1994-03-17 - EFF gun-shy of legally employing PGP (fwd)

Header Data

From: Mike Godwin <mnemonic@eff.org>
To: grady@netcom.com
Message Hash: 34e88a1700e809bd2d3e6673c9ddb356073547a94a34a49b31c4cc6fe316d8a4
Message ID: <199403172205.RAA23556@eff.org>
Reply To: N/A
UTC Datetime: 1994-03-17 22:06:52 UTC
Raw Date: Thu, 17 Mar 94 14:06:52 PST

Raw message

From: Mike Godwin <mnemonic@eff.org>
Date: Thu, 17 Mar 94 14:06:52 PST
To: grady@netcom.com
Subject: EFF gun-shy of legally employing PGP (fwd)
Message-ID: <199403172205.RAA23556@eff.org>
MIME-Version: 1.0
Content-Type: text/plain

Grady, this kind of smear is unnecessary. I didn't respond to further
queries because I didn't see any further queries.

I expect you to apologize for this forthwith. Some people apparently have
too much time on their hands, and they fill it with speculations about
others' motives.

In the meantime, I'll give you three reasons we didn't use PGP.

1) It wouldn't have solved the problem, since the majority of people who
spreead the false press release are not encryption users.

2) PGP is inconvenient to use.

3) EFF is a Mac shop, but our licensed copy of Viacrypt doesn't run on the

Feel free to forward this message. And, please, try not hinder our
effectiveness with further unsupported smears and accusations. Thanks in


From: grady@netcom.com (Grady Ward)
Subject: Re: "Porn Press Release" from EFF is a Hoax
Message-ID: <gradyCMtHxp.M6L@netcom.com>
Followup-To: alt.2600,comp.org.eff.talk
Organization: Moby lexical databases
X-Newsreader: TIN [version 1.2 PL1]
References: <CMI2AL.uAD@sernews.raleigh.ibm.com> <2m2mou$mp1@eff.org> <1994Mar15.170955.21185@nntpd2.cxo.dec.com> <2m5p3f$gt4@agate.berkeley.edu>
Distribution: inet
Date: Thu, 17 Mar 1994 16:32:13 GMT
Lines: 78

Steve Pope (spp@zabriskie.eecs.berkeley.edu) wrote:
: page@solvit.enet.dec.com (My name is...) writes:

: > Yes, but the point of the reply, is that PGP signatures SHOULD
: > be used by sysops.

: Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard?

: Is the latter not in place yet?

Yes, you can use the DSS (unless it is given away to PK partners, that is).

The importance of using PGP or another strong privately developed crypto
is that it supports the industry rather than relies upon the government.

But since Mr Godwin has answered the question to his satisfaction and is not
responding to further questions, I guess we will never know the real reason
why the EFF will not use PGP to digitally sign press releases.

Apparently Mr Godwin chooses not to be responsive to the EFF membership with
respect to this issue. He only has said that sysops don't use PGP so rumors
would not be quashed anyway. From a person of his intelligence this is about 
the lamest reason I've heard.

Let me see if I can speculate on the real reaons the EFF may not choose to 
use PGP to sign press releases:

(0) Using PGP would be provocative to the very powers we seek to infiltrate
[ViaCrypt PGP is perfectly legal and fully licensed.]

(1) There is not a problem with authenticity.
[This must be false, otherwise Mr Godwin wouldn't have begun this thread]

(2) Signing with PGP is not effective.
[false; MD5 and RSA have no known weaknesses]

(3) Signing with PGP is too hard or would take too much time
[false, perfect for irregular press releases]

(4) PGP signatures take too much bandwidth.
[false, again perfect for the mmoderate to longer press releases]

(5) Sysops don't use PGP, rumors would spread anyway
[Sysops might begin with suitable leadership; the signature of course
could be ignored and the rumor spread anyway -- but if there *were*
a question of authenticity an individual could check the authenticity
without needing to log on to EFF's server or needing to personally 
contact an EFF official]

(6) Signatures make the press release harder to read
[false, a single line at the beginning and a block of lines at the end
are added, none of the body is changed in any way]

(7) We are journalists and attorneys, not nose-picking nerds

(8) We are journalists and attorneys, this might expose up to greater
liability and less 'deniability'.

(9) We just defend these 'PGP' and 'BBS' people.  We don't actually
want to ASSOCIATE with them more than we have to.  Cooties. 

(10) The EFF does not have to explain its actions or inactions to anyone.

While Sternlight is merely annoying, and sometimes entertaining, EFFs
lack of dialogue on this leadership opportunity supporting private
crypto signatures is very, very disappointing.
Grady Ward             | +1 707 826 7715  | finger grady@netcom.com for free
3449 Martha Ct.        | (voice/24hr FAX) | Moby lexicon brochure & samples
Arcata, CA  95521-4884 | 15E2ADD3D1C6F3FC | KN6JR monitoring 14.178 & 14.237
USA                    | 58ACF73D4F011E2F | 1800 UTC - 2000 UTC daily