From: "Attila T. Hun" <attila@hun.org>
Date: Mon, 13 Oct 1997 12:08:52 +0800
To: Jon Callas <cypherpunks@cyberpass.net>
Subject: GET OFF THE DIME: PGP 5.5: Attitude
Message-ID: <19971013.035233.attila@hun.org>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

    There is one all important consideration in this debate:
 
        would you rather have PGP, Inc. with its preeminent 
        stature in the defense of freedom, freeware, and
        privacy as well as an established, TRUSTED product 
        defining THE system which meets the need of the 
        free world business, but is not selling out to 
        GAK or CAK? 

        or, would you rather see IBM, HP, TIS and others with 
        their GAK products and potentially even backdoors?
        are any of these vendors even planning to give us 
        source code so we might have a warm and fuzzy feeling
        until someone blows a hole in it 10 years from now?

        or, how about Bigfoot from the jungles of Redmond? 

        PGP is the *only* small business with a name for
        the corporate MIS types.

        the answer is simple; stop arguing, squat, and move.

    When I initially composed this message it read:

        now, if the idealists, and the opinionated pragmatists
        would actually reflect on exactly what Jon Callas said,
        starting with Locke, instead of what they "think" he
        said, they might understand the philosophy for data
        storage and recovery which PGP is proposing versus GAK
        or CAK which PGP is not proposing.

        the more vituperative among us can be dismissed out
        of hand as the issue is less of personal privacy than
        it is one of reasonable property protection, 
        documentation, and defensible security provisions.

    Jon Callas generally stated the problems adequately, and the 
    solutions or conventions, in the running duels; unfortunately
    Jon is on the wrong side in an anarchic forum: as the bear;
    Jon's protagonists are the dogs, and we all know the results of
    the bear pit. truth was not a problem per se, just reason.

    as I think I made clear in my original FOCUS presentation, GAK 
    (or CAK) must be dismissed out of hand. The issue reduces to: by
    what means is general responsibility accomplished? most ignored
    my premise, the few attacked for the same reason they always
    attack: crypto-anarchy, take-no-prisoners, or the only good
    JAKer [sic -freudian] is a dead one.

    historically, all of the elements of multi-key encryption
    with separate keys for signing, transmitting, and archiving
    have been available options with scripts or program wrappers 
    since PGP burst on the freeware zone in its present incarnation.

    Meanwhile, the battles raged on with the defiant pragmatism
    of Adam Back balanced by Bill Gieger's careful affirmation of
    my premises in my prior FOCUS message response to Jon Callas: 
    there is nothing in PGP 5.5 which can not be done with scripts
    and PGP 2.6. In fact, I stated my policy: session key and
    storage key. I had not implemented a separate signature key,
    but will be limiting my current public key to a signature key;
    and, creating a new encryption key. a good point, and well 
    taken.

    other than possibly Bill Gieger, not one of the cypherpunk
    idealists, nor rationalists, in this thread has ever been 
    required to face the realities of an employer.  if they had been
    or are employers, they would understand all the perqs they
    presume are freebies or rights, are mere privileges --including
    personal freedoms not in the interest of the employer during
    company work periods, on company premises, or representing the
    company outside the facilities.

    I empathize with Jon Callas' complaint about the blues, and his 
    plaintive "wanna trade" comment to Adam, but the blues come
    with the turf; likewise, the position of the buck stops here 
    gives the idealists another nail for the coffin they have
    conjured for Jon and PGP "selling out to the enemy".

    the occupation of employer can be one of the least satisfying 
    ways of living; department heads are not far behind --it's all
    about personal (not personnel) relations and diaper changing.
    as a scientist and developer, I never really enjoyed the 
    boss tasks; more than once, I closed out when my function
    deteriorated to leader of the nursery.

    If PGP, hopefully with support, cooperation, and assistance from
    Cypherpunks, can offer workable and tenable solutions, which can
    satisfy the real needs of business for defensible audit trails,
    and which offer basically the same protection as current paper
    storage trails, PGP may be able to deploy their system as the 
    *de facto standard* before any of the other systems take root.

    If PGP does not provide workable solutions for business, from
    simple PGP 2.6 to the SNMP managed "enforcer" and a simplified
    "frying the egg" means of establishing filing systems which meet 
    both the overall needs of the business and the compartmentalized
    needs of restricted area and secure operations, some one else 
    will --and corporate {a,im}morality applies their myopic vision
    only to the bottom line --GAK.

    for instance, if PGP can deliver *encryption management systems*
    which can provide control of the entire spectrum of corporate
    needs, perceived or real, such as:

      * no key escrow or management key (preferred, obviously)
      * session key with storage key (incl. some multi-key)
            group, department, corporate, etc.
      * multiple public key encryption (foolish for external)
      * limited CAK (certainly not desirable)
      * general CAK (an unreasonable sin)
      * GAK (the unpardonable sin)

    they have given business the *choice* of system management. It 
    is important to keep in mind that the basic PGP product will
    do any of these formats as it currently stands with external
    controls. different business models have different levels of
    security requirements. hard core cases will buy in because they 
    understand GAK and their foolish corporate mentality has no
    concern for the individual --get it installed, and the troops
    will push to bring it back to the preferred model using company
    security, not employee privacy, as the argument.  

    better GAK with PGP than asking PGP to refuse to permit the use 
    of their product in a GAK/CAK environment. GAK and CAK have no 
    relationship to PGP --they are a corporate mindset and there is
    absolutely nothing PGP or cypherpunks can do about it --except
    educate the customers that there are far more secure methods of
    date recovery than hanging their shorts out in public for big
    brother to cut the clothesline.

    In other words, why should any cypherpunk, except our resident
    nihilistic anarchist, object if PGP's SNMP system provides
    industry with tools which can deploy the **less** objectionable
    control systems?  or even the objectionable ones?

    if PGP does not or is not willing to provide the systems, and in
    the absence of these tools from an alternative *trusted* source,
    we will see GAK, just plain unabridged GAK, the simplest means to
    control for the Corporate Operations Officer (COO), or some
    other equivalent abomination spreading across the land like the
    ominous black cloud roiling across the land from an oil refinery 
    fire.

    major corporations, most of them victims of many years of
    litigation, subpoenas, and judgements with their peers and 
    with the government will just cave in to GAK --it covers all the
    bases, albeit very insecurely, but that is the fire next year: 
    worry about tomorrow tomorrow.

    despite the general hue and cry of selling out to the enemy 
    which arose in cypherpunks with the PGP defense department 
    contract, as long as PGP 5.5 and its SNMP enforcer are
    implemented as Jon Callas claims, that contract may be the best
    government friend this community has today. PGP will be placing 
    a product which covers the full spectrum of "privacy invasion"
    within the forces of evil.

    there are two ways to define a product in a market of this 
    magnitude, a market which matches David and Goliath. PGP, by
    virtue of its freeware status is the standard the world over;
    by selling to the enemy, PGP will have proven it can be all
    things to all people --use what you need from it.

    Bubba/Goliath has been rumbling and jousting, but his own parts
    are buying the product that works.  a very critical point.

    secondly, by market penetration, F{reeh,uck} is left standing in
    the middle of street, pulling his short arm.

    but if David fails to hurl that stone, Bubba will hand us GAK.

    the real issue in privacy is where does privacy begin, and 
    where do corporate rights and responsibilities start, and do 
    private rights end?

    defined classically: on company premises there is little if any 
    legally enforceable individual privacy regarding communications. 

    in NY brokerages, it is well known that brokers have their usual
    company computers, and a laptop with a modem, often wireless.
    if they are overly concerned there is always ssh --not ppp.
    even then, they are on company premises with company power and
    lights....

    however, this discussion is intended to focus on business 
    communications, not their ethics, or lack thereof and not 
    personal communications which should be inviolate, and performed
    away from work.

    the corporate paper trace works two ways --proving you did what
    you said you would, or would not do --or as I put it to 
    subordinates in a hatchetman cleanup: CYA on the sins of
    commission and omission. 

    proper maintenance of paperwork, in an auditable form, is not 
    just a sieve to collect fodder for big brother; you can, and
    should protect (or hang, of course) yourself with paperwork.
    Obviously, if you are engaged in questionable, unethical, or 
    illegal practices, saved paper is dangerous; I can not imagine
    Bill Gate$ archiving notes or email <g?>.

    the real goal is "safe" record keeping, just like paper copies; 
    
    no-one likes employer snooping (or employee snooping). 
    unfortunately, the long running trust and honesty of years
    ago is not justifiable today, so there are rules.

    as for government snooping, give 'em a freeway salute.

    whether it is storage keys for Adam, or session keys, whatever,
    the issue is the same: anything you do to abridge the simplicity
    of the key pair is a potential privacy problem --as well as an 
    additional opportunity for breach of security. 

    the paper equivalent of one encryption key which can be lost is
    placing the paper copy in an access proof, unpickable safe and
    losing the key --and the safe self-destructs when tampered.
    would these same people place their only paper copy in this
    safe? (probably, since "losing" your key is generally 
    described only as your bad karma).
    
    master keys are foolish and I dismiss GAK or CAK out of hand.
    encryption and filing policies which include a session key, a
    department key, or something which gives some sense of
    information security is preferable to the master key.  the more
    diversity, the more security.

    I also believe it is preferable to encode the message twice: 
    once to the recipient(s), the second with the company provided
    session key, whatever level. the logic is that using a separate
    encoding pass (which obviously must be essentially simultaneous)
    is less risky and a little less tacky than sending a message
    with dual keys --small point, but a consideration. it would 
    not be difficult to rework a public key pair engine to dump to
    company records at the same time the communication record is
    released.

    as a comparison to the abuses which inherently will evolve with 
    GAK:  prisoners, convicted felons:  murderers, rapists,
    pedophiles, etc. have more rights than "free" men (even though
    felons' civil rights are stripped for life at the time of
    conviction).

    censors for the incarcerated are only allowed to check incoming
    mail for money, drugs, weapons, eg: contraband; they are not
    permitted to slit the outgoing envelope. in addition to the 
    regulations, the intelligence level of a hack would not
    understand the shading of allusions in plain text! even Dapper
    Joe Gotti, the Teflon Don, is entitled to the privacy of his
    personal correspondence unless there is a show cause order.

    to be both honest and pragmatic, certainly the privacy rights of
    some of some problem prisoners are violated.

    theoretically, GAK and CAK would be acceptable in a perfect 
    world, and if the federal government and the rest of the
    information snoops would unfailingly adhere to Constitutional
    "commandments." human nature has proven more than once, and it 
    will prove it again, it is not likely everyone will be
    incorruptible. in fact, I will go so far as to say that 
    *everyone* has a price --even Tim May <g>.

    however, anybody who has eyes or ears knows, comprehends, and 
    accepts that all governments rule by power --even the United
    States; and, that the control of information is the power to
    control. today, it is even more accepted that governments are,
    at best, a necessary evil --and corrupt, paranoid, and nosy
    governments at that; one which will violate your rights if it
    is, or they think it might be, in their interests to do so.
    
    few do not know that our governments are rotten to the core on
    privacy issues; the US, even more than the other members of 
    Western society, has been abrogating, and will continue to
    perniciously abrogate, our rights.

    unfortunately, each centralization of the filing system permits
    the government, or lawyers litigating, a clearer path of access. 
    
    in reality, encrypted electronic records are significantly safer
    filing cabinets than those filled with paper, but they are still
    records maintained. paper filing cabinets are fast disappearing;
    records are either microfilmed, or converted to bits, or both. 
    Xerox, for instance, has a combination system which maintains an
    optical image and a scanned text digital image which can be
    processed with pattern recognition, etc.

    people say the damnedest things in email without thinking. 
    given the ubiquity of computers, data recovery advances, and
    governmental intentions, everyone, whether or not it is personal
    or business, needs to learn the virtue of compartmentalization;
    files need to be organized: separate the necessary documentation
    from the routine and sublime --purge the latter regularly from
    visible system. following this procedure is not illegal if it is
    a regular practice, and, even more importantly, it is not
    performed to obfuscate or impede an investigation, civil or
    criminal.

    fundamentally, the worst thing we can do is permit the government 
    to think they gained something by necessary business practice on 
    the way to their perverted goal of transparent crypto. there is 
    no question they will use their standard ploy that we have 
    already agreed to backup procedures for data storage safety 
    --so what is the difference if you permit us to maintain a key;
    remember, we're from the government, and we're here to help you.
    trust me-- yeah, right! 

    on the other hand, we should be encouraged by the decision of 
    the European commission to totally stiff the U.S. request for 
    them to comply with the F{reeh,uck} mandate; likewise, they 
    chastised the French. The difference in France v. the US is that
    if you do not ask the French government, they do not tell you: 
    "no". 

    If the European commission does follow through with their
    intentions, and I have no doubt they will as European
    politicians recognize both security and discreetness, they will
    be submitting EC legislation before the end of the year
    encouraging strong encryption both to facilitate commerce and to
    protect against the criminal elements; they fully realized the
    folly of expecting criminals not to use strong encryption even
    if it is illegal. firearms in the hands of criminals are also
    illegal. 

    either F{reeh,uck} and Bubba can get off their horses and sell
    the EC hardware and software, or they can lose it all.
    Interestingly. the software will probably be PGP --except the
    revenue will not come home to PRZ, let alone America. Great 
    trade policy, Bubba. where did you say you're from? Arkansas?

    the actions of the more pragmatic, and obviously privacy
    conscience, European leaders only paints a sharper contrast with
    the intentions of the U.S. government. 

    have no doubt, the U.S. government is no different than Lucifer
    who intended to remove from mankind any choice. the actions of
    the U.S. government since the Civil War have been an insidious
    assumption of centralized power, including unaccountable police,
    and a systematic plan of supposed emergencies to expand the
    control of the few at the expense of the many.

    when the smoke of the battle clears, if PGP is not its original
    pristine, highway salute to the powers that be "old self," any
    "concessions" in behalf of corporate responsibility will be
    judged on their appearance, not the effectiveness of the
    solution. Then the flaming idealists will sing and dance for
    blood, claiming PGP released the dogs of war, beginning the 
    inexorable dance to our doom.

    the disruptive class must be put aside (to argue among 
    themselves) and the rest of need to get down to work:

    we must educate the users, washed and unwashed alike, that 
    "doing business" is not necessarily cozying up to the devil;
    while simultaneously affirming that we can not and will not
    tolerate arrangements with any similarity to GAK, CAK and the
    four horsemen.

    on the other hand, if the government does not disassemble and 
    chastise Bill Gate$, I fear Bill's intentions far more than I do
    the federal government, starting with crash prone mediocrity and
    including Gate$' standard no source code policies-- "trust me".

    sure, Bill, I trust you; just come a little closer....

 --
 "When I die, please cast my ashes upon Bill Gates. 
     For once, let him clean up after me! " 
 ______________________________________________________________________
 "attila" 1024/C20B6905/23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: No safety this side of the grave. Never was; never will be

iQCVAwUBNEGcK704kQrCC2kFAQGkvgP9GdIrtrxBBA/48TZ+VKFStV4pl687EfxH
fKinV1RNgTI33MoTXcxsy7nKRkX6b8PRk6/k33vTiWLwrUPrhFQPL0i49EIBZsfJ
FOTEdGEQE16DosImiFFCGp5TUlG8dx1C9OJeutaWV9D9lBf8zNBilpPUFpbnQdYn
b1Rd7f7ShIk=
=lMeS
-----END PGP SIGNATURE-----