From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 19 Jun 94 19:00:59 PDT
To: cypherpunks@toad.com
Subject: Corporations and Encryption
In-Reply-To: <199406181833.LAA23673@netcom4.netcom.com>
Message-ID: <199406200201.TAA06906@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Earlier I wrote:

> And an even better solution is for folks to have their own private
> machines and access to one of the cheap Internet service providers
> springing up all around. Then they won't have to worry about their
> corporations "snooping" in their e-mail files. Or restricting them
> about using PGP or other crypto.
> 
> Corporations have a legitimate reason to tell employees what they can
> and can't use. After all, corporations are held liable for most
> employee actions (so those death threats to whitehouse.gov will
> reflect back on the company) and have other concerns as well
> (espionage, extortion, bribery, too much use of the Net, etc.).
> 
> Having your own computer means never having to say you're sorry.
> 
> (I fear laws telling corporations they *can't* snoop as much as I fear
> Clipper. The reasons are obvious, to me at least, and I can expand on
> this point if anyone's really interested.)

Several people having asked for an explanation and/or commented here
on their interpretations, I'll explain my position:

* Individuals, groups, corporations are free to set their won
policies, more or less, in a free society. (Not everyone agrees with
this, more's the shame.)

A company can set working hours, working conditions, software to be
used, and so on. It is not the business of government to interfere in
these decisions, nor do "civil rights" enter in...an employee told to
use Microsoft Word and not to use PGP cannot claim his "civil rights"
are being violated.

* I did not say companies _should_ snoop...I said there should not be
laws forbidding snooping--in line with the point above.

Imagine the implications of a law forbidding such "snooping": a
company would presumably be unable to ensure that its policies were
being followed, that it's employees were not violating various laws,
etc.

To be sure, companies may wish to avoid snooping, as the repercussions
on company morale are often severe. Not being a good idea, in general,
does not imply that there "ought to be a law" regulating such things.

(Ditto for searches on leaving premises, which one writer here likened
to snooping. Indeed, the two are the same. For 12 years at Intel, my
briefcase was searched--sometime thouroughly, usually cursorily--every
time I left a building with it. Not hard to see, given that a single
uP could be sold for $500 and a briefcase of them could be worth a
small fortune. Floppy disks and the like were generally ignored, as
determining the contents would be too difficult, etc. A lot more I
could say here, but I won't. Searches of briefcases was a "condition
of employment" and not a civil rights issue....except for female
employees, whose handbags were exempted by external law from any
search...assembly workers were often suspected of stealing packaged
devices, but Intel was forbidden to check their bags!)

* In summary, it's a real bad idea--ethically and practically--to deny
"corporations" behaviors we take for granted for ourselves. If I hire
someone to help me in my home, I can set the conditions of the job:
what hours, what rate of pay, what tools can and can't be used, and
what limits I may wish to place on his use of my modems to communicate
with outside services or agents. Corporations are not really
different.

We may not like big corporations...most new companies are formed by
people fed up big companies...but this does not mean we should
interfere with how they run their businesses. Not working for them is
always an option. (I am sympathetic to many anarchist views, such as
those held by my friend Dave Mandl, but I am not at all convinced by
left-leaning arguments that "sometimes people have no choice " in the
jobs they take. Thus, I am a standard libertarian here.)

In considering whether crypto should be "allowed" or "not allowed" for
corporations, a better answer is: that's not for society and the law
to concern itself with. Companies that snoop too much will lose
employees, and companies that are told they cannot monitor what
employees are doing and what tools are being used will also lose out.

Finally, all the arguments about there being _other_ ways for
corporate secrets to leak out are accurate, but beside the point. Of
course there are, and I have done extensive writing on this (BlackNet,
information markets, Gibson-style "escrow" of key employees, etc.).
But that employees can use their home computers to sell corporate
secrets is somthing they will have to learn to deal with somehow (*),
not a reason to limit corporations' abilities to set policy in their
workplaces.

(*) One possibility, the Gibson scenario mentioned (cf. "Count Zero"),
is to require key employees in extremely sensitive positions to forego
access to outside contacts. It may not work very will, and it may be
distasteful to many or most people, but it's not a violation of "civil
rights."

Along with "democracy," the term "civil rights" is bandied about too
much and is used to justify entirely too much State intervention.
Mutually agreed-upon contracts always take precedence over democracy
and civil rights. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."