From: Alan <alan@ctrl-alt-del.com>
To: Tim May <tcmay@got.net>
Message Hash: 4230d164df3f69ed244de98e5481b79b2d161bbe12426398ba98582155891f26
Message ID: <3.0.3.32.19971011104004.03eec138@ctrl-alt-del.com>
Reply To: <v03102801b0656340b52c@[207.167.93.63]>
UTC Datetime: 1997-10-11 17:48:04 UTC
Raw Date: Sun, 12 Oct 1997 01:48:04 +0800
From: Alan <alan@ctrl-alt-del.com>
Date: Sun, 12 Oct 1997 01:48:04 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Building the Surveillance State
In-Reply-To: <v03102801b0656340b52c@[207.167.93.63]>
Message-ID: <3.0.3.32.19971011104004.03eec138@ctrl-alt-del.com>
MIME-Version: 1.0
Content-Type: text/plain
At 10:22 AM 10/11/97 -0700, Tim May wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I predict that nearly every company which enforces the PGP 5.5 corporate
>snoopware will in fact routinely convert every incoming and outgoing
>message to plaintext for searching by keywords, topics, etc.
>
>This would be analogous to every phone call, incoming and outgoing, being
>recorded. Except that instead of having security people _listen_ to each
>recording, the messages can be glanced at quickly, marked for further
>review, compiled into dossiers, or searched for the keywords of interest to
>the security people.
>
>(Please note that I am not saying such phone call or e-mail monitoring is
>illegal, or should be illegal. A property owner is free to define his own
>policies for how he uses his own property. This includes company phones,
>company computers, and even the time of employees while they are on his
>premises. The issues are not the legality or ethicality of such recordings
>and monitorings, but the dangers. And whether people such as ourselves
>should help build or deploy such surveillance capabilitities. Or work for
>companies with such surveillance policies.)
>
>I further predict that this will actually _increase_ the amount of e-mail
>surveillance being done. Whereas today it is of course easy for companies
>to surveil unencrypted employee mail, I doubt that most of them do. But the
>adoption of snoopware like PGP 5.5 will raise the consciousness of company
>security people. "Hmmhh, maybe we ought to buy some of those e-mail keyword
>analyzers and combine them with our new purchase of PGP 5.5? If our
>employees are encrypting, we'd better keep tabs on them."
>
>By building in such easily-enforceable snooping capabilities, and by
>building in such things as the ability to reject even _incoming_ e-mail
>which has failed to encrypt to the corporate key (as I understand the
>product), this greatly moves us toward a surveillance era.
>
>Is this what "Pretty Good Privacy" really stands for?
I seem to remember that it was just this sort of feature set that Phil
Zimmerman was grousing about when ViaCrypt came out with their "Business
Version". It was used as one of the reasons for his takeover of ViaCrypt.
I guess it shows you just how much influence he has on PGP inc now...
"We have always supported the needs of law enforcement. We have always
been at war with terrorists and law breakers." - Winston Zimmerman
---
| "That'll make it hot for them!" - Guy Grand |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.|
| http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
Return to October 1997
Return to “Tim May <tcmay@got.net>”