From: jf_avon@citenet.net
Date: Mon, 6 Oct 1997 11:06:55 +0800
To: e$@thumper.vmeng.com
Subject: Re:New PGP "Everything the FBI ever dreamed of"
In-Reply-To: <v03110706b05bfd2e031d@[139.167.130.248]>
Message-ID: <199710060219.WAA16101@cti06.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain




> Date: Sat, 04 Oct 1997 03:35:12 -0500
> To: "George F. Mayhew" <mayhem@globaldialog.com>,
>         Robert Hettinga <rah@shipwright.com>
> From: Black Unicorn <unicorn@schloss.li>
> Subject: Re:New PGP "Everything the FBI ever dreamed of"
 
> At 10:58 PM 10/3/97 -0500, George F. Mayhew wrote:
>  >I think PGP, Inc. has seen the need for corporations to monitor their
>  >transactions at all levels, and responded with a simple, effective
>  >method that keeps the core applications from becoming compromised, and
>  >thus less secure.  As a private user, this doesn't bother me in the
>  >least.
>  
>  You know, you're right.  Transactions at all levels on corporate property
>  can put the corporation at risk.  As a private user, this doesn't bother me
>  in the least either.  I think a simple effective method to prevent
>  potential liability might be to put video cameras in the restrooms on
>  corporate facilities.  God knows what silliness goes on in there which
>  might get the company in trouble.  Mandatory drug tests?  Absolutely.
>  Seems to me that this is essential.  Can't have recreational drug users
>  hanging around can me.  By the way, alchohol is considered a drug by the
>  company.  We'll be screening for that starting Monday.  AIDS carriers?  We
>  need to know.  Never know when this might cause the corporation
>  embarassment, or, god forbid, liability.  What if the local CPR expert
>  didn't know that Bill had the HIV virus and tried to preform CPR?  Can you
>  imagine the potential liability?  God, what about something more
>  communicable like TB?  No, can't have that.  We need access to all our
>  employee's medical records.  Absolutely.

>  God you frighten me.

Unicorn, as usual, you twist words like nobody but you (and a 
zillions politicians) can.

You forget the fact that the association between a company and an 
individual is voluntary.  As long as all the tests and surveillance 
done by the company is known by the employee, it can do anything it 
wants.  Only, you are also free to find another employer.  And in the 
old days of paper correspondence, what prevented a company to give 
five years of a given employee's correspondence to the FBI?  

As a business owner, I wouldn't put cameras in the bathrooms, but I 
would certainly *require* that an encrypting software be decypherable 
by the top management.  Encryption is an envelope.  Sometimes, it is 
justified that management open suspicious enveloppes.  As long as a 
behaviour doesn't impair work performance, there is no reason to pick 
on it.  And personnally, I'd maybe keep somebody with impaired work 
capabilities but negociate a pay reduction instead of firing him/her. 
 He is free to find work somewhere.  This is *NOT* coercion.

Your thing about the cops having access to info is an entirely 
different story.  If the company doesn't have the balls or the 
strenght to resist bullish tactics, then, it is their problems.  The 
employee should simply have evaluated earlier if the company would 
sell him out to the first spook and choose to work for somebody else.

What you seemed to imply when you wrote that precisionless paragraph 
is that, in the end, key escrow by the owners of the company and 
computer system is dangerous.  But to the company, not having the 
possibility to decrypt the data they *own* and are liable for  is 
even more dangerous.

The data generated on company's time and pay is property of the 
company.  There is no coercion.  Everybody is free to act, 
find another employee or keep him, find another job or keep it.
Period.

Ciao

jfa

P.S.    For which one of three-letter organization do you work 
Unicorn?
-- 
Jean-Francois Avon, Pierrefonds(Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest of Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing.
PGP encryption keys at:
   http://w3.citenet.net/users/jf_avon
   http://bs.mit.edu:8001/pks-toplev.html
ID# C58ADD0D  : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D  : 152ACCBCD4A481B0 254011193237822C