[LINK] [PRIVACY] [apfma] AAP: AFP to use DPI to collect email metadata

Frank O'Connor francisoconnor3 at bigpond.com
Tue Dec 10 18:39:11 AEDT 2013 

On 10 Dec 2013, at 6:14 pm, Richard <rchirgwin at ozemail.com.au> wrote:

> 
> The AFP has a need to make sure its *own* employees aren't abusing their 
> connections ... look, for eg, at how many "abusive / sexist e-mail" 
> scandals we've seen in Defence and various police forces in the country.
> 

Well, yeah .... but:

1. If you control the SMTP, POP, IMAP and whatever other mail servers you use it’s a simple matter to copy the data stream (and even convert them into individual mail items ... shock! horror!) as it arrives, and when it leaves, and back up to file, simply by messing with the server settings. This is a FEATURE of most server software, and makes acquisition of said software not necessary.

2. The only conceivable use for software like that outlined, for the purposes you outline, is to monitor direct client-to-client mail, messaging, chat (IRC or proprietary), or whatever, that occurs without the services of a server (mail, web or otherwise). Of course they could simply block the offending traffic using  their firewalls and proxy servers if it was of concern - so the outlines package wouldn't be needed.

3. If they are talking about intercepting ENCRYPTED e-mail and text traffic, then what they'd be looking for is a decryption package. Seems to me that's a hell of a lot of expense and effort to go to, especially if the internal traffic stats don't support the fact. I mean, how many cops are likely to be calling attention to themselves by either sending or receiving encrypted e-mail at work? The mere fact that such traffic occurred would have Internal Affairs or whatever they call it in the AFP down on your butt like hungry blowflies.

The point is that the acquisition doesn't make a hell of a lot of sense if it's to be directed internally in the AFP as an 'employee management solution'. Of course it could just be another example of the government falling for the sales pressure and line of a low and cunning commercial supplier, but I'd like to believe that the AFP IT people were a little bit more competent than that.

Just my 2 cents worth ...
---

More information about the Link mailing list