Reply From: Lawrence Hughes <lawrence.hughes@mindspring.com>
Concerning the issue about IRS sending sensitive info over the line
unencrypted... some years ago I (and a certain well known security expert
now famous for his writings on information warfare) responded to an IRS
RFP for a secure communications system (think of it as a Crosstalk-like
program with hardware DES encryption). We built, and the IRS signed off
on, exactly such a system. Alas, Congress never actually authorized the
funds for this. This all took place about 10 years ago. When Congress
screwed us, we tried selling the product direct to the public. We ran one
ad in PC Magazine (for about 25K). We got LOTS of responses.
Unfortunately, most of them were from outside the U.S. Another friendly
branch of the government (based in Ft. George Mead, Md.) informed us that
under NO circumstances would they allow any of our secure versions to
leave the U.S. ("too strong"). As a direct result of the IRS deal falling
through, and being denied access to the only market that responded, my
venture failed. So much for claims that export restrictions don't harm
U.S. software companies.
NOW whose fault is it that sensitive info is being sent unencrypted?
Lawrence Hughes
-----Original Message-----
From: mea culpa <jericho@dimensional.com>
Date: Friday, January 15, 1999 12:19 AM
>A List of Problems
>
>But the GAO said "serious weaknesses" remain. Among them:
> * Computer hackers could access IRS data with relative ease
> because information isn't encrypted before it is transmitted
> over telephone lines. IRS says it has no evidence such a crime has
> occurred.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:00:34 1999