USAF Colonel: Starbucks WiFi Is More Secure Than The Pentagon Network

from the thanks-a-latte dept

Some of the major issues raised during this NSA debacle have gone beyond the question of if the government should be collecting all of this data on roughly all the people to where this data is stored, what's done with it, and how access to it is controlled.They are big questions, because no matter what you think about the surveillance programs perpetrated against the American people, any inability to secure the information collected by the government should be an automatic deal-killer. So, how secure is data on government systems in general? Eh, go grab a cup of coffee before I tell you.

Because while you're at your local Starbucks, the free WiFi offered to you provides some of your answer, at least according to one US Air Force Colonel in charge of providing legal defense for accused 9/11 conspirators. She says the Pentagon's network wasn't as secure as Starbucks'.

Col Mayberry ordered her team of lawyers to stop putting sensitive documents on that system in April, citing their ethical obligation to protect confidentiality. The lawyers have since been using personal computers to email documents from coffee shops and hotel lobbies. Col Mayberry cited evidence that defence files had been lost or altered, prosecutors and defence lawyers were temporarily given access to some of each other's emails, and outside monitors tracked defence researchers' work as they visited terrorism-related sites to prepare for the case.

"It's not speculative or hypothetical," Col Mayberry said. "It happened."
Well isn't that a kick in the hard drive? The two possibilities, that either defense files were accessed by parties outside of the military or federal government, or that someone within the military and/or government was poking mortar-sized holes in the legal rights of the accused, each present their own frightening problems. But the result is the same. The same government that wants us to accept that information about us should be collected can't secure the systems on which that data is stored enough to protect our rights.

The prosecution predictably slammed the defense team, asking if they weren't "concerned about the nice man in the green apron looking over" their shoulders as they worked. Here's a fun thought experiment. Imagine you're on trial and you have two people to choose from to look at your defense team's information, strategies, etc. One is a barista. The other is a shadow of a profile picture, by which you can't determine who the hell is reviewing this stuff. Which one do you choose? Barista, or mystery avatar?

The point is that a government inept enough to have the kind of laughable security for legal proceedings sure as hell can't be trusted with my phone records. Period, paragraph, end of story.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Josh in CharlotteNC (profile), Oct 1st, 2013 @ 1:09pm

    "The point is that a government inept enough to have the kind of laughable security for legal proceedings sure as hell can't be trusted with my phone records. Period, paragraph, end of story."

    1000 times this. Huge amounts of data like the NSA has on people would be a treasure trove for identity thieves and hackers using social engineering. It's bad enough the government has it, let alone that they can't secure it.

    It's not far fetched to think that hackers could get at those databases. Foreign governments probably already can access it just like Snowden did. Kevin Mitnick listened in on FBI agent's phone calls. As I posted in chat last week, hackers have had long term access to LexisNexis's and other big data companies' databases ( http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ ).

    So when the NSA's database is inevitably breached - if it hasn't been already, are they going to sign me and 300 million others up for a year of free credit monitoring? I somehow doubt it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rapnel (profile), Oct 1st, 2013 @ 3:34pm

      Re:

      But it already has been hacked and that by the weakest link in the security chain: from inside.

      It's been hacked to justify watch lists.

      It's been hacked to justify itself.

      It's been hacked to (re)justify drug and tax issues.

      It's been hacked through and through by a process that is far from democratic.

      National Security has hacked the nation.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    crash2parties (profile), Oct 1st, 2013 @ 2:28pm

    Well...

    While I agree with the philosophical arguments regarding our government & data collection, all Starbucks does is connect you to the Internet. Not exactly a fair comparison. And, how do we know that there isn't a proxy involved somewhere between the coffee place and the Internet? You know, that one where you agree to the coffee shop's terms and conditions...?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 1st, 2013 @ 2:59pm

    Government IT security in general

    is awful.

    I mean, truly awful, mind-boggingly, pervasively, persistently, awful in a way that should make anyone with the slightest clue want to run, not walk, to the nearest bar and start downing scotch by the bottle.

    It's pretty much a catalog of worst practices, whether it's the feds using 10-year-old unpatched operating systems, the states relying on unidirectional firewalls, or cities with network gear still happily configured with default passwords.

    In nearly every case, the best remediation strategy would be to run to the nearest university and ask a junior-level CS class to re-engineer the whole setup. They couldn't possibly do worse than what's in place.

    That won't happen, of course: it'll either be a combination of denial and obfuscation, or they'll pay some vendor $120M to replace the old terrible shit with new terrible shit.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      PRMan, Oct 1st, 2013 @ 3:38pm

      Re: Government IT security in general

      "ask a junior-level CS class to re-engineer the whole setup"

      How do you think they got there to begin with?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 1st, 2013 @ 3:27pm

    "asking if they weren't "concerned about the nice man in the green apron looking over" their shoulders as they worked."

    Well, let's see, whoever passes for the system admin of a coffeehouse with a wi-fi connection is unlikely to be interested in the case work of a few lawyers. Even if they were, their ability to impact a case would be extremely limited.

    Yeah, not very concerned.

    Unknown government persons on the other hand are much more likely to be interested in the case work of some government lawyers, and be in a position to impact the case.

    Yeah, much more concerned.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Hot Dog Tied To A Post, Oct 1st, 2013 @ 4:00pm

    You can trust US

    Read in a slow undulating drawl:

    You can trust US, we are the government. We are here to look after you and protect you. We would never ever do anything wrong. We always look after your privacy because we really really care about you and your family. We don't want anything to happen to you because we are the good guys.

    End slow undulating drawl.

    There is a man who occasionally told a security related story about when he was in the Navy. He worked at a secure facility where it was required that your photo id was to be checked manually before going through. The security staff just waved you through. He got a bit upset about this and decided to push the matter. He cut out a gorilla face and put in on his pass. When he next went through the security check, he presented the pass and asked them a couple of times to check his id. They just tried to wave him through. Everything hit the fan because a senior officer came up behind him and wanted to know what was happening. Well, you can imagine what happened next.

    I know of another centre where the security guard (who just happened to be an Irishman) would let you through to the main doors if he recognised you. But until you presented the correct level of id, he would not allow you to go any further, no matter who you where. This included the CEO. No appropriate pass no entry. To allow non-passed people into the centre, written authorisation from the centre management was required and if this was not forthcoming, that was where you stayed.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 1st, 2013 @ 4:15pm

    Funny. But...

    ...it also sounds like a Starbucks endorsement. Not for the coffee, per se, but for their wifi. What possible reason could the authorities want to encourage folks to feel really comfortable using Starbuck's wifi? Sounds ludicrous given the all-access pass the NSA has to all Internet info, but "ludicrous" seems to be the MO for gov't agencies sporting three-letter acronyms. I'm sure the FBI would very much like their job to made easier somehow.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 1st, 2013 @ 4:24pm

    "Starbucks WiFi Is More Secure Than The Pentagon Network"

    and it probably costs a few million dollars less too (at best).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 1st, 2013 @ 5:09pm

    Any surprises here? I doubt it!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    any moose cow word, Oct 1st, 2013 @ 10:01pm

    Just more of the same... They only care about data security when it effects them personally, the same reason why congress got their panties in a bunch over the warrantless spying.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Oct 2nd, 2013 @ 4:04am

    So if I go to the nearest Starbucks I can safeky surf the net without the NSA spying on me (it's more secure, right?).

    Too bad I hate Starbucks. Damn bland coffee.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    HOW TO HACK WIFI EASILY, Oct 4th, 2013 @ 10:35pm

    thank's for sharing this topic whit us


    http://www.youtube.com/watch?v=BTzONnXXdqc

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This