mailing list archives
Re: PRISM: NSA/FBI Internet data mining project
From: "Robert Mathews (OSIA)" <mathews () hawaii edu>
Date: Thu, 06 Jun 2013 22:46:12 -0400
On 6/6/2013 9:28 PM, Leo Bicknell wrote:
However many of the people on NANOG are in positions to affect positive change at their respective employers.
- Implement HTTPS for all services.
- Implement PGP for e-mail.
- Implement S/MIME for e-mail.
- Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine.
- Create better UI frameworks for managing keys and identities.
- Align data retention policies with the law.
- Scrutinize and reject defective government legal requests.
- When allowed by law, charge law enforcement for access to data.
- Lobby for more sane laws applied to your area of business.
Being an AGENT or AGENCY of Change is not an activity most are CAPABLE
of effectively thinking about, let alone acting upon. The act of
effectively initiating change will take far more than passing a few
emails, memos, or having a few lengthy conversation at the water
cooler. Implementation of some, most, or all of the offered
suggestions - while good (even essential), involves wholistic thinking,
planning, proper budgeting, coordinating expertise and tasking - well
beyond present day operational limits for a lot of shops.
The high tech industry has often made the government's job easy, not by intention but by laziness. Keeping your
customer's data secure should be a proud marketing point.
Laziness aside, permit me to humbly note that emphasis on COMPLIANCE
(with sane or insane laws) alone, neither ENSURES, nor ASSURES security
for oneself or one's customers.
All the best
* Dr. Robert Mathews, D.Phil.
* Distinguished Senior Research Scholar
* National Security Affairs & U.S Industrial Preparedness
* Office of Scientific Inquiry and Applications
* University of Hawai'i
* Secure Messaging/Voice/Video available/