From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 97413fea731408a2fec938786a1c927ed8ceae49875229ca39210a822f36f5cc
Message ID: <199409120049.RAA15757@netcom11.netcom.com>
Reply To: N/A
UTC Datetime: 1994-09-12 00:50:10 UTC
Raw Date: Sun, 11 Sep 94 17:50:10 PDT
From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 11 Sep 94 17:50:10 PDT
To: cypherpunks@toad.com
Subject: Running PGP on Netcom (and Similar)
Message-ID: <199409120049.RAA15757@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
A "Cypherpunk RISK" (apologies to the "RISKS" list) to running PGP on
Netcom, Portal, America Online, etc. systems (and on university,
corporate, etc. systems), is the obtaiing of *all* records,
directories, etc. by court order.
This has happened more than once, and will likely happen more and more
in the future, as law enforcement realizes what a treasure trove this
can be.
(The person being monitored may not be told about it, of course.)
The latest such case involved Lewis De Payne, a user, and Netcom, his
(and my) Internet provider. Details are being discussed in Usenet
groups, and were brought up also at yesterday's Cypherpunks meeting.
Not that had Mr. De Payne been using PGP on Netcom, with his secret
key stored there, the cops would have it. (The passphrase maybe not,
depending on whether he stored _that_ there, too. And whether Netcom
had logs of keystrokes entered, which strikes me as something they
would probably have--we really need a "zero knowledge" kind of
"reach-back" for remotely-run PGP.)
I just don't think the dangers are worth it. All the theoretical hot
air about whether kestroke timings are "random enough" is moot if
Netcom is turning over records to investigators.
It creates a dangerous illusion of security.
(For those with no home machines, and perhaps those who mainly use
campus services, workstations, etc., I'm not faulting you; people use
what they have to use. Longer term, though, PGP needs to run on secure
hardware. Secure meaning not easily grabbed by the authorities without
even one's knowledge!!)
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."
Return to September 1994
Return to “tcmay@netcom.com (Timothy C. May)”