[Cryptography] Insecure email might be an even bigger problem than we suspected
Tom Mitchell
mitch at niftyegg.com
Thu Oct 6 16:09:56 EDT 2016
On Wed, Oct 5, 2016 at 2:28 PM, mok-kong shen <mok-kong.shen at t-online.de>
wrote:
> Am 04.10.2016 um 01:32 schrieb Ray Dillinger:
>
>>
>> I must confess that I've given up on mobile phone security
>>
> .....
>
>> Sometimes opting out is a reasonable choice.
>>
>
> But location tracking is also feasible even in case of a stupid
> mobile phone.
Yet the location of a POT is physical and fixed.
Perhaps a phone with a removable battery.
Location services for emergencies are essential.
Location services that invade life not.
My old flip phone has no GPS but it has an easy
to access battery compartment. It would be quite easy
to make an adapter with a switch. Cell tower spoofing is
part of law enforcement's tool kit so it seems that cell tower
location logs could be called into question.
The dumb thing about smart phones is the battery life.
I often shut mine down as a result.
In meetings and class rooms I use OFF rather than a silent mode.
Reception is so often terrible that the phone is hunting it's little brain
away so off is a win for battery life.
On the security side of things we should watch the impact of
the storm on the US east coast. Reliable communications are critical
for safety. Location services can be valuable....
Watch the legal process -- propose laws or pose questions that manage and
audit
data access by law enforcement. Documentation, need, criteria, misuse is
well balanced
by punishment. Extra ordinary events seem to be the gate for abuse of
process.
Process should facilitate good and necessary behavior and block the bad
individuals
that have some keys and appear to be in authority.
Communication from shelters, is it facilitated or are shelters warehoused
individuals in limbo.
SMS if nothing else should just work.
Today I heard that some DOT regulations ware being suspended in FL, GA & SC.
That is wrong what I want to hear is DOT regulations have a plan for
emergencies.
i.e. We ( a governor in this case) are invoking these planned and
documented emergency
rules based on documented criteria to facilitate the transport and delivery
of emergency goods.
It is a subtle mind set change that I believe is necessary.
Encryption of first-responder and emergency management communications. Was
encryption used, necessary, reliable, did it hinder or help? Were these
communications logged and audited or does secrecy hide details necessary
to plan for the next event? Compartments? Agencies?
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161006/a0b51a24/attachment.html>
More information about the cryptography
mailing list