USAF Colonel: Starbucks WiFi Is More Secure Than The Pentagon Network
from the thanks-a-latte dept
Some of the major issues raised during this NSA debacle have gone beyond the question of if the government should be collecting all of this data on roughly all the people to where this data is stored, what's done with it, and how access to it is controlled.They are big questions, because no matter what you think about the surveillance programs perpetrated against the American people, any inability to secure the information collected by the government should be an automatic deal-killer. So, how secure is data on government systems in general? Eh, go grab a cup of coffee before I tell you.
Because while you're at your local Starbucks, the free WiFi offered to you provides some of your answer, at least according to one US Air Force Colonel in charge of providing legal defense for accused 9/11 conspirators. She says the Pentagon's network wasn't as secure as Starbucks'.
Col Mayberry ordered her team of lawyers to stop putting sensitive documents on that system in April, citing their ethical obligation to protect confidentiality. The lawyers have since been using personal computers to email documents from coffee shops and hotel lobbies. Col Mayberry cited evidence that defence files had been lost or altered, prosecutors and defence lawyers were temporarily given access to some of each other's emails, and outside monitors tracked defence researchers' work as they visited terrorism-related sites to prepare for the case.Well isn't that a kick in the hard drive? The two possibilities, that either defense files were accessed by parties outside of the military or federal government, or that someone within the military and/or government was poking mortar-sized holes in the legal rights of the accused, each present their own frightening problems. But the result is the same. The same government that wants us to accept that information about us should be collected can't secure the systems on which that data is stored enough to protect our rights.
"It's not speculative or hypothetical," Col Mayberry said. "It happened."
The prosecution predictably slammed the defense team, asking if they weren't "concerned about the nice man in the green apron looking over" their shoulders as they worked. Here's a fun thought experiment. Imagine you're on trial and you have two people to choose from to look at your defense team's information, strategies, etc. One is a barista. The other is a shadow of a profile picture, by which you can't determine who the hell is reviewing this stuff. Which one do you choose? Barista, or mystery avatar?
The point is that a government inept enough to have the kind of laughable security for legal proceedings sure as hell can't be trusted with my phone records. Period, paragraph, end of story.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cafes, defense department, pentagon, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
1000 times this. Huge amounts of data like the NSA has on people would be a treasure trove for identity thieves and hackers using social engineering. It's bad enough the government has it, let alone that they can't secure it.
It's not far fetched to think that hackers could get at those databases. Foreign governments probably already can access it just like Snowden did. Kevin Mitnick listened in on FBI agent's phone calls. As I posted in chat last week, hackers have had long term access to LexisNexis's and other big data companies' databases ( http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ ).
So when the NSA's database is inevitably breached - if it hasn't been already, are they going to sign me and 300 million others up for a year of free credit monitoring? I somehow doubt it.
[ link to this | view in chronology ]
Re:
It's been hacked to justify watch lists.
It's been hacked to justify itself.
It's been hacked to (re)justify drug and tax issues.
It's been hacked through and through by a process that is far from democratic.
National Security has hacked the nation.
[ link to this | view in chronology ]
Well...
[ link to this | view in chronology ]
Re: Well...
[ link to this | view in chronology ]
Re: Re: Well...
[ link to this | view in chronology ]
Government IT security in general
I mean, truly awful, mind-boggingly, pervasively, persistently, awful in a way that should make anyone with the slightest clue want to run, not walk, to the nearest bar and start downing scotch by the bottle.
It's pretty much a catalog of worst practices, whether it's the feds using 10-year-old unpatched operating systems, the states relying on unidirectional firewalls, or cities with network gear still happily configured with default passwords.
In nearly every case, the best remediation strategy would be to run to the nearest university and ask a junior-level CS class to re-engineer the whole setup. They couldn't possibly do worse than what's in place.
That won't happen, of course: it'll either be a combination of denial and obfuscation, or they'll pay some vendor $120M to replace the old terrible shit with new terrible shit.
[ link to this | view in chronology ]
Re: Government IT security in general
How do you think they got there to begin with?
[ link to this | view in chronology ]
Well, let's see, whoever passes for the system admin of a coffeehouse with a wi-fi connection is unlikely to be interested in the case work of a few lawyers. Even if they were, their ability to impact a case would be extremely limited.
Yeah, not very concerned.
Unknown government persons on the other hand are much more likely to be interested in the case work of some government lawyers, and be in a position to impact the case.
Yeah, much more concerned.
[ link to this | view in chronology ]
You can trust US
You can trust US, we are the government. We are here to look after you and protect you. We would never ever do anything wrong. We always look after your privacy because we really really care about you and your family. We don't want anything to happen to you because we are the good guys.
End slow undulating drawl.
There is a man who occasionally told a security related story about when he was in the Navy. He worked at a secure facility where it was required that your photo id was to be checked manually before going through. The security staff just waved you through. He got a bit upset about this and decided to push the matter. He cut out a gorilla face and put in on his pass. When he next went through the security check, he presented the pass and asked them a couple of times to check his id. They just tried to wave him through. Everything hit the fan because a senior officer came up behind him and wanted to know what was happening. Well, you can imagine what happened next.
I know of another centre where the security guard (who just happened to be an Irishman) would let you through to the main doors if he recognised you. But until you presented the correct level of id, he would not allow you to go any further, no matter who you where. This included the CEO. No appropriate pass no entry. To allow non-passed people into the centre, written authorisation from the centre management was required and if this was not forthcoming, that was where you stayed.
[ link to this | view in chronology ]
Funny. But...
[ link to this | view in chronology ]
and it probably costs a few million dollars less too (at best).
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Too bad I hate Starbucks. Damn bland coffee.
[ link to this | view in chronology ]
http://www.youtube.com/watch?v=BTzONnXXdqc
[ link to this | view in chronology ]