Interesting People mailing list archives
IP: CIA Director Deutch and MLS from Risks Digest 20.78
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 07 Feb 2000 15:20:14 -0500
Date: Tue, 1 Feb 2000 09:40:14 -0500 (EST) From: Jeremy Epstein <jepstein () monumental com> Subject: CIA Director Deutch and MLS An article in *The New York Times* 1 Feb 2000 details former CIA Director Deutch's use of unclassified Macintosh computers in his homes to store thousands of highly classified documents on the same computer he used to access AOL, Citibank's personal banking service, and other services. The investigation seems to have been delayed and perhaps limited as a result of Deutch's position. It's old hat that personal computers (be they Windows, Macintosh, or UNIX-based) are inherently unsuitable for Multi-Level Security (MLS). What we see here is that even though all the proper procedures were in place, the human element is sufficient to undermine all of the technical controls. As long as we have people, we'll have RISKS! Full article at http://www.nytimes.com/yr/mo/day/news/washpol/cia-impeach-deutch.html [Multilevel security may not seem to be an issue here *internally* because John Deutch had access to all of the information on his systems, considered as SYSTEM HIGH -- that is all logically at the highest level. However, surfing the (unclassified) Web is clearly a NO-NO from such a machine. RISKS readers are of course familiar with the risks of Web browsing. However, an added note in this case was the report that the visited sites included a porn site. Deutch apparently denied having accessed porn any sites, suggesting that it might have been done by one of his offspring? If that is indeed true, it would make the presence of highly classified information on a multiuser workstation even more untenable. (On one hand, even if such a PC claimed to be multilevel secure, that would be a VERY BAD misuse. On the other hand, RISKS readers know how one can be duped into visiting sites other than what was expected, as in clicking on whitehouse.com instead of whitehouse.gov, or in clicking on a Trojan-horsed URL.) PGN]
Current thread:
- IP: CIA Director Deutch and MLS from Risks Digest 20.78 Dave Farber (Feb 07)