login
government email / security
-
No new posts
 2016-07-07 1:01 PM |
Master 5557    , California |  Subject: government email / securitySo I had a question that sort of branches off from the Hillary thread, but deserves a discussion of its own. In the USA, how do we - as a republic - both secure our government email communications AND preserve them for recordkeeping / FOIA requests / historical archiving? I'm a tech guy so this crosses my mind a lot. Don't worry, this isn't a question about the tech, but rather it's about how we handle government oversight.
In the civilian world, on the simple side, most of us email back and forth and things sit on a Microsoft or Yahoo or Google server. Maybe your ISP's server. In any case it is all plain text and anyone in the system can read it. If the FBI subpoenas one of those companies, they just hand it all over. If someone hacks it, they can read everything. If you want to secure your email, you can set up a public/private key and encrypt. In a nutshell, only you and the recipient can read the contents of that email. Done properly, it is pretty robust and safe.
Now look at the government context. Let's take someone like the Secretary of State. Lots of email correspondence with lots of different government officials. A lot of those have multiple recipients. My gut feeling is the government servers should have a similar setup. Everyone gets their own key. All the public keys go on a government server. Anyone official correspondence gets encrypted. Only the intended recipients can read it. And you can verify that the person who sent it is, indeed, who you think it is. That's the "easy" part. So now, someone like the FBI wants to legally read a bunch of email which they were not involved with. This means we need a master key to decrypt it. Who owns that key?Who secures it from foreign actors? Separation of powers is a major design feature of the Constitution. Is a master key too much power concentrated in one place? I'm not a government official at that level, so I honestly don't know what kind of system they have in place. This is really the NSA's wheelhouse, but they are focused on *foreign* surveillance. So I'm asking how you would approach this. |
| 2016-07-07 2:07 PM in reply to: spudone |
Champion 10157 Alabama | Subject: RE: government email / security I think government email should all be on government servers and archived at the server level. I was surprised to hear today that members of congress have private email accounts. I think this should change. All work that a congressmen does should be subject to FOIA rules. I was also surprised at the ignorance a couple of the congressmen displayed today concerning email and handling of classified information. The biggest challenge facing the country is preserving these electronic records but at the same time protecting our nations secrets as well as corporate intellectual property. Cyber security is the fastest growing technical field in the country right now. |
| 2016-07-07 2:41 PM in reply to: spudone |
| Deep in the Heart of Texas | Subject: RE: government email / security It's a really good question. IMHO, if it is classified it should only be shared with encryption like you described. In this day and age it seems to complicated not to send information electronically, but sometimes convenience is outweighed by security. I don't believe anyone should have a master key. If the executive branch believes it needs to see an encrypted email, they should get a court order. Once again, checks and balances can be inconvenient but that is the price of the republic. |
| 2016-07-07 2:58 PM in reply to: 0 |
Champion 10157 Alabama | Subject: RE: government email / security Originally posted by Hook'em It's a really good question. IMHO, if it is classified it should only be shared with encryption like you described. In this day and age it seems to complicated not to send information electronically, but sometimes convenience is outweighed by security. I don't believe anyone should have a master key. If the executive branch believes it needs to see an encrypted email, they should get a court order. Once again, checks and balances can be inconvenient but that is the price of the republic.
nevermind Edited by Rogillio 2016-07-07 2:59 PM |
| 2016-07-07 3:23 PM in reply to: 0 |
| Master 5557 , California | Subject: RE: government email / security Originally posted by Hook'em It's a really good question. IMHO, if it is classified it should only be shared with encryption like you described. In this day and age it seems to complicated not to send information electronically, but sometimes convenience is outweighed by security. I don't believe anyone should have a master key. If the executive branch believes it needs to see an encrypted email, they should get a court order. Once again, checks and balances can be inconvenient but that is the price of the republic. Right, but I mean, *after* they get a court order, there has to be some way to decrypt it. Who owns that special key? The Supreme Court maybe? I think probably a majority of our government people are non-technical and don't think about this stuff. To me, the #1 priority should be securing communications against foreign intrusion. Preventing abuse by our own officials is #2. But those things sometimes conflict :/
Edit: and to Rogillio, I agree about archiving it and keeping it on government servers. If you're a government official, you need to adjust, and be vigilant about using work email for work only, and personal email for non-work. I think there can and should be random bi-partisan audits to check for compliance. Edited by spudone 2016-07-07 3:27 PM |
|
|
|
| |||
| |||
| |||
| |||
|
|
View profile
Add to friends
Go to training log
Go to race log
Send a message
View album
CONNECT WITH FACEBOOK