-----BEGIN PGP SIGNED MESSAGE----- on or about 971011:1040 Alan <alan@ctrl-alt-del.com> was purported to have expostulated to perpetuate an opinion: +At 10:22 AM 10/11/97 -0700, Tim May wrote: +> +>-----BEGIN PGP SIGNED MESSAGE----- +>Hash: SHA1 +> +>I predict that nearly every company which enforces the PGP 5.5 corporate +>snoopware will in fact routinely convert every incoming and outgoing +>message to plaintext for searching by keywords, topics, etc. +> I really think you are overreacting on this one --sure some will, but corporations who reduce employees to a level of "distrust" will find the employees doing same as they become inurred with the attitude that they are distrusted --so why not? +>This would be analogous to every phone call, incoming and outgoing, being +>recorded. +> stockbrokers work under those conditions, and have for years. dispute resolution +>Except that instead of having security people _listen_ to each +>recording, +> voice recognition software today easily handle a conferance call with more than adequate accuracy to support digital keyword sorting. NSA has been doing that for years, and the software is at the PC level now. +>the messages can be glanced at quickly, marked for further +>review, compiled into dossiers, or searched for the keywords of interest to +>the security people. +> same reason as above; if you give no level of trust, you will have no level of respect or honesty. employers also realize that the "mental health" and attitude of their employees is critical to job performance --and employee retention; turnover is expense in more ways than money. to blanket label corporations to scan for keywords in all cases is like saying all Southern slave owners were Simon Legree --which is patently absurd since destroying or dehibilitating the collateral was damaging to their personal finances. sure, there will be bad apples... personally, I have seen secure facilities where you check your fingers in at the desk... and, you need to whiz, you are not only escorted to the porcelain, but the security guard will be right next to you. +>(Please note that I am not saying such phone call or e-mail monitoring is +>illegal, or should be illegal. A property owner is free to define his own +>policies for how he uses his own property. This includes company phones, +>company computers, and even the time of employees while they are on his +>premises. The issues are not the legality or ethicality of such recordings +>and monitorings, but the dangers. And whether people such as ourselves +>should help build or deploy such surveillance capabilitities. Or work for +>companies with such surveillance policies.) +> it sounds trite to say that if we do not, someone else will. I would rather believe we should be involved in the project to a) try and maintain a reference point of "wisdom", and b) even more importantly, to *know* there are no further trap doors, etc. 'know thine enemy' +>I further predict that this will actually _increase_ the amount of e-mail +>surveillance being done. Whereas today it is of course easy for companies +>to surveil unencrypted employee mail, I doubt that most of them do. But the +>adoption of snoopware like PGP 5.5 will raise the consciousness of company +>security people. "Hmmhh, maybe we ought to buy some of those e-mail keyword +>analyzers and combine them with our new purchase of PGP 5.5? If our +>employees are encrypting, we'd better keep tabs on them." +> law of diminishing returns. employers are sensitive to employee grousing. second, if the system is using keyword search, it should be coming up blank in personal mail. as for the libel message to sue@m$, the message should not have been sent --PGP or no PGP. get a hotmail account! +>By building in such easily-enforceable snooping capabilities, and by +>building in such things as the ability to reject even _incoming_ e-mail +>which has failed to encrypt to the corporate key (as I understand the +>product), this greatly moves us toward a surveillance era. +> +>Is this what "Pretty Good Privacy" really stands for? again, get a hotmail account. either PGP provides a complete range of control in the SNMP goody or systems with less flexibility will be deployed, systems that are truly GAK. the real issue for cypherpunks, and the whole range of the privacy forums, watch lists, Declan, Meeks, whatever is to broadcast the fact that PGP 5.5 can be used for storage key levels which most of us are willing to accept. stand up and be counted on the soapbox. I have been involved in crypto since a lot of years before DH and RSA were published. I never really thought about separate signature and encryption keys I actually encryt very little, but sign everything --and am in the process of REXXing a script to sign html documents for email. that is the purpose of discussion; even old dawgs can learn new tricks occasionally. +I seem to remember that it was just this sort of feature set that Phil +Zimmerman was grousing about when ViaCrypt came out with their +"Business Version". It was used as one of the reasons for his takeover +of ViaCrypt. +I guess it shows you just how much influence he has on PGP inc now... no, not how much influence Phil has at PGP, but how much influence the needs of business influence Phil and PGP. look at it this way. the boss is the employee of the customers. +"We have always supported the needs of law enforcement. We have always +been at war with terrorists and law breakers." - Winston Zimmerman yeah, right. dont you mean 'Neville Zimmerman'? -- "When I die, please cast my ashes upon Bill Gates. For once, let him clean up after me! " ______________________________________________________________________ "attila" 1024/C20B6905/23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: No safety this side of the grave. Never was; never will be iQCVAwUBNEJTUL04kQrCC2kFAQFOqwP/VSF0J57tdkeNORshR8+zx363wPMyEjlA 7b1wvRs25dHP3jL3NBttKgt7PPMCrDCgZe+xZVnTTsn+I74tLrNr9NO6kvOMYi8d WlHQJL5P5uelkMsdK2xAvaf5MoKLYEIX4TjIKsurvcyKhgdqs7ls3A2zh6LCXg3g Qjk+ZVTnuUA= =nfbf -----END PGP SIGNATURE-----