On Jan 4, 2011, at 10:05 AM, Aaron McCaleb wrote: > Eh....not so much. An admin certainly cannot maintain a mail system > without having the capability to look at the senders, recipients and > subjects of other people's mail, but enforcing use of PKI encryption > would protect the actual message bodies, in theory.
As the keeper of the PKI, and therefore the keys to the kingdom, they could read the message bodies, too. In fact, they would have to be able to read the message bodies, in order to be able to comply with certain types of law enforcement demands. > But this is > getting off topic, and these are still educational and outreach > issues. Agreed, this is a rathole that we don't need to go down into at the moment. ;-) > OK, I think this is a good, concrete example of how to advance the > professional interests of system administration. But the next > question will be, "What do we do about it?" Assuming we had the > resources, do we lobby for legislative change? Do we establish a fund > to assist with legal expenses for defense of system administrators so > accused? For this discussion (trying to stay focused on the question > I offered), a concrete example is likely good enough. IMO, the setting of curriculum and helping to enhance proper education of people in the field is one thing we should be looking at. On the PIO side, I would say that we could keep an eye on current affairs and prepare news releases on related subjects. The most recent case that I can think of that would be relevant would be the one involving Terry Childs and his refusing to hand over administrative passwords to San Francisco's city network. We wouldn't necessarily have to take a particular side on a case like that, but for example I think we should be able to highlight the issues that are relevant for systems administrators, and perhaps what the criteria should be for determining whether it is dangerous for a system administrator to hand over the administrative passwords and what kinds of procedures they might follow in such a case. Personally, I don't think that we have a snowball's chance of getting anyone to pay attention to us on the legislative side until such time as we have gotten our name out there -- repeatedly, over a long period of time. We have to demonstrate credibility before anything else. -- Brad Knowles <[email protected]> LinkedIn Profile: <http://tinyurl.com/y8kpxu> _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
