Re: Petraeus

[Rich Kulawiec <rsk () gsp org>]

On Mon, Nov 12, 2012 at 01:17:56PM -0700, phester wrote:
> > 4. If the internal mechanisms of government aren't sufficient to (quickly)
> > catch a very very senior person having an affair -- and doing it
> > incompetently -- then why should we believe that they're sufficient to
> > catch a well-trained, careful, diligent spy?
>
> By reading their personal mails? Should this be done by an
> algorithm, or live person?

a) I would hope that any competent spy would encrypt their email *or*
would use covert channels (possibly over SMTP, possibly not).

b) Of course that still permits traffic analysis, and that certainly
has its counter-espionage uses.  Add geolocation data from headers
and it's even more useful.

c) But to answer your question: both have their features/drawbacks.
Automation scales and doesn't get tired or careless.  But natural
language parsing and pattern recognition is still done better by
humans.  Automation can be hacked, people can be bought.  Automation
is cheap, people are expensive.  So I dunno.

Maybe we should make it a job requirement: you cannot be Director
of the CIA unless you can demonstrate that you're clueful enough
to have an affair and get it away with for at least 6 months.
If you're not at least that crafty, duplicitous, underhanded, sneaky,
careful, etc. then what makes you think you're qualified to run the CIA?

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.