RE: Suggestions for a more privacy conscious email provider

["Naslund, Steve" <SNaslund () medline com>]

There are all kinds of factual issues with the arguments in the referenced document.

1.  During Desert Storm I personally sent hundreds of STU-IIIs to the sandbox.  They didn't go in diplomatic pouches, 
they went as Air Force cargo like everything else.  The State Department did not have to "smuggle" anything.  They use 
diplomatic pouch as a way to prevent the receiving country from inspecting the shipments.  This is common for all 
cryptographic devices, classified or not.  Also commonly used for Playboy magazines and bottles of scotch going into 
Saudi Arabia.

2.  Treason is not applicable here because there must be a declared war.  Treason requires interaction with a declared 
enemy during a time of war.  I know that term gets thrown around haphazardly lately but it is a very specific legal 
term.

3.  Asking a government agency act as the KDF is so demonstrably brain damaged we don't even need to go into the 
problems with that.  They have shown that:

        a. They are not interested in keeping your data secure, in fact they would like to keep as much of it in their 
databases as possible.

        b.  Most of the organizations you listed have been breached multiple times and receive failing grades under 
their own IT standards for security.

        c.  International organizations are even worse.  So, if my keys are stored by the IEEE does that mean that only 
countries that are part of the United Nations can get access to my data.  I feel much better now :)

4.  Sending a device or technology out of the US does not equal an export under ITAR.  In your example, if a device is 
going to be used by US Government employees or military personnel and kept under their control, it is not an export.  
As a matter of fact a US company can use export restricted software and hardware in foreign countries in most cases if 
it is under to control of US Nationals.  i.e. US company can use high encryption licenses for Cisco devices inside of 
China branch offices to secure their VPN connections.  My company has this in writing, we did all of the appropriate 
export paperwork and then was told it was unnecessary since the software remains under the control of US nationals (of 
course they know that all the foreign intel agencies already have it so they are not worried about James Bond sneaking 
in the middle of the night to reverse engineer it).

5.  The DirNSA has a vested interest in the collection of intelligence and the security of US GOVERNMENT systems as his 
primary responsibilities.  Securing US private entities is way down his list of priorities and if in conflict with his 
primary missions will take a back seat.  Not treason my friend just focus on his mission. 

Steven Naslund 
Chicago IL

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Brad Knowles
Sent: Monday, December 04, 2017 4:55 PM
To: valdis.kletnieks () vt edu
Cc: nanog () nanog org; Grant Taylor
Subject: Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:51 PM, valdis.kletnieks () vt edu wrote:

> > Do I count?  I only accused the Director of the NSA of High Treason 
> > in my letter to the editors of the Communications of the ACM (see 
> > <http://www.shub-internet.org/brad/cacm92nov.html>).
>
> Treason fail.  What declared enemy of the US did the Director provide 
> aid and comfort to?