1996-04-03 - Re: Article on PGP Viacrypt

Header Data

From: Eric Murray <ericm@lne.com>
To: walter@cithe302.cithep.caltech.edu (Chris Walter)
Message Hash: e5e2a8f03f732213bd7ffa2d74b756b76de71db7f5d37d49382e924d6f07011a
Message ID: <199604030451.UAA06038@slack.lne.com>
Reply To: <WALTER.96Apr2124421@cithe302.cithep.caltech.edu>
UTC Datetime: 1996-04-03 11:28:02 UTC
Raw Date: Wed, 3 Apr 1996 19:28:02 +0800

Raw message

From: Eric Murray <ericm@lne.com>
Date: Wed, 3 Apr 1996 19:28:02 +0800
To: walter@cithe302.cithep.caltech.edu (Chris Walter)
Subject: Re: Article on PGP Viacrypt
In-Reply-To: <WALTER.96Apr2124421@cithe302.cithep.caltech.edu>
Message-ID: <199604030451.UAA06038@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Chris Walter writes:
> 
> Hi Folks,
> 
> There is an interesting article by Simon Garfinkle in this
> morning's(Apr 2nd) electronic version of the San Jose Mercury news.
> Its on the index page so I don't think you need an account to read
> it.
> 
> The article deals with the new key management features and extensions
> in Viacrypt and how PRZ is upset since it allows employers to read
> their employees messages.

I read it this morning.
The gist is that this new evil PGP lets your employer
SPY ON EVERYTHING YOU DO!  And was written in about
that tone.

I was disappointed by the article.  I don't know if Simson
is deluded about the use of Viacrypt PGP, or the article got
hacked up by by ignorant/malicious editors, or my understanding of
Viacrypt PGP is competely wrong.

I thought the purpose to putting key escrow (that's real escrow
not GAK) into PGP was to allow its use for business purposes.
Often in business use you're not too concerned with keeping secrets from
your employer or fellow employees, but do want to keep those
secrets within the company.  And there is a real concern that you
might encrypt company-secret stuff and then fall off your motorcycle
and get run over by a truck, leaving your securely-encrypted company
secrets suddenly inaccessable to the company...
Key escrow, with the keys held by the company, is designed to prevent
this problem.

The article failed to mention that you're not prevented from using
a non-escrow PGP for personal secrets (could Viacrypt PGP prevent
you from using PGP 2.6.2?  I don't think so) and made it sound
like Viacrypt PGP is designed to allow nosy employers to spy on
employees encrypted email.  I guess it would, if the employers were
that nosy and the employees dumb enough to use company-provided
escrowed PGP to send personal secrets.  But that theory's about
as credible as the Clipper chip proponents's "dumb crooks" theory
where crooks would want encrypted phones but be dumb enough to
forget that the Government held the keys...

Simson's the one main-line journalist who writes about internet
and computer issues that I still think has a clue, and has written
a pretty good book about PGP, so I'd be suprised if he got this
so wrong.  On the other hand, I haven't used this new Viacrypt PGP 
and I'm going on what I think that escrowed PGP is really good for.
Maybe my feeling about that have blinded me to reality.  Or, most
likely, the editor(s) hacked the story up either out of ignorance
or to present a viewpoint that they had already decided they want to
present, truth be damned.


If I wanted to present a conspiracy theory about the government
wanting to discourage use of PGP for businesses, this would be the
place to do it.  If PGP gains a foothold in the businessplace
it'll be nearly impossible to eradicate, given the fact that
(big) business essentially runs the country.  Key escrow will
make PGP a lot more usefull to businesses, increasing its use.
I'm sure you can fill in the rest of the theory.


> http://www.sjmercury.com/business/priv401.htm
> 


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





Thread