi, I am hesitant to give it my complete stamp of approval because government has a tendency to abuse power, and continue a system of, for example, taxation, for centuries. The telephone excise tax to pay for the Spanish-American War is still a law, for pete’s sake! So whether it’s tea leaves or Blackberry plants, the government wants it’s nose in it, and they will want to tax it forever!

And the initial sell is almost always “for the children,” isn’t it? Hey- that’s a noble and worthy cause, protecting the kids, yes. But we’d be idiots if we thought that was all the government would (or will) have up their sleeves. Eventually, government control will move from nannying the children to nannying the adults. I am not concerned with protecting pornography as free speech– faaaar from it– but I AM concerned with government shutting down free speech, criticism, and the transmission of information, especially when it is the government that feels criticized. These are dangerous grounds.

Perhaps a middle-ground of free, controlled airwaves with Wi-Fi is doable, but there must be limits on government control and not just limits of information/citizen control.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , ,