cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-03-20 - Re: Would the FTC crack down on snake oil someday?

Header Data

From: “Deranged Mutant” <WlkngOwl@unix.asb.com>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: a90cf2e12826702f9f1d4041d0f9877be6004215b392bd7d82211f6498af56b9
Message ID: <199603200412.XAA11193@unix.asb.com>
Reply To: N/A
UTC Datetime: 1996-03-20 06:57:18 UTC
Raw Date: Wed, 20 Mar 1996 14:57:18 +0800

Raw message

From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 20 Mar 1996 14:57:18 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Would the FTC crack down on snake oil someday?
Message-ID: <199603200412.XAA11193@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Mar 96 at 19:10, Bill Stewart wrote:

> Sure, they'll be happy to, if we really want.  The NSA will advise them
> on what's good crypto, and what's snake-oil.  Certainly any system that
> didn't provide for back-up key access doesn't rate......
> 
> No, I didn't think you wanted that either....

Maybe the NSA will advise them, maybe not... since there is a 
conflict of interest (not unusual in regulatory circumstances, 
though).

Then again, it would be awkward if the NSA hypothetically said 
product A is crap and product B is secure but non-NSA people said 
differently, esp. if the NSA wouldn't let product A be exported.

They're a governmental organization, with all the flaws of any 
organization/bureaucracy, let alone the government.  So yes, I've
pondered them asking the NSA for advice... but keep in mind it puts
the NSA in a double-bind, because they aren't the only experts, and
because they'll look bad if they contradict themselves.

They (FTC) might go by something different, though. If a company claims 
their product uses an "unbreakable cipher" when there are cracking 
programs (commercial or free) available, then obviously its false 
advertising.  Indeed anything that advertises itself as "unbreakable" 
is a lie.

There's also other consumer groups that are non-governmental, like 
Consumer Reports, PIRGs, and even various state and county consumer 
advoctates who won't tow the federal line (look at bovine growth 
hormone for one example... hm, maybe a bad parallel.)

Part of it is a public learning curve. After a while more people 
(though not enough to eliminate snake oil's market) will recognize 
"PGP", "RSA", 'IDEA", "3DES" and other strong algorithms. (Ascom Tech 
could do themselves a nice turn by pushing for products with "IDEA 
Inside" type of messages...)

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.

Thread