Too Suspicious?

Bill Sconce sconce at in-spec-inc.com
Sat Oct 29 08:33:00 EDT 2005 

Hi, Jim -

In my opinion you did an EXCELLENT job, one which was entirely called for.
In no way too suspicious.  Thank you for doing it, and for sharing it.

In my own sphere (as a flight instructor) we've had similar bouts of
cluelessness from the inchoate agencies of the Federal government, namely
the Deptartment of "Homeland" Security and the Federal Aviation
Administration.  I spent nearly a week over one effort involving (in 
their case) Flash, again the untrackable invasiveness of software
they expected users to install on computers over the Internet, and our
inablility to establish proper (i.e., written) trails of auditibility.
(Including the implied threat of "prove you installed this software
or we'll take action against your license".)  It seemed clear that the
problem was naievté, compounded by massive incompetence in IT, but
the risks pushed onto the recipients were and are real.  Not to mention
the time lost to understanding and responding to the issue.  Like you,
I kept a careful record of all the correspondence;  it's ridiculous,
but not silly.

In your case (where the possibility of real espeionage is not unthinkable)
it would be appropriate to bring the survery to the attention of the
Department of Commerce, wherever the contact may be for such matters as
export control of sensitive technology.  Not that I'd ask you to waste
more of your time, but it would be appropriate (and gratifying) to sic
a responsible government agency on the irresponsible one, and imagine
that someone might learn something as they fought it out.

-Bill




On Fri, 28 Oct 2005 20:53:32 -0400
Jim Kuzdrall <gnhlug at intrel.com> wrote:

>     This is a response to an implied request by the government that I 
> get Microsoft software, among other things.  It came in a survey asking 
> details about the IR night vision equipment produced at my (one-man) 
> company.  My stuff is of a very rugged industrial variety, and orders 
> of magnitude less sensitive than needed for night vision.
> 
>     The original survey was in html (which I had to read as plain text).  
> I don't know what it requested because I never opened the ".doc" 
> instructions that were attached.  The on-line survey form's link does 
> not go back to bis.gov.  It goes to:
> 
>    https://doc.inquisiteasp.com/surveys/WVZRYE
> 
>     Has anyone heard of this outfit?
> 
>     After some other queries, too detailed for here, I think the survey 
> is legitimate but dangerously naive.
> 
>     My response follows the quote.
> 
> * * * * *
> 
> On Friday 28 October 2005 03:55 pm, RONALD DEMARINES wrote:
> > October 28, 2005
> >
> > Dear Industry Executive:
> >
> > Several weeks ago, the U.S. Department of Commerce, Bureau of
> > Industry and Security (BIS) sent you an email with a hyperlink to a
> > survey entitled Defense Industrial Base Assessment: U.S. Imaging and
> > Sensors Industry. We are contacting you because the original deadline
> > for completion has past and we have not received a survey from your
> > firm. As noted in the original email, a response to this survey is
> > required by law under the Defense Production Act of 1950, as amended
> > (50 U.S.C. App. Sec. 2155). We are requesting your immediate
> > attention to this matter.
> >
> > Background:
> >
> > The BIS is conducting an industrial base assessment of the U.S.
> > imaging and sensors industry with a special focus on the night vision
> > segment of this industrial sector. BIS will be analyzing the industry
> > that provides products and services for defense,
> > commercial/industrial, and consumer markets.
> >
> > For the purpose of this assessment we are including in the industry
> > sector: producers; component, material, and subsystem suppliers;
> > technology providers; service providers; distributors, wholesalers,
> > brokers, retailers; and public and private research facilities (see
> > the attachment for a more comprehensive list of the types of
> > organizations and applications included in this sector).
> >
> > Requirement:
> >
> > Please complete and return the on-line survey indicated above. If you
> > have any questions about this request or need BIS staff to send you
> > another link to the on-line survey, you may contact Lani Tito (202)
> > 482-8225, (ltito at bis.doc.gov ), Martin Canner (202) 482-2519,
> > (mcanner at bis.doc.gov ) or Ron DeMarines (202) 482-3755
> > (rdemarin at bis.doc.gov ).
> >
> >
> > Sincerely,
> > Brad Botwin, Director
> > Strategic Analysis Division
> 
> * * * * * *
> 
> Greetings Ronald Demarines,
> 
>     I will not respond to this survey, if indeed you are legitimate, 
> until I receive it by First Class Mail on Government letterhead.  At 
> least that way, if I am blamed for allowing unauthorized mapping of our 
> military night vision industry, I will have a piece of paper to justify 
> the level of deception.
> 
>     If you are just naive about security matters, let me point out some 
> mistakes you have made:
> 
>     1) I have no way to prove where this email (or any other) 
> originated.
> 
>     2) Judging from the name of the file you wish me to open, the survey 
> is in a proprietary format, Microsoft "doc".  I am running Linux.  I do 
> not have any licensed software to open Microsoft's format.  Without 
> licensed software, I have no way to know the information is correctly 
> presented - if indeed I could get it open at all.
> 
>     3) The "doc" format permits macros which can implant spyware and 
> other unwanted programs in my computer.  A prudent person does not open 
> picture files, html files, or macro-capable word processor files that 
> arrive by email.  If you wish your surveys to be read, send them in 
> plain text.
> 
>     4) The link to return your original survey did not go back to the 
> government.  It went to an IPS in Texas and then to a west coast 
> company that is totally unknown to me.
> 
>     5) Sending unencrypted information via the Internet is as private as 
> publishing it in every newspaper in the world. 
> 
>     6) You are apparently unaware of the communication I had last week 
> with BIS or the result of the communication, indicating that you are 
> not in close touch with that organization. 
> 
>     If I had vendetta against the US in mind, I would love to have the 
> verified locations of the premiere high technology infrared industry 
> sites.  I could quickly get my moles into the best locations.
> 
>     If you think me too suspicious, blame it on 40 years in the Cold War 
> and the President's directive that we are "at war" against the deadly 
> terrorists.
> 
> James A. Kuzdrall
> 
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss

More information about the gnhlug-discuss mailing list