1997-10-15 - Just say “Huh?” to key recovery concerns…keep OpenPGP pure

Header Data

From: Bianca <bianca@dev.null>
To: Lucky Green <shamrock@cypherpunks.to>
Message Hash: 3d3d3c49f5dbfb7d237069e2401aba4120ccde5142dd349c971d5b2141e1655e
Message ID: <3444764D.1731@dev.null>
Reply To: <Pine.BSF.3.96.971015055251.18802C-100000@pakastelohi.cypherpunks.to>
UTC Datetime: 1997-10-15 08:12:21 UTC
Raw Date: Wed, 15 Oct 1997 16:12:21 +0800

Raw message

From: Bianca <bianca@dev.null>
Date: Wed, 15 Oct 1997 16:12:21 +0800
To: Lucky Green <shamrock@cypherpunks.to>
Subject: Just say "Huh?" to key recovery concerns...keep OpenPGP pure
In-Reply-To: <Pine.BSF.3.96.971015055251.18802C-100000@pakastelohi.cypherpunks.to>
Message-ID: <3444764D.1731@dev.null>
MIME-Version: 1.0
Content-Type: text/plain



I hate to insert a modicum of realism into an otherwise wonderful debate
currently taking place on the Cypherpunks list in regard to the saints
or sinners (depending on the angle that one is pissing from) at PGP,
Inc.(arcerated, if PRZ hadn't folded his hand).
However, my Bullshit Meter indicates that bullshit is currently 'en
vogue' as the preferred 'opiate of the masses' and that the ultra-fine
distinctions between GAK and CMR that are being hotly debated on the 
list are likely to be largely ignored by the huddled masses, yearning 
to be monitored.

SURVEILLANCE==SECURITY
Call it Double Speak or Spin Doctoring, it doesn't really matter. The
citizen-units have bought into the 'America's Funniest Home Videos of
Law Enforcement Agents Busting Dark Skinned Threats To Decent Americans
On Prime-Time TV Thanks To Total Video Surveillance of the Citizenry'
message being promulgated by the mainstream entertainment/news media.

This is why nobody even blinked when legislation was recently passed
which criminalized the possession of toilet plungers, except for those
involved in meeting the legitmate needs of law enforcement to shove
toilet plungers up the citizens' assholes.
(Hell, I usually pay extra for that...)

OK, so I just made that stuff up. Nonetheless, it *could* be true at
some point in the near future, if DoubleSpeak, NewSpeak, SpinSpeak
and I'mTooTiredToFightItAnymoreSpeak become the unchallenged rule
of the day (which is not far from becoming a total reality).

However, the point which I am not terribly concerned about making
is this:
  The great sin of ViaCrypt/PGP is that they are failing to maintain
standards of integrity that are far above that of the large mass of
humanity that they are counting on to comprise the bulk of their
customer base.

What is the quote...??? 
"Nobody ever went broke underestimating the intelligence of the
public." (?)

I would very much prefer that ViaCrypt separate their 'Corporate Message
Recovery' software from the PGP name/reputation-capital, but I would
rather the situation remain as it is than to see PGP/ViaCrypt go under
and leave the encryption software field to those with *no* history of
'doing the right thing.'
I sincerely hope that the CMR software is the result of those designing
it getting caught up in the erronius security concepts being promulgated
by those with a fascist axe to grind, and that it is not the result of
people of integrity 'consciously' averting their gaze from reality in
order to increase their bottom line.

If the current form of PGP/CMR is the result of normal diversion of the
optimum design, due to the time/monetary pressures of everyday business,
then the flaws in the product can be rectified in the future.
If this is not the case, then it will be incumbent upon those who are
aware of the dangers the technology presents, in its current form, to
develop viable methods of circumventing the technology's flaws and/or
weaknesses.

To tell the truth, my main concern with the direction that PGP/CMR has
taken is that there are not many role models left in life, and it would
be a shame to lose yet another one due to lack of the character and
perserverance that is needed to go against the grain of everyday
business reality.
The posts to the Cypherpunks list surrounding the issues involved in
the current release of corporate PGP have been very enlightening to
those of us who count on those such as Peter, Adam, William and others
to 'shake it down' from a technical perspective. However, the pros and
cons being debated on the list will have little meaning in the long
run if those of us who are capable of understanding the issues involved
do not take the time, and make the effort, to fully understand the
implications involved, and to use whatever influence we have in society
and the computer industry to rail against the dangers and work toward
optimum solutions to the weaknesses and shortcomings in the technology
which can threaten privacy, liberty and freedom.

The fact of the matter is, although a company does indeed have a right
to exercise control and supervision over their business affairs, they 
have no right to exercise the same amount of control and supervision 
over an employee's phone call or email to his or her spouse, or family
members, or their communications with the cable company over when they
can be present at home to have their cable TV hooked up.
If a company has set up a system whereby an employee needs to ask
permission to make an unmonitored phone call, or send a personally
encrypted email during the course of the business day, then the
company and the employee have become adversaries.

Governments and Corporations become fascist dictators 'by default.'
When they remain conscientious, humanitarian institutions over a long
period of time, it is the result of the efforts of those within the
governments and corporations to 'make' it so.
If man does not rule the machine, then the machine will rule the man.
[Women rule *both* (;->)------(<-;)]

There is a far cry of diffenence between:
1) "Boss, can I have permission to talk privately, without supervisory
  monitoring, to my child's doctor, since he/she is sick and the doctor
  needs to speak frankly and privately to me?"
and
2) "Boss, I needed to speak privately to my child's doctor, so I 
  bypassed the monitoring mechanisms and informed my supervisor
  as to my reasons for doing so."
and
3) "Boss, I damn glad I work in one of the few remaining companies
  where I am trusted to act in the best interests of both myself
  and the company, and not be spied on over every minor detail out
  of a sense of mistrust."

I realize that we live in a world where the company president (of
Borland?) can steal company secrets and take them with him/her to
his/her new place of employement. And janitors can go through the
garbage to gain access to company secrets that they can sell to
the competition.
However, I truly believe that TOTAL SECURITY is an impossible goal,
and that internal company security should be geared toward making
it necessary for outside forces to attack the system in order for
the corporate information system to be compromised.
The situation within a company is much the same as the situation
within a country. Even the most fascist and draconian of rules 
and regulations will not prevent the anti-fascists and anti-
draconians from playing the secrecy/security game better than
one's own players. (Or prevent the janitor from inadvertently
leaving valuable corporate information lying on the top of the
garbage pile.)

Corporate Security is not a far cry different from National 
Security or Private Security.
All involve an elliptical curve beyond which 'security' becomes
our oppressor, rather than our savior.

I have listened closely to both sides of the debate over corporate
interests versus government shenanigans, and do not disagree too
strongly with either side of the debate.
I believe what may be understated is the reality that any government,
any philosophy or psychology, any devised system of democracy or
security, is dependent upon the knowledge, wisdom and integrity of
those who are involved in upholding the concepts underlying it.

It matters little whether the Supreme Court is 'stacked' with
liberals or conservatives, it is still 'stacked.'
It matters little whether we are 'pretending' to listen to the
arguments of our 'liberal' or 'conservative' foes, we are still
'pretending' to be men and women of reason.

The great danger that exists is that men and women of high intellect
and reason will make the mistake of assuming that their fellow
primates are working off of the same game sheet as they are.
If the same party takes all of the steps backward, as the other
party keeps stepping forward, then the word 'compromise' is being
misused. Buy a clue...

I have no more desire to live in a world full of Dimitri Vulis's 
than I do to live in a world full of Tim C. Mays.
I want to live in a world full of CypherPissers who shoot themselves
in the foot as often as they shoot each other in the head, so that
the Universe maintains its natural balance.
Ignorant incompetence is a far less troubling manifestation than is 
that of conscious evil. Yet we live in a world that 'condemns' the
former and 'compromises' with the latter.

What I find troubling is the fact that 'evil' seems to have a game
plan, while 'good' seems to be locked in an endless argument over
how to proceed so that every aspect of life remains unequivocably 
'equal,' no matter whether nature itself cries out against it.
In effect, 'evil' is in agreement, and advances, while 'good' is
locked in battle with itself, arguing over how many angels can 
stand on the head of a pin.

The longer we refrain from speaking out against the evils of Waco,
the more we will be faced with OKC bombings. If all of us had
protested loud and long over the Waco injustice, then there would
have been no need for the universe to balance it out with OKC.
The turbulence and/or violence of our future is dependant upon
where we draw the line, as individuals and as a society, where 
we say, "This far, and no further."

The end result of the government's promotion of GAK, or PGP's
implementaion of CMR, will not be dependent upon the aims and
goals of those promoting and developing the concepts and the
underlying methodologies behind them, but upon the willingness
or unwillingness of you and I to 'go gently into the night'
when we are faced with an opponent who steps across the line
we have drawn in the sand to represent our own beliefs and
level of personal integrity.
The more of us who are willing to compromise by 'moving' that
line, the more that Doom closes quickly around us, and we are
hung on the cross, with Nine Inch Nails.

Bianca
~~~~~~

>  -- Lucky Green <shamrock@cypherpunks.to> PGP encrypted email preferred.
>    "Tonga? Where the hell is Tonga? They have Cypherpunks there?"

  "Alice? Alice? Who the fuck is Alice? Is she a Cypherpunk?"






Thread