Friday, July 26, 2013

What the NSA is doing to SECURE your e-mail

From what I understand, the NSA has been mentioned in the news recently. To sum up the story, President Obama, Speaker Boehner, and everyone else believes that it is in our national interest for the government to log every single telephone call, e-mail, text, Pinterest posting, or whatever. More or less. Although perhaps they drew the line at sexting messages.

But that's not all that the NSA is doing regarding e-mail.

I ran across a piece in Homeland Security News Wire that talked about a research paper:

The author of a paper to be presented at the upcoming 2013 International Human Factors and Ergonomics Society Annual Meeting, to be held 30 September-4 October in San Diego, has described behavioral, cognitive, and perceptual attributes of e-mail users who are vulnerable to phishing attacks....

Kyung Wha Hong discovered that people who were overconfident, introverted, or women were less able accurately to distinguish between legitimate and phishing e-mails.


I looked up Ms. Hong (who is not the sole author of the paper, but is the lead author), and discovered that phishing is not her primary interest. But when she talked about her interest in phishing, I found out something else:

I'm also currently working as Research Assistant for a project funded by National Security Agency on developing phishing susceptibility profiles and anti-phishing tools.

Did you notice who was funding that particular project? More information is provided in this 2012 press release:

North Carolina State University, the University of Illinois at Urbana-Champaign and Carnegie Mellon University are each receiving an initial $2.5 million in grant funds from the U.S. National Security Agency (NSA) to stimulate the creation of a more scientific basis for the design and analysis of trusted systems....

It is widely understood that critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably.


So, on the one hand, the NSA is working on programs to advance online security science.

On the other hand, the NSA is working on programs that break that same security science.

Now do you see why I'm not worried about a vast government conspiracy in which multiple agencies gang up on the people? Even a single agency can find itself at cross purposes with itself.
blog comments powered by Disqus