Official Anonymizing

[Faustine]

John wrote:

>On ZKS selling anonymizing products that are publicly available 
>to governmental officials does raise an issue of whether officials
>should, or should be able to, conceal their official identities when 
>working cyberspace in an official capacity. I think not, though
>it might be as impossible to get officials to comply as with
>terrorists so long as the technology is there.

>Paul Sylverson, at NRL, took me to task recently for outing
>officials, claiming that one of the primary purposes of onion
>routing was to allow officials to conceal their actions in
>cyberspace. I answered that it was my opinion that officials
>had no right to conceal their identity when on the job, not
>the military, not the spooks, indeed, they should be obliged
>to reveal identity in cyberspace when at work, if not of the
>person then of the agency.


Nice thought, but I'll bet it wouldn't happen in a million years. 

And speaking generally on the subject of various people "concealing 
actions", could I just say that I think any company working in this sector 
would be well-advised to take good, hard second look at their internal 
security practices. "Insider threat mitigation" should be every bit as much 
of a concern to you as it is to the DoD. Maybe more so. Their unholy 
quartet of "maliciousness, disdain for security procedures, carelessness, 
and ignorance" applies to your insiders too. It wouldn't hurt anything to 
run a tighter ship, either: what are you doing to get to know who you're 
really working with? What are you doing to ensure you aren't trusting your 
trade secrets to shitheels who'll sell out crucial elements of your design 
to the first person who waves a few dollar bills under their nose? Not 
making any claims about who's doing the selling, who's doing the buying or 
why. But something seriously reeks in Denmark and as a community you really 
need to think about it a little harder.

~Faustine.