Members Login
Username 
 
Password 
    Remember Me  
Fire Shelby Thames -> Fire Shelby Thames -> Fire Shelby Thames -> Faculty, Staff and Students: Protect Your E-mail.
Post Info TOPIC: Faculty, Staff and Students: Protect Your E-mail.
USM_staffer

Date:
Faculty, Staff and Students: Protect Your E-mail.
Permalink Closed

This is my first post to this board but I've been reading it assiduously for quite some time. I want to help.

In the short term, it seems unlikely that anyone can feel secure in their e-mail communications on campus. I am here to offer an interim solution to stand in until real freedom returns to campus.

Below are links to GnuPG-- the Gnu Privacy Guard. This is a free and open method for encrypting files and e-mail. This type of encryption is not breakable with anything less than supercomputer level resources and plenty of time.

First-- the links:

GnuPG main website. Browse it to reassure yourself that the software is above reproach:

http://www.gnupg.org/

WinPT: Windows privacy tools. If you use windows, this is the software that you want to download and install. The "complete package" contains user-friendly tools to manipulate the main software. It includes a plugin for Eudora.

http://winpt.sourceforge.net/en/

Here's a link to setting up Outlook and GnuPG. It involves downloading a (free) third party plug-in. It seems safe but be cautious.

http://trilug.org/~chrish/gpg-outlook.php

Here's a link to a Mozilla plugin (Enigmail) that integrates GnuPG into the mail portion:

http://enigmail.mozdev.org/download.html

I will monitor this message thread and try to help out people who post problems. I strongly encourage you to call the help desk if you encounter difficulties. If they receive hundreds of calls asking how to set up encrypted e-mail, it will send the message that we don't trust the administration not to spy on us.

I will post again immediately following this post with a short synopsis on how modern public key - private key encryption works.

__________________
USM_staffer

Date:
RE: Faculty, Staff and Students: Protect Your E-m
Permalink Closed

Okay, Public-Key Private-Key encryption:

You use the software to generate two "keys". One is your secret key(private-key). Protect this very carefully, if it is compromised then the encryption is worthless. The other key is your public key. Give this to anyone that you want to correspond with. It requires no protection of any kind. Post it on your website!

When someone wants to send you a message, they encrypt it with YOUR public key. The only way to decrypt that message is with YOUR private key. No one else can do so.

If you want to send a message to someone else, encrypt it with THEIR public key. No one, not even yourself can read it after it is encrypted with THEIR public key. They must decrypt it with THEIR private key. I'll give you an example exchange:

Ann wants to send a secret message to Bill. Ann tells Bill "hey, send me your public key." Bill does so since he knows it's safe. Ann uses BILL's public key to encrypt a message and send it to him. Freland intercepts this message, but he can't read it. All he knows is that Ann sent a message to Bill. Bill receives the message and decrypts it with HIS private key.

Hopefully, this little exchange hasn't muddied the waters any. Post questions if you have them.

__________________
Otherside

Date:
Permalink Closed

Thanks for your assistance.
Question:How does the party you are sending the email to read it if it is encrypted?

Otherside

__________________
Otherside

Date:
Permalink Closed

Sorry, you answered my question while I was typing it.

Otherside

__________________
BogusBoy

Date:
RE: Faculty, Staff and Students: Protect Your E-mail.
Permalink Closed

With these tools, does the email stay encrypted if it is stored (for later use by you) on the hard drive? I mean, do you have to be vigilant to keep such saved emails encrypted, or is that a fairly automatic process?



__________________
USM_staffer

Date:
reading encrypted mail
Permalink Closed

Otherside:

The recipient must decrypt the mail before (s)he can read it. Depending on the setup, the e-mail program may do this automatically.

The sender MUST use the recipient's PUBLIC-KEY to encrypt the message. The only thing that can decrypt that message is the RECIPIENT's PRIVATE-KEY.

I know that it's a bit confusing at first. It took a very long time before I got it straight in my head. Just look over the example again. It might help to draw a diagram.

__________________
USM_staffer

Date:
Stored e-mails
Permalink Closed

BogusBoy asked:

"With these tools, does the email stay encrypted if it is stored (for later use by you) on the hard drive? I mean, do you have to be vigilant to keep such saved emails encrypted, or is that a fairly automatic process?"

Good question. It depends to a certain degree on your e-mail client. Some programs offer an option to encrypt the mail to yourself before putting it in the "sent messages". This means that only your Private-key can decrypt it and so it is quite safe from snooping.

Another advantage of installing encryption software is that you can encrypt individual files on your hard drive. So, if you have a particularly sensitive Word document on your computer, you can encrypt it so that snoopers can't read it.

__________________
Angeline

Date:
RE: Faculty, Staff and Students: Protect Your E-mail.
Permalink Closed

I have posted many "rumors" before as I received second-hand information, and in some ways this is no better, but I am now hearing this from a variety of sources, many of them connected directly with iTech (who wish to make it known that they are not monitoring emails). 


To wit: the Pileum Consulting Company is the one monitoring the email and reporting only to Dvorak & Thames.  What has not been stated in this mess is that A. Dvorak essentially ran her own investigation of F&G via Pileum - fox in the henhouse, so to speak.  Pileum must be outed for their role (as well as their other questionable decisions around campus).  It amounts to a secret police force/Shelby's personal CIA. 



__________________
Websitebrowser

Date:
Permalink Closed

quote:
Originally posted by: Angeline
"I have posted many "rumors" before as I received second-hand information, and in some ways this is no better, but I am now hearing this from a variety of sources, many of them connected directly with iTech (who wish to make it known that they are not monitoring emails).  To wit: the Pileum Consulting Company is the one monitoring the email and reporting only to Dvorak & Thames.  What has not been stated in this mess is that A. Dvorak essentially ran her own investigation of F&G via Pileum - fox in the henhouse, so to speak.  Pileum must be outed for their role (as well as their other questionable decisions around campus).  It amounts to a secret police force/Shelby's personal CIA.  "
And now we have the Risk Manager Hanbury reporting directly to the Attorney General?  How deep does this corruption run?  Wasn't the head of Pileum reported to be with President Thames throughout the hearings?  Does no one have the political clout in this state to get this mess cleaned up?

__________________
cindy

Date:
Permalink Closed

I just want to second the information posted by Angeline. Many in iTech are our friends, and they have no part in reading the emails or monitoring the networks. I heard a rumor that the security policy is going to be re-written to protect individual privacy, but I am not sure as to the date. If you have problems, call the help desk; if we overwhelm the dept. with calls about encryption problems, it is bound to be noticed. Thanks, usm_staffer!


Cindy



__________________
Robert Campbell

Date:
Permalink Closed

I wouldn't assume that anyone in the USM administration is going to rewrite the computer security policy that puts so much power in the hands of Thames and his cronies.   It is a sweeping grant of privilege they won't willingly give up


But...


Isn't there something the Faculty Senate could do?  Draft a model computer security policy, publicize it, send it to the upper administration--and dare them not to approve it.


USM's computer security policy is unusually draconian, but that makes it just a little worse than the standard university computer security policy.


And...


on anything you choose not to encrypt, cc: it to Shelby and the gang, and keep doing so as long as the current computer use policy is in force.


Robert Campbell



__________________
USM_staffer

Date:
My Public Key
Permalink Closed

Thought I would put my money where my mouth is and post my public key. If you have encryption software set up you can copy it, paste it into a text editor (like notepad) and save it as a file. Then, just import it into your keyring. My e-mail address should show up when you do that. Encrypt a message that includes your PUBLIC key and send it to me and I'll reply with an encrypted message so that you can test your setup. If you don't want to use your regular mail client, just type up a text file, encrypt it, and attach it to a message you send with your free anonymous web mail (yahoo or hotmail or whatever).


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3 (GNU/Linux)

mQGiBECUAI8RBADaNUTI5xpcqAnwJxzj6o8q6IVJ0u63lEYWD5IcgQJuVkfQhxk0
g0VY2mYvWSHmnuzC0SiVyVPVV5VtUDApzKA3crLzgCgLk1Z/a+VsLalkyVwGX/7s
FNfNvg34AgayL3afsKRVFG6r4M/WHsl07D9cC4sGo6XpaNl0vwmhWg6D0wCgqzhc
5DEjR7hICYnf47gtFgdRkTcD/0usKuxwNLNA3zJPGG9uDBE82Rj96KGH6BR0qYNJ
jGvnl3pf7T1SRu0cRB+Dt5dr0J84PRcnRBkQtuG/Syyo6KRFTrmAb1B2X/t+JVAR
jbHEhMbM4dGxRr4WXmho3UBVQdmH5Qxx9UKb9rgcUe3LgZIAaVdg11KeT2W9b0T6
pCd4A/9aBiowrse5FkK6Bcez9NF3muB0uBMRHlEpeTAci6xijOn5LV/BpdydpDJ4
1ujC9vWK27Zu65bW+VU/6jHwJfeFzajp2Am8Nmxo8w754fyf6Kp5l6aNlW9QO1r1
ZyUH61N3SKE47PbVYKBbkReSgjV0N2oV5xat6tmEKopanWy7nLQlVVNNX1N0YWZm
ZXIgPFVTTV9TdGFmZmVyQGhvdG1haWwuY29tPohbBBMRAgAbBQJAlACPBgsJCAcD
AgMVAgMDFgIBAh4BAheAAAoJEIeKZtMx30VieRMAoJRbEvoFY90ZvAzMN3/UF4NP
fO5QAKCgZjmZnS5Dh+63RwisOCpgpJ0sKbkCDQRAlACUEAgAi5NwcCgqbgxggPQT
RV/uNRFCu8CJT6no3IqOVpbPrdWk1MsHVBJUvAYK4DWRm//nz7CgTwp/OYW5ihPv
tD2rOGeneE786koWDSgv9xCzebXjEJafriAdEYd9QIlA8fEQ8uxOm4Tck1fT1kRk
nJgzrw89beQg5cawysBmAHo+7I2zP0Ax/oikpPYFk5PQ2fK+sT2+nMMj+45QT0Vs
fJBygTpvhw1T8GWtnMGWYwW2upLhZNCrjVAVOYcZ03mUUZqjL9SYxrlktfs7bE6b
btFxTEcYBHaDVYRCWApSOOZfLdr0RsKE2LG3XxpudZw0wsxJM9qGpjQXT8sy47lM
iZH0UwADBQgAg4R6qNZM2x0VbdGqZTvf+6Tqcw6AXuHuJ+9D9chFy/ZquMgXzGr3
Ti2OQw3BA957fF1e0o5R0l566fBp1VeMAKq6k0ihDwP0m6AbvF5Q0RxXdWUvweBD
zPuGuTo84AhaqgvquQwTAtys9PMCf/rWNT+mfYnRirDgrSHOx/C5Hc3rMQXCxkaq
FtrUG6HPrW1Tb0C7Zl+N4nayp6EPfma4DOtsKJ4jnWPdB8861CGB09xdXtf401Su
enCrhD5aZkg5PMacj926ZSrBZyPGYwWct32dmQCWJFq1+QPThB0Mm3uDSh56accl
PCGCKQlXsfg1LXbOZ8wnbsnTpjC2U6gXeIhGBBgRAgAGBQJAlACUAAoJEIeKZtMx
30ViHMYAn1/sDjm3LtJXxe5HG3dc0nbcJKUZAJ9kzK0GNKzuKKpm8AEQr+Hlckzj
Vw==
=fg+0
-----END PGP PUBLIC KEY BLOCK-----


__________________
stephen judd

Date:
RE: RE: Faculty, Staff and Students: Protect Your E-mail.
Permalink Closed

quote:
Originally posted by: Robert Campbell
"I wouldn't assume that anyone in the USM administration is going to rewrite the computer security policy that puts so much power in the hands of Thames and his cronies.   It is a sweeping grant of privilege they won't willingly give up But... Isn't there something the Faculty Senate could do?  Draft a model computer security policy, publicize it, send it to the upper administration--and dare them not to approve it. USM's computer security policy is unusually draconian, but that makes it just a little worse than the standard university computer security policy. And... on anything you choose not to encrypt, cc: it to Shelby and the gang, and keep doing so as long as the current computer use policy is in force. Robert Campbell"

Faculty Senate has requested consultation on the rewrite of this policy but I agree, I think we just need to rewrite and send a draft to the admin and to I tech with a letter asking for a meeting.


 



__________________
Robert Campbell

Date:
Permalink Closed

Stephen,


When a university is operating normally, it makes sense for the Faculty Senate to take a consultative role in a lot of things.


But USM is not operating normally, and the Faculty Senate can do a lot of good by taking the lead on reforming the computer use policy.


If the FS comes up with a model computer use policy, and Thames turns it down--or moves to dissolve the Faculty Senate over it--he will make himself look worse in the media, and intensify the resolve of those who want him removed from power.


Robert Campbell



__________________
sharkfin

Date:
RE: Faculty, Staff and Students: Protect Your E-m
Permalink Closed

does this stuff work for macs?


__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
Fire Shelby Thames -> Fire Shelby Thames -> Fire Shelby Thames -> Faculty, Staff and Students: Protect Your E-mail.
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard