Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Tailored Crypto Workshops in Brussels

Seth David Schoen schoen at eff.org
Tue Sep 2 16:32:46 PDT 2014


Piotr Chmielnicki writes:

> I'm a bit shocked by the content of this email.
> 
> Securing data of persons as important as the European Commission
> Officials should be the full time work of a dedicated elite infosec
> crew. I would be very surprised if there were no such things in place.

When I went Washington to lobby staff of U.S. legislators about
surveillance issues last fall, it appeared that most U.S. legislative
offices had little or no official information security resources, plans,
tech support, etc.  There are legislative committees that officially
deal with classified information, and those committees get official
information security support (including SCIFs in which to hold classified
conversations), but for the ordinary legislative office where the member
of the legislature works on a day-to-day basis, not so much.

Clearly there are some people who investigate particular cases
of espionage and try to detect or punish it, but in terms of giving
resources to the legislators and their staff members in order to protect
themselves, not much, from what I heard during the lobbying meetings.
The staff members do receive official Blackberries, but they and the
legislators also conduct legislative business over ordinary e-mail and
telephone calls, including mobile calls from ordinary smartphones.

I also remember talking to a junior diplomat from a Western European
country at a conference last year.  My impression from him was that
he _did_ have official information security briefings and resources,
but found them fairly rudimentary, and that they didn't really stop
his colleagues from doing appreciable amounts of work over unencrypted
channels.

One challenge for both the legislators and the diplomat was that, even
if they did have some kind of encrypted communications channel to use
for internal communications within their organizations, they often had
to have discussions with people from _other_ organizations and countries,
and nobody had made arrangements to secure those communications.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107



More information about the liberationtech mailing list