[tor-relays] Feedback wanted: letter to my university's library
Scott Bennett
bennett at sdf.org
Thu Oct 5 08:30:31 UTC 2017
William Denton <wtd at pobox.com> wrote:
> On 4 October 2017, Scott Bennett wrote:
>
> > Let me give an example. I have for at least ten years asked my local
> > public library to provide a) a secure shell client, b) a secure web browser
> > for ordinary use where anonymity is not a concern, c) a secure FTP client,
> > and d) the TBB for use by those who desire anonymity. They have always
> > refused to budge. They run an unsecurable OS on their public computers. They
> > provide only Internet Explorer for web access. I'm unsure whether they still
> > allow any FTP access at all. As you can imagine, they have severely limited
> > the usefulness of their computers to the library patrons they claim to serve.
> > I could not, for example, submit my on-line application to renew my flight
> > instructor certificate via the library's computers.
* I missed a beat here. The procedure for renewing a flight instructor
certificate on-line includes an FAA requirement to "digitally sign" the web-
based application for renewal. The procedure is a farce that bears no
resemblance to what the security community understands to be a digital
signature. That also means that the FAA may *not* be in compliance with the
federal government's own standard
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
The fact that the FAA's system is not in compliance with the above referenced
federal standard means that the FAA may possibly be in violation of the
Computer Security Act of 1987 and/or the Information Technology Reform Act of
1996. But it was recommended to me by [identity withheld] that I *not*
contact the FAA to point out this problem to them in hopes of getting them to
correct it because they *allegedly* might revoke my instructor certificate for
not "properly" representing the FAA's view of things. IOW, representing the
NIST's [correct] view of things could get me punished by the FAA. I stress
here that I do not know whether that recommendation was accurate in its claim,
but I think it clearly illuminates the climate of fear and distrust that
exists toward all levels of government in the USA these days. If simply
posting this here gets my CFI revoked, I will (attempt to) let you know.
(Actually, I'm not terribly worried, but I have to admit to the possibility.)
> > They have refused to let me speak with those making the decisions about
> > what is provided on their public computers, much less to make an organized
> > presentation to them. I was told that the decisions about software on the
> > computers are made by the library board, not even by the IT staff. What is
> > a good approach to get better results?
>
> I fear there is nothing you can do. If they're like that, it's not going to
> change until there's a new chief librarian or head of library IT. Public
> libraries can be terrible for problems like this. When the right person is in
> the right job, they can move fast and experiment, but that's rare. When a
> library thinks offering only IE is the right thing to do, Tor must terrify them.
I was afraid that would be the response a presumably honest, IT-aware
librarian might give, but I didn't know until now. Sigh. Thanks for the
clear answer. :-( FWIW, my guess is that the board is way too clueless to
be terrified, but rather that they simply are so hostile to any change,
especially when proposed by someone not a library employee, that they simply
cannot permit it, regardless of any other considerations. That's, again, only
my guess, but I'm somewhat attached to it by experience. :->
>
> But if you can't speak to the public library board there's a problem much bigger
> than what they run on their computers! That is just not right. Public
My thoughts exactly.
> libraries have to be responsible to their public. Could your city councillor
This is Illinois. "Governmental bodies" and "responsible to their
public" are incompatible sentencemates here. Please try your luck again.
(Hint: land (,re}development deals are often viewed favorably.) This is
the state that requires budgets to be balanced, but where lack of *any*
budget for nearly three fiscal years was not considered a breach of the
state constitution.
> help? The local newspaper?
My city councilcritter has generally been unreceptive to my suggestions
on all issues I have ever discussed with him. The local newspaper was bought
up long ago by one of the media oligarchs. It is marginally useful for local
news only, but not at all worth its price. Most people don't bother with it,
so even if the handful of local reporting staff and editor were agreeable, it
would likely matter not a whit. Much there has changed unrecognizably since
the days before it was bought out.
>
> Good luck! It's a shame your local library is ignoring someone with your
> expertise.
>
Thanks, Bill. Perhaps talking these things up with local social activists
with more energy than I have these days might be worthwhile. This *is* a
university town, after all. :-} I'll have to look into that angle a bit more,
I guess.
My apologies to the list for straying so radically far off topic. To
those offended by my cynicism, I recommend you wise up on your own initiative
lest you learn the hard way. Okay. I'll shut up.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-relays
mailing list