From: Tim May <tcmay@got.net>
To: cypherpunks@Algebra.COM
Message Hash: 6d53dc42c2ca5c923f024e6e9bb827d0d0d2750734c578c255eed92be842fde6
Message ID: <v03102801b0656340b52c@[207.167.93.63]>
Reply To: N/A
UTC Datetime: 1997-10-11 17:28:18 UTC
Raw Date: Sun, 12 Oct 1997 01:28:18 +0800
From: Tim May <tcmay@got.net>
Date: Sun, 12 Oct 1997 01:28:18 +0800
To: cypherpunks@Algebra.COM
Subject: Building the Surveillance State
Message-ID: <v03102801b0656340b52c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I predict that nearly every company which enforces the PGP 5.5 corporate
snoopware will in fact routinely convert every incoming and outgoing
message to plaintext for searching by keywords, topics, etc.
This would be analogous to every phone call, incoming and outgoing, being
recorded. Except that instead of having security people _listen_ to each
recording, the messages can be glanced at quickly, marked for further
review, compiled into dossiers, or searched for the keywords of interest to
the security people.
(Please note that I am not saying such phone call or e-mail monitoring is
illegal, or should be illegal. A property owner is free to define his own
policies for how he uses his own property. This includes company phones,
company computers, and even the time of employees while they are on his
premises. The issues are not the legality or ethicality of such recordings
and monitorings, but the dangers. And whether people such as ourselves
should help build or deploy such surveillance capabilitities. Or work for
companies with such surveillance policies.)
I further predict that this will actually _increase_ the amount of e-mail
surveillance being done. Whereas today it is of course easy for companies
to surveil unencrypted employee mail, I doubt that most of them do. But the
adoption of snoopware like PGP 5.5 will raise the consciousness of company
security people. "Hmmhh, maybe we ought to buy some of those e-mail keyword
analyzers and combine them with our new purchase of PGP 5.5? If our
employees are encrypting, we'd better keep tabs on them."
By building in such easily-enforceable snooping capabilities, and by
building in such things as the ability to reject even _incoming_ e-mail
which has failed to encrypt to the corporate key (as I understand the
product), this greatly moves us toward a surveillance era.
Is this what "Pretty Good Privacy" really stands for?
- --Tim May
The Feds have shown their hand: they want a ban on domestic cryptography
- ---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBND+11FK3AvrfAt9qEQKOZQCdFRS6Ogl3da7TDFxmFF7E9kE16RsAoPaG
iFjXzww6H5c1no3iYGvL6BGD
=wt4J
-----END PGP SIGNATURE-----
Return to October 1997
Return to “Tim May <tcmay@got.net>”