From: “Attila T. Hun” <attila@hun.org>
To: Alan <cypherpunks@cyberpass.net>
Message Hash: c91c221799b258524ecca46a02d39d7bc21cf9cb929dd0f1571455be179ff54f
Message ID: <19971013.163259.attila@hun.org>
Reply To: <3.0.3.32.19971011104004.03eec138@ctrl-alt-del.com>
UTC Datetime: 1997-10-13 22:11:51 UTC
Raw Date: Tue, 14 Oct 1997 06:11:51 +0800
From: "Attila T. Hun" <attila@hun.org>
Date: Tue, 14 Oct 1997 06:11:51 +0800
To: Alan <cypherpunks@cyberpass.net>
Subject: Re: Building the Surveillance State
In-Reply-To: <3.0.3.32.19971011104004.03eec138@ctrl-alt-del.com>
Message-ID: <19971013.163259.attila@hun.org>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
on or about 971011:1040
Alan <alan@ctrl-alt-del.com> was purported to have
expostulated to perpetuate an opinion:
+At 10:22 AM 10/11/97 -0700, Tim May wrote:
+>
+>-----BEGIN PGP SIGNED MESSAGE-----
+>Hash: SHA1
+>
+>I predict that nearly every company which enforces the PGP 5.5 corporate
+>snoopware will in fact routinely convert every incoming and outgoing
+>message to plaintext for searching by keywords, topics, etc.
+>
I really think you are overreacting on this one --sure some will,
but corporations who reduce employees to a level of "distrust"
will find the employees doing same as they become inurred with
the attitude that they are distrusted --so why not?
+>This would be analogous to every phone call, incoming and outgoing, being
+>recorded.
+>
stockbrokers work under those conditions, and have for years.
dispute resolution
+>Except that instead of having security people _listen_ to each
+>recording,
+>
voice recognition software today easily handle a conferance call
with more than adequate accuracy to support digital keyword sorting.
NSA has been doing that for years, and the software is at the PC
level now.
+>the messages can be glanced at quickly, marked for further
+>review, compiled into dossiers, or searched for the keywords of interest to
+>the security people.
+>
same reason as above; if you give no level of trust, you will have
no level of respect or honesty. employers also realize that the
"mental health" and attitude of their employees is critical to job
performance --and employee retention; turnover is expense in more
ways than money.
to blanket label corporations to scan for keywords in all cases is
like saying all Southern slave owners were Simon Legree --which is
patently absurd since destroying or dehibilitating the collateral
was damaging to their personal finances. sure, there will be bad
apples... personally, I have seen secure facilities where you
check your fingers in at the desk... and, you need to whiz, you are
not only escorted to the porcelain, but the security guard will be
right next to you.
+>(Please note that I am not saying such phone call or e-mail monitoring is
+>illegal, or should be illegal. A property owner is free to define his own
+>policies for how he uses his own property. This includes company phones,
+>company computers, and even the time of employees while they are on his
+>premises. The issues are not the legality or ethicality of such recordings
+>and monitorings, but the dangers. And whether people such as ourselves
+>should help build or deploy such surveillance capabilitities. Or work for
+>companies with such surveillance policies.)
+>
it sounds trite to say that if we do not, someone else will. I would
rather believe we should be involved in the project to a) try and
maintain a reference point of "wisdom", and b) even more importantly,
to *know* there are no further trap doors, etc. 'know thine enemy'
+>I further predict that this will actually _increase_ the amount of e-mail
+>surveillance being done. Whereas today it is of course easy for companies
+>to surveil unencrypted employee mail, I doubt that most of them do. But the
+>adoption of snoopware like PGP 5.5 will raise the consciousness of company
+>security people. "Hmmhh, maybe we ought to buy some of those e-mail keyword
+>analyzers and combine them with our new purchase of PGP 5.5? If our
+>employees are encrypting, we'd better keep tabs on them."
+>
law of diminishing returns. employers are sensitive to employee
grousing. second, if the system is using keyword search, it should
be coming up blank in personal mail.
as for the libel message to sue@m$, the message should not have
been sent --PGP or no PGP. get a hotmail account!
+>By building in such easily-enforceable snooping capabilities, and by
+>building in such things as the ability to reject even _incoming_ e-mail
+>which has failed to encrypt to the corporate key (as I understand the
+>product), this greatly moves us toward a surveillance era.
+>
+>Is this what "Pretty Good Privacy" really stands for?
again, get a hotmail account.
either PGP provides a complete range of control in the SNMP goody
or systems with less flexibility will be deployed, systems that
are truly GAK.
the real issue for cypherpunks, and the whole range of the
privacy forums, watch lists, Declan, Meeks, whatever is to
broadcast the fact that PGP 5.5 can be used for storage key
levels which most of us are willing to accept.
stand up and be counted on the soapbox. I have been involved in
crypto since a lot of years before DH and RSA were published. I
never really thought about separate signature and encryption
keys
I actually encryt very little, but sign everything --and am in
the process of REXXing a script to sign html documents for email.
that is the purpose of discussion; even old dawgs can learn new tricks
occasionally.
+I seem to remember that it was just this sort of feature set that Phil
+Zimmerman was grousing about when ViaCrypt came out with their
+"Business Version". It was used as one of the reasons for his takeover
+of ViaCrypt.
+I guess it shows you just how much influence he has on PGP inc now...
no, not how much influence Phil has at PGP, but how much influence the
needs of business influence Phil and PGP.
look at it this way. the boss is the employee of the customers.
+"We have always supported the needs of law enforcement. We have always
+been at war with terrorists and law breakers." - Winston Zimmerman
yeah, right. dont you mean 'Neville Zimmerman'?
--
"When I die, please cast my ashes upon Bill Gates.
For once, let him clean up after me! "
______________________________________________________________________
"attila" 1024/C20B6905/23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: No safety this side of the grave. Never was; never will be
iQCVAwUBNEJTUL04kQrCC2kFAQFOqwP/VSF0J57tdkeNORshR8+zx363wPMyEjlA
7b1wvRs25dHP3jL3NBttKgt7PPMCrDCgZe+xZVnTTsn+I74tLrNr9NO6kvOMYi8d
WlHQJL5P5uelkMsdK2xAvaf5MoKLYEIX4TjIKsurvcyKhgdqs7ls3A2zh6LCXg3g
Qjk+ZVTnuUA=
=nfbf
-----END PGP SIGNATURE-----
Return to October 1997
Return to “Tim May <tcmay@got.net>”