9/19 Session #6: Further Tech Talk
Walid Bin Attash’s Learned Counsel, Cheryl Bormann, pushes on with the afternoon’s tech-laden discussion, and the government’s witness, Brent Glover. She brandishes a demonstrative, which lists several email exchanges: “@ngo.co.uk,” “@luc.edu,” “@yahoo.com,” and so on. Now she asks: how does one communicate, on an encrypted basis, with such addresses?
Published by The Lawfare Institute
in Cooperation With
Walid Bin Attash’s Learned Counsel, Cheryl Bormann, pushes on with the afternoon’s tech-laden discussion, and the government’s witness, Brent Glover. She brandishes a demonstrative, which lists several email exchanges: “@ngo.co.uk,” “@luc.edu,” “@yahoo.com,” and so on. Now she asks: how does one communicate, on an encrypted basis, with such addresses?
Starting with the UK address, Glover says the recipient would have to purchase software or hardware from one of three commercial vendors. There might be other steps, too, depending on what the recipient’s information technology looked like. Alternatively, if the UK entity doesn’t desire to purchase commercial encryption keys, there’s also PGP, remember---though DoD does not support the PGP approach, according to Glover. What about “luc.edu,” or the exchange for Loyola, where Bormann apparently draws on pro bono assistance? For that one would still need to buy encryption hardware and/or software from a vendor, Glover says. Ditto folks operating personal computers, and using Yahoo! or Gmail or other cloud-based email services. The lone exception applies to some educational institutions, and of course to government entities: DoD, Glover says, will furnish encryption materials for those, apparently free of charge.
The lawyer asks a bit about password protection, as between coworkers who employ different versions of software; Glover thinks opening documents would be possible here, but that the user with the older version couldn’t alter a password. Then Borman and the military judge ask about virtual private networks, or VPNs; that can be employed nearly anywhere from a DoD-issued, CAC-enabled computer, and indeed Glover employs that mechanism himself. (When asked, Glover says he doesn’t know whether DoD IT furnishes VPN capability.) More questions then come, on the migration of DoD email accounts; but Glover can’t address a hypothetical posed by Bormann, about encryption and migrated defense email profiles. A few inquiries more, and a few only general responses more, and Bin Attash’s attorney returns to counsel table.
The commission is in recess…for about fifteen minutes.