1997-10-23 - Re: PGP, Inc.–What were they thinking?

Header Data

From: Kent Crispin <kent@bywater.songbird.com>
To: cypherpunks@toad.com
Message Hash: 8069459f8f82f45b2aae31cc9b81de02cacb4283b504d880ad7e4b3431c2f449
Message ID: <19971022174359.10769@bywater.songbird.com>
Reply To: <88256538.00787D24.00@pcwhub.pcworld.com>
UTC Datetime: 1997-10-23 01:04:19 UTC
Raw Date: Thu, 23 Oct 1997 09:04:19 +0800

Raw message

From: Kent Crispin <kent@bywater.songbird.com>
Date: Thu, 23 Oct 1997 09:04:19 +0800
To: cypherpunks@toad.com
Subject: Re: PGP, Inc.--What were they thinking?
In-Reply-To: <88256538.00787D24.00@pcwhub.pcworld.com>
Message-ID: <19971022174359.10769@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, Oct 22, 1997 at 03:08:07PM -0700, spencer_ante@webmagazine.com wrote:
> With all due respect to Tim May:
> 
> As a person whose been at work on a very long feature about PGP Inc. for
> Wired, I can tell you that businesses really don't care that much about
> PGP's civil liberties advocacy. In fact, its rep could hurt as much as help
> them. The Fortune 500 is much more pragmatic: They want solutions that
> work, that help them maintain security for their intellectual property and
> capital. To that extent, PGP 5.5--which enables IS directors to manage a
> public key infrastructure and enforce company-wide security policies-- is a
> step in the right direction.
> 
> But with this new product, I agree that they run the risk of alienating
> their core user group of cypherpunks and hackers. 

Alienate some, for sure.  It doesn't really matter, though. 
Cypherpunks and hackers don't have a monopoly on intelligence -- there
are plenty of people who will hack crypto for food. PGP can't make a 
go of it on free software, and they can't live forever on investor 
financing. 

> Encryption is a very
> complicated topic that doesn't lend itself well to sloganeering and
> histrionics.

Eh?  GAK,  GAKWare, Big Brother Inside, Four Horsemen of the Infoclypse, 
etc, etc,etc

Sloganeering and histrionics are the very lifeblood of this list.  It 
would die in days if it were limited to rational discussion...

And of course, sloganeering and histrionics are just as prevalent in 
the crypto debates in DC.

> And one major thing that needs to be pointed out: PGP's key
> recovery system is *voluntary and private*--not mandatory and gov.
> controlled, which is what the Feds and Louis Freeh have been pushing for.
> One potential positive side effect of PGP 5.5 is that it could realign the
> crypto debate and force people to consider this question: Whose back door
> should netizens be more worried about: Big Brother or The Boss?

Nobody denies that your boss has the right to control his equipment
and software as he sees fit, and everybody debating on these lists
agrees that the government does not need access. 

It is also incontrovertable that PGP's CMR implementation is a
response to real demand.

It may be less obvious, but despite what PGP claims, a significant
fraction of this demand is for the ability to SNOOP, and not just data
recovery.  *All* the debate on this list implicitly takes the 
employee's side, not the management's side, and that is a serious 
lack.  The unpleasant fact is that managers NEED TO BE ABLE TO SNOOP.  
It is terrible to work for an employer who will snoop, but it is 
just as terrible to have dishonest employees.  It doesn't take a 
genius to realize that the existence of dishonest employees is a
primary motive for management snooping.

Clearly, there are some organizations for which this is more important
than others -- financial services companies are only the most obvious
example. 

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html






Thread