1993-12-27 - Re: Pseudo-spoofing the Gov’t

Header Data

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: cypherwonks@lists.eunet.fi
Message Hash: 85c375cf6af1bf5ea2db80638e2a465fdf6e7757c1200f26deecb8592306f864
Message ID: <9312270708.AA27965@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1993-12-27 07:07:13 UTC
Raw Date: Sun, 26 Dec 93 23:07:13 PST

Raw message

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 26 Dec 93 23:07:13 PST
To: cypherwonks@lists.eunet.fi
Subject: Re: Pseudo-spoofing the Gov't
Message-ID: <9312270708.AA27965@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Edward Marotta says, though not in this order:
> PGP?  Sorry, it's not for users.

It's true; PGP is designed for people who will read manuals,
or have helpful friendly computer consultants around to set it up and
hold their hands while they read their mail.  Anybody competent enough
to be an effective political activist can do it, but it's really
not for everybody.

That's ok - that just means there's a market for people to build
user-friendly mail-reading tools that handle digital signatures,
either automagically or when users press the "Sign" or "verify" buttons.
Maybe some of us will build these tools; maybe Apple will build them
for the rest of us, maybe even Microsoft will.  Maybe GNUmail will happen.
Some obvious design goals include handling more than just PGP formats -
at least verifying PEM/RIPEM/TISPEM and whatever formats Apple AOCE and
Lotus Notes use are probably useful, and non-open systems makers may not
do this without prodding (after all, if they won't use standard mail
protocols, why should they support standard encryption :-( ? )

> What happens when governments are online and someone pseudo-spoofs 
> the state legislature?  

There are two stages to this problem.  One is authenticating messages
that pretend to come from CONgresscritters or other government officials;
that's pretty easy, since they can sign their messages using
whatever digital signature standard they choose, though there are minor
wrinkles about messages that really come from their staffs,
and need a digital rubber-stamp instead of a digital Real Signature.
(If multiple staffers have the passphrase instead of the Real Politician,
there's some risk of it leaking out, though not too much, and obviously
you'd expect different public keys to be used for letter-writing and
real votes, just for security reasons.)

The other stage is as more politics moves on line, and people start
_running for office_ under pseudonyms.  It's bad enough today, when
by doing lots of work you can discover that George Bush's family is in
pharmaceuticals, bank robbery\\\\\\\\management, and Middle East oil,
and John Hancock and Joe Kennedy's family were in the illegal drug
importing business.  (According to William Greider, the Democratic Party 
is primarily run by six big law firms.)  As that great American patriot
"Deep Throat" said, "Follow the money!"  What happens when you _can't_
do that any more?  What happens when you can't even follow the names?
I guess we'll just have to start giving government less power to reduce
the possibilities of conflict of interest?  (Naaahhh....)

			Bill Stewart, currently living on a continent
			whose government ignores a Constitution largely
			written by a couple of guys who used the alias
			"Publius" in their newspaper propaganda,
			plus a bunch of other folks in a smoke-filled room
			who agreed to do all their business in secret.
			

# Bill Stewart  NCR Corp, 6870 Koll Center Parkway, Pleasanton CA, 94566
# Voice/Beeper 510-224-7043, Phone 510-484-6204
# email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com

(Sorry about duplication for those of you who are on both cypherpunks
and cypherwonks...)





Thread