On Jun 6, 2013, at 6:28 PM, Leo Bicknell <bicknell@ufp.org> wrote:
On Jun 6, 2013, at 8:06 PM, jim deleskie <deleskie@gmail.com> wrote:
Knowing its going on, knowing nothing online is secret != OK with it, it mealy understand the way things are.
While there's a whole political aspect of electing people who pass better laws, NANOG is not a political action forum.
However many of the people on NANOG are in positions to affect positive change at their respective employers.
- Implement HTTPS for all services.
not just externally exposed services -- or use some form of strong crypto on your inter-data center traffic.
- Implement PGP for e-mail. - Implement S/MIME for e-mail. - Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine. - Create better UI frameworks for managing keys and identities. - Align data retention policies with the law. - Scrutinize and reject defective government legal requests. - When allowed by law, charge law enforcement for access to data. - Lobby for more sane laws applied to your area of business.
The high tech industry has often made the government's job easy, not by intention but by laziness. Keeping your customer's data secure should be a proud marketing point.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/