USAF Colonel: Starbucks WiFi Is More Secure Than The Pentagon Network

from the thanks-a-latte dept

Tue, Oct 1st 2013 1:38pm — Timothy Geigner

Some of the major issues raised during this NSA debacle have gone beyond the question of if the government should be collecting all of this data on roughly all the people to where this data is stored, what's done with it, and how access to it is controlled.They are big questions, because no matter what you think about the surveillance programs perpetrated against the American people, any inability to secure the information collected by the government should be an automatic deal-killer. So, how secure is data on government systems in general? Eh, go grab a cup of coffee before I tell you.

Because while you're at your local Starbucks, the free WiFi offered to you provides some of your answer, at least according to one US Air Force Colonel in charge of providing legal defense for accused 9/11 conspirators. She says the Pentagon's network wasn't as secure as Starbucks'.

Col Mayberry ordered her team of lawyers to stop putting sensitive documents on that system in April, citing their ethical obligation to protect confidentiality. The lawyers have since been using personal computers to email documents from coffee shops and hotel lobbies. Col Mayberry cited evidence that defence files had been lost or altered, prosecutors and defence lawyers were temporarily given access to some of each other's emails, and outside monitors tracked defence researchers' work as they visited terrorism-related sites to prepare for the case.

"It's not speculative or hypothetical," Col Mayberry said. "It happened."

Well isn't that a kick in the hard drive? The two possibilities, that either defense files were accessed by parties outside of the military or federal government, or that someone within the military and/or government was poking mortar-sized holes in the legal rights of the accused, each present their own frightening problems. But the result is the same. The same government that wants us to accept that information about us should be collected can't secure the systems on which that data is stored enough to protect our rights.

The prosecution predictably slammed the defense team, asking if they weren't "concerned about the nice man in the green apron looking over" their shoulders as they worked. Here's a fun thought experiment. Imagine you're on trial and you have two people to choose from to look at your defense team's information, strategies, etc. One is a barista. The other is a shadow of a profile picture, by which you can't determine who the hell is reviewing this stuff. Which one do you choose? Barista, or mystery avatar?

The point is that a government inept enough to have the kind of laughable security for legal proceedings sure as hell can't be trusted with my phone records. Period, paragraph, end of story.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cafes, defense department, pentagon, security

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Josh in CharlotteNC (profile), 1 Oct 2013 @ 1:09pm

"The point is that a government inept enough to have the kind of laughable security for legal proceedings sure as hell can't be trusted with my phone records. Period, paragraph, end of story."

1000 times this. Huge amounts of data like the NSA has on people would be a treasure trove for identity thieves and hackers using social engineering. It's bad enough the government has it, let alone that they can't secure it.

It's not far fetched to think that hackers could get at those databases. Foreign governments probably already can access it just like Snowden did. Kevin Mitnick listened in on FBI agent's phone calls. As I posted in chat last week, hackers have had long term access to LexisNexis's and other big data companies' databases ( http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ ).

So when the NSA's database is inevitably breached - if it hasn't been already, are they going to sign me and 300 million others up for a year of free credit monitoring? I somehow doubt it.
[ link to this | view in thread ]
crash2parties (profile), 1 Oct 2013 @ 2:28pm

Well...
While I agree with the philosophical arguments regarding our government & data collection, all Starbucks does is connect you to the Internet. Not exactly a fair comparison. And, how do we know that there isn't a proxy involved somewhere between the coffee place and the Internet? You know, that one where you agree to the coffee shop's terms and conditions...?
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 2:59pm

Government IT security in general
is awful.

I mean, truly awful, mind-boggingly, pervasively, persistently, awful in a way that should make anyone with the slightest clue want to run, not walk, to the nearest bar and start downing scotch by the bottle.

It's pretty much a catalog of worst practices, whether it's the feds using 10-year-old unpatched operating systems, the states relying on unidirectional firewalls, or cities with network gear still happily configured with default passwords.

In nearly every case, the best remediation strategy would be to run to the nearest university and ask a junior-level CS class to re-engineer the whole setup. They couldn't possibly do worse than what's in place.

That won't happen, of course: it'll either be a combination of denial and obfuscation, or they'll pay some vendor $120M to replace the old terrible shit with new terrible shit.
[ link to this | view in thread ]
Jake, 1 Oct 2013 @ 3:23pm

Re: Well...
And I bet the Air Force can make better coffee, too.
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 3:27pm

"asking if they weren't "concerned about the nice man in the green apron looking over" their shoulders as they worked."

Well, let's see, whoever passes for the system admin of a coffeehouse with a wi-fi connection is unlikely to be interested in the case work of a few lawyers. Even if they were, their ability to impact a case would be extremely limited.

Yeah, not very concerned.

Unknown government persons on the other hand are much more likely to be interested in the case work of some government lawyers, and be in a position to impact the case.

Yeah, much more concerned.
[ link to this | view in thread ]
Rapnel (profile), 1 Oct 2013 @ 3:34pm

Re:
But it already has been hacked and that by the weakest link in the security chain: from inside.

It's been hacked to justify watch lists.

It's been hacked to justify itself.

It's been hacked to (re)justify drug and tax issues.

It's been hacked through and through by a process that is far from democratic.

National Security has hacked the nation.
[ link to this | view in thread ]
PRMan, 1 Oct 2013 @ 3:38pm

Re: Government IT security in general
"ask a junior-level CS class to re-engineer the whole setup"

How do you think they got there to begin with?
[ link to this | view in thread ]
Hot Dog Tied To A Post, 1 Oct 2013 @ 4:00pm

You can trust US
Read in a slow undulating drawl:

You can trust US, we are the government. We are here to look after you and protect you. We would never ever do anything wrong. We always look after your privacy because we really really care about you and your family. We don't want anything to happen to you because we are the good guys.

End slow undulating drawl.

There is a man who occasionally told a security related story about when he was in the Navy. He worked at a secure facility where it was required that your photo id was to be checked manually before going through. The security staff just waved you through. He got a bit upset about this and decided to push the matter. He cut out a gorilla face and put in on his pass. When he next went through the security check, he presented the pass and asked them a couple of times to check his id. They just tried to wave him through. Everything hit the fan because a senior officer came up behind him and wanted to know what was happening. Well, you can imagine what happened next.

I know of another centre where the security guard (who just happened to be an Irishman) would let you through to the main doors if he recognised you. But until you presented the correct level of id, he would not allow you to go any further, no matter who you where. This included the CEO. No appropriate pass no entry. To allow non-passed people into the centre, written authorisation from the centre management was required and if this was not forthcoming, that was where you stayed.
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 4:15pm

Funny. But...
...it also sounds like a Starbucks endorsement. Not for the coffee, per se, but for their wifi. What possible reason could the authorities want to encourage folks to feel really comfortable using Starbuck's wifi? Sounds ludicrous given the all-access pass the NSA has to all Internet info, but "ludicrous" seems to be the MO for gov't agencies sporting three-letter acronyms. I'm sure the FBI would very much like their job to made easier somehow.
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 4:24pm

"Starbucks WiFi Is More Secure Than The Pentagon Network"

and it probably costs a few million dollars less too (at best).
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 4:29pm

Re: Re: Well...
Any coffee made by the government will be worse and will cost a whole lot more.
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 5:09pm

Any surprises here? I doubt it!
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 6:00pm

Re:
at worst
[ link to this | view in thread ]
Anonymous Coward, 1 Oct 2013 @ 7:39pm

Re: Re:
At worst it probably costs a few billion dollars less.
[ link to this | view in thread ]
any moose cow word, 1 Oct 2013 @ 10:01pm

Just more of the same... They only care about data security when it effects them personally, the same reason why congress got their panties in a bunch over the warrantless spying.
[ link to this | view in thread ]
Ninja (profile), 2 Oct 2013 @ 4:04am

So if I go to the nearest Starbucks I can safeky surf the net without the NSA spying on me (it's more secure, right?).

Too bad I hate Starbucks. Damn bland coffee.
[ link to this | view in thread ]
HOW TO HACK WIFI EASILY, 4 Oct 2013 @ 10:35pm

thank's for sharing this topic whit us

http://www.youtube.com/watch?v=BTzONnXXdqc
[ link to this | view in thread ]