John wrote:
On ZKS selling anonymizing products that are publicly available to governmental officials does raise an issue of whether officials should, or should be able to, conceal their official identities when working cyberspace in an official capacity. I think not, though it might be as impossible to get officials to comply as with terrorists so long as the technology is there.
Paul Sylverson, at NRL, took me to task recently for outing officials, claiming that one of the primary purposes of onion routing was to allow officials to conceal their actions in cyberspace. I answered that it was my opinion that officials had no right to conceal their identity when on the job, not the military, not the spooks, indeed, they should be obliged to reveal identity in cyberspace when at work, if not of the person then of the agency.
Nice thought, but I'll bet it wouldn't happen in a million years. And speaking generally on the subject of various people "concealing actions", could I just say that I think any company working in this sector would be well-advised to take good, hard second look at their internal security practices. "Insider threat mitigation" should be every bit as much of a concern to you as it is to the DoD. Maybe more so. Their unholy quartet of "maliciousness, disdain for security procedures, carelessness, and ignorance" applies to your insiders too. It wouldn't hurt anything to run a tighter ship, either: what are you doing to get to know who you're really working with? What are you doing to ensure you aren't trusting your trade secrets to shitheels who'll sell out crucial elements of your design to the first person who waves a few dollar bills under their nose? Not making any claims about who's doing the selling, who's doing the buying or why. But something seriously reeks in Denmark and as a community you really need to think about it a little harder. ~Faustine.