On Wed, Jun 3, 2015 at 4:45 PM, Nordgren, Bryce L -FS <[email protected]> wrote:
> > In a corporate context, this makes perfect sense. If I am downloading > company confidential > > material to my laptop, I want to be able to read it on the laptop but I > don't want to accidentally > > send a copy to someone else by doing an unfortunate 'reply all'. > > So another thing to note in security considerations is that this is a > scheme intended to protect well behaved actors who have good habits and an > honest software ecosystem from causing damage due to specific single honest > mistakes. It is not intended to protect against adversaries, well behaved > actors who have sloppy habits, well behaved actors who make more than one > mistake on the same message (reply all + attachment with no > tag/inappropriate tag), or well behaved actors who make a single mistake > from which multiple correlated incorrect actions are derived (misclassify > content -> incorrect content tag/incorrect mailing list). > > In light of these things, I think any language about "ensuring that policy > is followed" or the like should just be expunged. If the target is to > encourage well-meaning partners to do the accepted thing, that's how it > should be presented. As I said to a former director of the NSA recently, the fact that Snowden and Manning had effectively unrestricted access to such a large amount of data is an indictment of both the institution and the approach to controlling information. The classification level of a document is a measure of the ego of the author/classifier, not how important it is to keep it secret. If keeping documents secret causes operational difficulties, people will not attach the security labels necessary to control them properly. Trying to absolutely control the flow of information has a lousy track record. And not just in the US but FOIA means that the US examples are rather more obvious. Trying to lock everything down resulted in security systems so complicated, even an MIT professor was unable to figure them out when he was made CIA director. The lesson we have learned is that imperfect security systems that are acceptable to end users are much more effective than theoretically perfect schemes that users bypass. It is possible that the US federal govt. will learn the same lesson someday. If they ever do, they know where to look.
_______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
