From: Toto <toto@sk.sympatico.ca>
Date: Thu, 10 Apr 1997 22:27:18 -0700 (PDT)
To: bryce@digicash.com
Subject: Re: store your private key on a multi-user system!  use pubkeys without verifying them!
In-Reply-To: <199704101223.OAA27778@digicash.com>
Message-ID: <334DCC65.3409@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> 
> The non-cpunks that I talk to frequently say that "no bad guys
> would bother to read my e-mail". 
> as long as the value of reading your private e-mail is less than
> the cost of reading it, you can consider yourself safe.

  Bad, bad assumption.
 
> So my points are as follows:

> 2.  To the cpunks:  the _value_ of invading your privacy is not that
> high.  There are no evil storm troopers whose full time job is to run
> a man-in-the-middle attack on your PGP public key, or dedicate a
> cracking farm to decrypting your messages, or using TEMPEST devices
> on your home computer or whatever.  Therefore, simply encrypting your
> personal e-mail with a 512-bit PGP key, storing your private key on
> your local multi-user Unix system, and using people's public keys
> _without_ doing anti-Man-In-The-Middle techniques is more than
> sufficient to protect your privacy.

   Horseshit. Send me all of the email and files from the hard 
drives of the NSA, CIA, FBI, and the organizations we don't know
about, for the last 20 years, and then we'll talk about what
evil storm troopers do, or do not, exist.
  Then we can begin to talk about what really trips up most
fugitives/criminals/freedom-fighters--the mundane.

   J.Edgar Hoover didn't rise from the grave to entrap the
UnaBomber with high-tech devices and an army of spooks. His
own family turned him in.
  Four guys broke into a Vancouver bank a few years ago, spent
the weekend cracking the vault and safety deposit boxes, and 
made a clean getaway, except one of their suitcases broke open
on the trip out of town, spilling the goodies for everyone to
see. They sat in jail until Monday morning, when the banks 
opened, and the cops could figure out who they robbed.

> Now, if you use your e-mail to transmit really _valuable_ data, then
> that is a different story.

  I submit that everyone has _really_valuable_data_, no matter
what value others put on it.
  I would guess that there are no shortage of people who would
rather have their company's data compromised, than have their
spouse find their secret love-letters.
  The key is to be as meticulous as possible in your security
precautions, because those things you have little knowledge of
or control over may well be more dangerous to you than those
that you don't.

  Case in point.
  I spent twenty years of my life making sure that I had extra
'butts' on me at all times, so that I would not have to face
my greatest fear--going to jail without a suffiecient supply
of nicotine.
  The one time I slipped up was when I was on 'safe' ground,
in my hometown, crossing a border I had crossed every day for
the last few weeks with no trouble. Then I got hauled in for
a 'bad check' that was a result of a clerical error. I actually
had the cancelled check in my motorhome, but the facts didn't
matter--I was headed for the slam with almost no butts.
  An understanding Sheriff's deputy with a couple extra packs
probably saved me from the death penalty for killing cops to
escape and go get more butts.

  When you decide that you've got nothing to worry about, because
the 'bad guys' aren't after you, then the 'good guys' will get you.
  Your wife will hire a teenage hacker to look for the secret love
letters that don't exist, and turn up unrelated info that the kid 
will use to get a sweetheart deal when the Feds break down 'his'
door. Your employer's audit of the books will point to you being
a thief, and in the process of proving you innocent, will turn up
evidence of your office affair, giving your spouse grounds for
divorce.

  The people who get fucked aren't the people who 'deserved' it. They
aren't the people who 'took crazy chances'. They aren't the people who
'had the most to hide'.
  They are the people who got fucked.

  The bottom line is, if you have something to hide, then hide 
it, and hide it well.
  You can be faster than a speeding bullet and leap tall buildings
in a single bound, but somewhere out there is a bum going through
a dumpster, and he just found a funny, glowing, green rock.

-- 
Toto
"The Xenix Chainsaw Massacre"
http://bureau42.base.org/public/xenix/xenbody.html