I hate to insert a modicum of realism into an otherwise wonderful debate currently taking place on the Cypherpunks list in regard to the saints or sinners (depending on the angle that one is pissing from) at PGP, Inc.(arcerated, if PRZ hadn't folded his hand). However, my Bullshit Meter indicates that bullshit is currently 'en vogue' as the preferred 'opiate of the masses' and that the ultra-fine distinctions between GAK and CMR that are being hotly debated on the list are likely to be largely ignored by the huddled masses, yearning to be monitored. SURVEILLANCE==SECURITY Call it Double Speak or Spin Doctoring, it doesn't really matter. The citizen-units have bought into the 'America's Funniest Home Videos of Law Enforcement Agents Busting Dark Skinned Threats To Decent Americans On Prime-Time TV Thanks To Total Video Surveillance of the Citizenry' message being promulgated by the mainstream entertainment/news media. This is why nobody even blinked when legislation was recently passed which criminalized the possession of toilet plungers, except for those involved in meeting the legitmate needs of law enforcement to shove toilet plungers up the citizens' assholes. (Hell, I usually pay extra for that...) OK, so I just made that stuff up. Nonetheless, it *could* be true at some point in the near future, if DoubleSpeak, NewSpeak, SpinSpeak and I'mTooTiredToFightItAnymoreSpeak become the unchallenged rule of the day (which is not far from becoming a total reality). However, the point which I am not terribly concerned about making is this: The great sin of ViaCrypt/PGP is that they are failing to maintain standards of integrity that are far above that of the large mass of humanity that they are counting on to comprise the bulk of their customer base. What is the quote...??? "Nobody ever went broke underestimating the intelligence of the public." (?) I would very much prefer that ViaCrypt separate their 'Corporate Message Recovery' software from the PGP name/reputation-capital, but I would rather the situation remain as it is than to see PGP/ViaCrypt go under and leave the encryption software field to those with *no* history of 'doing the right thing.' I sincerely hope that the CMR software is the result of those designing it getting caught up in the erronius security concepts being promulgated by those with a fascist axe to grind, and that it is not the result of people of integrity 'consciously' averting their gaze from reality in order to increase their bottom line. If the current form of PGP/CMR is the result of normal diversion of the optimum design, due to the time/monetary pressures of everyday business, then the flaws in the product can be rectified in the future. If this is not the case, then it will be incumbent upon those who are aware of the dangers the technology presents, in its current form, to develop viable methods of circumventing the technology's flaws and/or weaknesses. To tell the truth, my main concern with the direction that PGP/CMR has taken is that there are not many role models left in life, and it would be a shame to lose yet another one due to lack of the character and perserverance that is needed to go against the grain of everyday business reality. The posts to the Cypherpunks list surrounding the issues involved in the current release of corporate PGP have been very enlightening to those of us who count on those such as Peter, Adam, William and others to 'shake it down' from a technical perspective. However, the pros and cons being debated on the list will have little meaning in the long run if those of us who are capable of understanding the issues involved do not take the time, and make the effort, to fully understand the implications involved, and to use whatever influence we have in society and the computer industry to rail against the dangers and work toward optimum solutions to the weaknesses and shortcomings in the technology which can threaten privacy, liberty and freedom. The fact of the matter is, although a company does indeed have a right to exercise control and supervision over their business affairs, they have no right to exercise the same amount of control and supervision over an employee's phone call or email to his or her spouse, or family members, or their communications with the cable company over when they can be present at home to have their cable TV hooked up. If a company has set up a system whereby an employee needs to ask permission to make an unmonitored phone call, or send a personally encrypted email during the course of the business day, then the company and the employee have become adversaries. Governments and Corporations become fascist dictators 'by default.' When they remain conscientious, humanitarian institutions over a long period of time, it is the result of the efforts of those within the governments and corporations to 'make' it so. If man does not rule the machine, then the machine will rule the man. [Women rule *both* (;->)------(<-;)] There is a far cry of diffenence between: 1) "Boss, can I have permission to talk privately, without supervisory monitoring, to my child's doctor, since he/she is sick and the doctor needs to speak frankly and privately to me?" and 2) "Boss, I needed to speak privately to my child's doctor, so I bypassed the monitoring mechanisms and informed my supervisor as to my reasons for doing so." and 3) "Boss, I damn glad I work in one of the few remaining companies where I am trusted to act in the best interests of both myself and the company, and not be spied on over every minor detail out of a sense of mistrust." I realize that we live in a world where the company president (of Borland?) can steal company secrets and take them with him/her to his/her new place of employement. And janitors can go through the garbage to gain access to company secrets that they can sell to the competition. However, I truly believe that TOTAL SECURITY is an impossible goal, and that internal company security should be geared toward making it necessary for outside forces to attack the system in order for the corporate information system to be compromised. The situation within a company is much the same as the situation within a country. Even the most fascist and draconian of rules and regulations will not prevent the anti-fascists and anti- draconians from playing the secrecy/security game better than one's own players. (Or prevent the janitor from inadvertently leaving valuable corporate information lying on the top of the garbage pile.) Corporate Security is not a far cry different from National Security or Private Security. All involve an elliptical curve beyond which 'security' becomes our oppressor, rather than our savior. I have listened closely to both sides of the debate over corporate interests versus government shenanigans, and do not disagree too strongly with either side of the debate. I believe what may be understated is the reality that any government, any philosophy or psychology, any devised system of democracy or security, is dependent upon the knowledge, wisdom and integrity of those who are involved in upholding the concepts underlying it. It matters little whether the Supreme Court is 'stacked' with liberals or conservatives, it is still 'stacked.' It matters little whether we are 'pretending' to listen to the arguments of our 'liberal' or 'conservative' foes, we are still 'pretending' to be men and women of reason. The great danger that exists is that men and women of high intellect and reason will make the mistake of assuming that their fellow primates are working off of the same game sheet as they are. If the same party takes all of the steps backward, as the other party keeps stepping forward, then the word 'compromise' is being misused. Buy a clue... I have no more desire to live in a world full of Dimitri Vulis's than I do to live in a world full of Tim C. Mays. I want to live in a world full of CypherPissers who shoot themselves in the foot as often as they shoot each other in the head, so that the Universe maintains its natural balance. Ignorant incompetence is a far less troubling manifestation than is that of conscious evil. Yet we live in a world that 'condemns' the former and 'compromises' with the latter. What I find troubling is the fact that 'evil' seems to have a game plan, while 'good' seems to be locked in an endless argument over how to proceed so that every aspect of life remains unequivocably 'equal,' no matter whether nature itself cries out against it. In effect, 'evil' is in agreement, and advances, while 'good' is locked in battle with itself, arguing over how many angels can stand on the head of a pin. The longer we refrain from speaking out against the evils of Waco, the more we will be faced with OKC bombings. If all of us had protested loud and long over the Waco injustice, then there would have been no need for the universe to balance it out with OKC. The turbulence and/or violence of our future is dependant upon where we draw the line, as individuals and as a society, where we say, "This far, and no further." The end result of the government's promotion of GAK, or PGP's implementaion of CMR, will not be dependent upon the aims and goals of those promoting and developing the concepts and the underlying methodologies behind them, but upon the willingness or unwillingness of you and I to 'go gently into the night' when we are faced with an opponent who steps across the line we have drawn in the sand to represent our own beliefs and level of personal integrity. The more of us who are willing to compromise by 'moving' that line, the more that Doom closes quickly around us, and we are hung on the cross, with Nine Inch Nails. Bianca ~~~~~~
-- Lucky Green <shamrock@cypherpunks.to> PGP encrypted email preferred. "Tonga? Where the hell is Tonga? They have Cypherpunks there?"
"Alice? Alice? Who the fuck is Alice? Is she a Cypherpunk?"