1997-10-22 - GMR vs. GAK

Header Data

From: Tim May <tcmay@got.net>
To: Adam Back <declan@well.com
Message Hash: d64f6844cb1054aefa3cfd9dcb3384091d33395bc26569f3b153c6ce47efdda7
Message ID: <v03102801b07409336819@[207.167.93.63]>
Reply To: <v03007808b073c711fcb1@[204.254.22.221]>
UTC Datetime: 1997-10-22 20:12:26 UTC
Raw Date: Thu, 23 Oct 1997 04:12:26 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Thu, 23 Oct 1997 04:12:26 +0800
To: Adam Back <declan@well.com
Subject: GMR vs. GAK
In-Reply-To: <v03007808b073c711fcb1@[204.254.22.221]>
Message-ID: <v03102801b07409336819@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 11:38 AM -0700 10/22/97, Adam Back wrote:

>This is one example of why CMR may be dangerous.  Another is the
>danger that we have a couple of years of mass CMR enabled software
>deployed.  Tim has been using the acronym GMR, which nicely says what
>a well deployed CMR software base can be converted to with an over
>night presidential decree.  Lethal.

About "GMR," I use it only because it's a direct parallel to CMR, with
"Government" replacing "Corporate." In fact, as others also suspect, I
anticipate some countries will mandate the precise form CMR is taking in
PGP 5.5, with a requirement that the corporate keys be given ("escrowed" in
the older terminology) to government agencies. This would actually take
very little in the way of additional regulation in many countries--the same
departments of corporations which file various reports with the government
would be compelled to provide keys.

GMR is CMR with the government being one of the keyholders. And the users
need not even be involved in this...all that is needed is an order, or
finding, by the SEC, FTC, IRS, etc., that CMR keys be deposited with the
government.

(When the Justice Department was suing IBM and AT&T and demanding every
scrap of paper they could get, including thousands of boxes of documents,
wouldn't they have surely demanded the CMR keys, had they existed back
then? Were Microsoft to be using CMR, don't you expect these keys will be
demanded by Janet Reno? This, by the way, ought to be reason enough for MS
to abandon its internal programs on message recovery. But I wouldn't be
surprised if failure to adopt CMR is itself seen as part of a conspiracy to
thwart government investigations...speculating wildly, this may be a reason
many companies adopt CMR, and why many other companies eschew CMR.)

In the U.S., there may be various challenges to the constitutionality of
this. Certainly some organizations--hospitals, psychiatric facilities,
newspapers, etc.--will have First and Fourth Amendment claims, e.g.,
protection of confidential sources, protection of medical privacy, etc..
Will XYZ Corporation have such protections? Unclear to me. (Recall the Jim
Choate  mantra that "only individuals have rights.")

I don't mean for GMR to replace GAK, which has served us so well for
several years (since being coined by Carl Ellison, of course). But the
Newspeak everyone is using is "message recovery," with a disaster planning
spin on it (however incorrectly), so maybe we should change with the times,
too.

"GMR" serves to deconstruct and monkeywrench the CMR term.

--Tim May


The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread