1997-10-05 - Re: New PGP “Everything the FBI ever dreamed of”

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: 654bae706e3146f31490360e165a64e42c6d75fae6d9b4fb0eda8bafc8eb6a4f
Message ID: <v03102800b05d58dd0280@[207.167.93.63]>
Reply To: <v03102800b05aaebebd1c@[17.219.102.47]>
UTC Datetime: 1997-10-05 15:22:24 UTC
Raw Date: Sun, 5 Oct 1997 23:22:24 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Sun, 5 Oct 1997 23:22:24 +0800
To: cypherpunks@cyberpass.net
Subject: Re: New PGP "Everything the FBI ever dreamed of"
In-Reply-To: <v03102800b05aaebebd1c@[17.219.102.47]>
Message-ID: <v03102800b05d58dd0280@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




Quote of the Year: ''PGP does not stand for back doors,'' said Zimmermann.
''I don't mind if they sell a program that has a back door in it, but they
shouldn't call it PGP. If your employer can read your mail anytime he
wants, without your permission, that goes against the spirit of the PGP
trademark."

At 4:25 AM -0700 10/5/97, Anonymous wrote:
>http://simson.vineyard.net/clips/96.SJMN.PGPBusinessEdition.html
...
>                             PRETTY LOOSE PRIVACY
>[...]
>   Published: April 2, 1996
>   BY SIMSON L. GARFINKEL
...
>   That has not stopped Zimmermann from complaining loudly about the PGP
>   name being used in a product that allows someone other than the author
>   or the intended recipient access to information. Viacrypt owns the
>   licensing rights to sell the commercial versions of PGP.
>
>   ''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind
>   if they sell a program that has a back door in it, but they shouldn't
>   call it PGP.''
>[...]
>   ''If your employer can read your mail anytime he wants, without your
>   permission, that goes against the spirit of the PGP trademark,'' said
>   Zimmermann.

Pretty Good Point, I'd say. And we ought to keep quoting these comments.

I agree that an employer has a "right" to read employee mail, sent on
company time with company resources.

However, a program which facillitates this has no business being called
"Pretty Good Privacy." As Phil notes, it goes against the whole spirit of
PGP. It's surveillance, pure and simple.

Further, while businesses have every right to monitor their workers (Hey,
I'm not saying I _like_ this, just that the alternative of banning such
monitoring would be abusive to a property owner's rights), we should not be
_encouraging_ the spread of such technologies. Especially given the very
real risk that wide deployment of "Business PGP" could present.

Wide deployment of "Business PGP" would also make eventual GAK much easier
to implement. One plausible scenario is that companies would have to make
available the escrowed copies of e-mail upon request by law enforcement.
(Such records are of course already subject to subpoena, not to mention
inspection by various and sundry other government agencies.)

A further scenario is that "Business PGP" is _mandated_ within businesses
or corporations by the ever-increasing regulatory web imposed by
government. The SEC will want to ensure that insider trading is not being
discussed, the FTC will want to snoop on possible anti-competitive
communications, the DEA will want to investigate use of corporate shipping
systems for drug distribution, and, of course, the various intelligence
agencies will want access.

"Business PGP" will be just another requirement, like certain accounting
practices, like OSHA requirements, etc. Random inspections will force
compliance, with fines for violations.

Under this scenario, the so-called "rights" of individuals will not even
arise, as the government rules will affect businesses, which are not held
to have rights in the same way individuals are. (I happen to disagree, and
think the owners of XYZ Corporation have the same rights to do with their
property as J. Random Citizen has, but the courts have ruled otherwise.)

The wide adoption of "Business PGP" could also mean short shrift to non-KR
versions, including a lag in availability, or even eventual dropping of
development efforts. (I'm sure PGP, Inc. will assure us otherwise, but this
could still be an eventual development, if, for example, "Business PGP"
accounts for 80% of their sales.)

I agree with Phil Zimmermann's point:  ''PGP does not stand for back
doors,'' said Zimmermann. ''I don't mind if they sell a program that has a
back door in it, but they shouldn't call it PGP. If your employer can read
your mail anytime he wants, without your permission, that goes against the
spirit of the PGP trademark."

Let's hope PGP, Inc. comes to their senses and stops doing the work of Big
Brother.

--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread