Re: Screening Outgoing Mail for Content6

["Joseph S. D. Yao" <jsdy () cospo osis gov>]

> I went back and re-read this thread... what about people just using PGP
> to encrypt thier mail?

The whole point of my headache-rendering text mangling was that it
doesn't take much to defeat a dictionary-based "objectionable exports"
program.  PGP encryption will do it, too, of course.  Steganography: of
course.  Simple book-based codes.  The latter two have the advantage of
LOOKING innocuous to the liveware scanner.  However, who's going to
enforce a prohibition on all PGP communications?  Even NSA uses it now,
I hear.

First, as many have noted, you have to get buy-in.  That will require a
Company Security Policy that We Will Enforce.  It almost has to be
through training people to understand that the computers are there for
(surprise!) work, and that the staff will do their best to ENABLE work,
but to BLOCK things that might be counter-productive to the Company's
best interests.  Etc., Etc., Etc.

A lot of these problems require a first line of defence at the liveware
level, and relying on technology as a backup to that.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.