This is all fine, but seriously the outcome should be just use Qubes - what other game is there in town?
With a modest amount of EP funding and institutional support to customize, within 6mths MEPs could have the most secure installable FLOSS laptop OS in world, with a suite of EP apps locked down in separate VMs, on Debian template, using SplitGPG in T-Bird, and Disposable VMs by default for opening attachments. That means an attack surface ~100x less than any other desktop OS. With a seamless Windows HVM for compatibility if they really need. BTW - I pitched Qubes to DIGIT, but given the cold shoulder - I think they were frightened to go down road of exploring systemic vuln of Windows installed base Caspar (Qubes Policy Adviser) On 04/14/15 13:30, JOSEFSSON Erik wrote: > > Dear all, > > > > Please find below a draft text for proposing that the EU should > allocate money under the Pilot Project budget line for developing a > threat model for MEPs. > > > > A glimpse of what was decided to spend money on last year can be found > in the first Commission interim report on the implementation of Pilot > Projects and Preparatory Actions 2015: > > > > http://www.europarl.europa.eu/meetdocs/2014_2019/documents/imco/dv/first_iterim_report_2015_03_04_/first_iterim_report_2015_03_04_en.pdf > > > > Comments on the text below are most welcome , in particular if made in > public on [email protected] <mailto:[email protected]> > > > > Budget estimates for the Pilot Project as described would also be very > helpful. > > > > Thank you for your time. > > > > //Erik > > > > *** > > A Threat Model for MEPs > > > > Every citizen needs to understand how to use new technology in a safe > way[1]. MEPs are not different in that regard. They too need to master > both their internal and external communications in a way so that they > do not put anyone or anything at risk, including themselves[2]. > > > > The purpose of this Pilot Project is to increase the understanding of > threats to safe communications. It will do so by developing a threat > model for MEPs that takes into account EP specific procedural, > institutional and constitutional constraints[3] as well as the threat > from internal and external adversaries both at work, during travel and > at home. Further, the threat model shall be construed so that its > assessments can be independently verified and validated by any third > party[4]. > > > > The threat model will be accompanied with a recommendation with > regards to measures MEPs can take to mitigate identified threats, in > particular measures including the use of Free Software, Open Standards > and Encryption. In addition, the recommendation shall include an > overview of which of the measures that could enable European > businesses and institutions to better master their internal and > external communications. > > > > The Pilot Project will also make a comparative study of how the > average MEP communication tools inventory performs further to the > recommendation in comparison with a reference inventory strictly based > on Open Standards and purely built from Free Software, and, if > possible at the time, Open Hardware[5]. > > > > [1] Surveillance Self-Defense > https://ssd.eff.org/en/glossary/threat-model > <https://ssd.eff.org/en/glossary/threat-model> > > [2] LIBE Committee Inquiry on Electronic Mass Surveillance of EU > Citizens (see e.g. point 101) > https://polcms.secure.europarl.europa.eu/cmsdata/upload/7d8972f0-e532-4b12-89a5-e97b39eec3be/att_20141016ATT91322-206135629551064330.pdf > > [3] Ensuring utmost transparency - Free Software and Open Standards > under the Rules of Procedure of the European Parliament > http://www.greens-efa.eu/fileadmin/dam/Documents/Studies/eut-print.pdf > > [4] Software verification and validation according to Wikipedia > https://en.wikipedia.org/wiki/Software_verification_and_validation > > [5] FreedomBox v0.3 Released! > https://www.freedomboxfoundation.org/news/FreedomBox-0.3/index.en.html > > *** >
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
