There are all kinds of factual issues with the arguments in the referenced
document.
1. During Desert Storm I personally sent hundreds of STU-IIIs to the sandbox.
They didn't go in diplomatic pouches, they went as Air Force cargo like
everything else. The State Department did not have to "smuggle" anything.
They use diplomatic pouch as a way to prevent the receiving country from
inspecting the shipments. This is common for all cryptographic devices,
classified or not. Also commonly used for Playboy magazines and bottles of
scotch going into Saudi Arabia.
2. Treason is not applicable here because there must be a declared war.
Treason requires interaction with a declared enemy during a time of war. I
know that term gets thrown around haphazardly lately but it is a very specific
legal term.
3. Asking a government agency act as the KDF is so demonstrably brain damaged
we don't even need to go into the problems with that. They have shown that:
a. They are not interested in keeping your data secure, in fact they
would like to keep as much of it in their databases as possible.
b. Most of the organizations you listed have been breached multiple
times and receive failing grades under their own IT standards for security.
c. International organizations are even worse. So, if my keys are
stored by the IEEE does that mean that only countries that are part of the
United Nations can get access to my data. I feel much better now :)
4. Sending a device or technology out of the US does not equal an export under
ITAR. In your example, if a device is going to be used by US Government
employees or military personnel and kept under their control, it is not an
export. As a matter of fact a US company can use export restricted software
and hardware in foreign countries in most cases if it is under to control of US
Nationals. i.e. US company can use high encryption licenses for Cisco devices
inside of China branch offices to secure their VPN connections. My company has
this in writing, we did all of the appropriate export paperwork and then was
told it was unnecessary since the software remains under the control of US
nationals (of course they know that all the foreign intel agencies already have
it so they are not worried about James Bond sneaking in the middle of the night
to reverse engineer it).
5. The DirNSA has a vested interest in the collection of intelligence and the
security of US GOVERNMENT systems as his primary responsibilities. Securing US
private entities is way down his list of priorities and if in conflict with his
primary missions will take a back seat. Not treason my friend just focus on
his mission.
Steven Naslund
Chicago IL
-----Original Message-----
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Brad Knowles
Sent: Monday, December 04, 2017 4:55 PM
To: valdis.kletni...@vt.edu
Cc: nanog@nanog.org; Grant Taylor
Subject: Re: Suggestions for a more privacy conscious email provider
On Dec 4, 2017, at 4:51 PM, valdis.kletni...@vt.edu wrote:
>> Do I count? I only accused the Director of the NSA of High Treason
>> in my letter to the editors of the Communications of the ACM (see
>> <http://www.shub-internet.org/brad/cacm92nov.html>).
>
> Treason fail. What declared enemy of the US did the Director provide
> aid and comfort to?
