At 5:14 PM -0500 10/31/00, Declan McCullagh wrote:
I spent perhaps half an hour on the phone with Austin Hill this afternoon. Here's what we discussed. ... * ZKS will offer to store keys. "That includes us holding encryption keys." Austin described the key-splitting the same way Adam has here. He refused to say whether or not a third-party (Joe's Escrow Service) would ever hold keys.
Except for the very specialized case of protecting against loss/forgetting of passphrases and keys, it's hard to imagine how Alice's privacy is ever enhanced by having a third party hold keys. I'm assuming there's some byzantine protocol being planned in which Alice's secrets (medical files, purchasing preferences, tax information, etc.) are somehow distributed such that various hospitals, insurance companies, etc., cannot link information to Alice. A worthy research topic. But maybe a bit ambitious for a start-up company with a (reportedly) high burn rate to be launching, it seems to me. If not this byzantine protocol, what? If Alice supplies personal information to Bobco, he has it, period. A hospital, for example, has this personal information. Hospitals leaking or selling or sharing this information is indeed a pressing concern, but one not readily solvable with technology. It's like the various schemes to delete information before it can be saved to hard disk..these schemes just don't work: if human eyes can see something, or if ears can hear it, then cameras and sound capture cards and so on can bypass the attempted erasures. Likewise, if Bob's General Hospital knows who Alice is, then the game is up. Period. Technology can't do much about it. Stuff about splitting keys or having third parties involved just doesn't change this basic ontological fact. (There are, of course, cryptographically respectable protocols for anonymous testing, for blinding of test results, etc. Some even use coin-flipping protocols. But I gather that this is not the market ZKS is seeking to enter.) I look forward to hearing more from ZKS about what, exactly, this new system is. Much of the press release was typical press release junk about privacy being important, corporations seeking to fully maximize their paradigms, etc., etc. But some of it talked about key splitting and local laws, which is usually worrisome to paranoid folks like us.
* ZKS appears to be targeting heavily-regulated areas like medical and financial sectors. They will come in, set up a privacy-protective system, perhaps provide some ongoing service, and (if so) collect ongoing fees. In those cases, "a consumer solution like Freedom allowing anonymity doesn't fit that market."
"Collect ongoing fees." I'm not knocking free enterprise, but there are often problems with business plans which seek to find ways to collect fees. The most successful companies I've seen have started with a product idea, often already in prototype form (Cisco, Sun, Intel, Apple, etc.) and have then gone very quickly into production. Having 100 engineers working on Freedom, as was claimed today, and yet having essentially no users of Freedom nyms visible a year later, suggests... And moving toward a vague focus on solving customer privacy problems... Well, I have no reason to wish them poor luck. But it doesn't sound too promising. I really do hope I'm wrong and that they provide interesting products for customer privacy and do well with them.
* Austin mentioned cell phones/wireless as a major area. He envisions services such as if you call 911, your info is revealed, but not when phoning other numbers.
A fair enough analogy. One worth pursuing. The whole CallerID situation, and various state and national laws re; 9-1-1 services, took years and years to unfold. I would expect the same thing with online ordering, except that it will take even longer, IMO. There are some interesting "credentials without identity" protocols which desperately need to be implemented. An example: a credential which someone can present to a pharmacist which allows a drug, e.g, an AIDS drug, to be picked up...without revealing identity. Alas, so many pieces need to be put together to do this that it seems almost hopeless; certainly a startup company cannot afford to spend the many years it would take to deploy this kind of system.
* Tim below suggests that "Wouldn't a better approach be for Alice to protect her own privacy?" The answer, generally, is yes. I suspect the Brands patents can do much to that end. But Austin seems to be envisioning a market in which *some* third party in the transaction, be it a business, intermediary, or ZKS, possesses personal info about customers and only receives what is necessary.
The first level of protection is for Alice to reveal as little as she wishes and to not trust others with information which may damage her. So she should not give out her passwords over the phone, or online. And she should not reveal her AIDS diagnosis by buying AIDS drugs at her local pharmacy. And she should not be ordering books on bomb-making and terrorism through Amazon. However, once Alice has given Bob this damaging information, the jig is up. Bob knows her passwords or her AIDS status or her preferences in books, whatever. And Charles may know other things. And Dave still other things. Now, can any protocol stop Bob and Charles and Dave from pooling their information they each have collected on Alice? Nope. The point is to unlink Alice's identity with the items she purchases, the medicines she needs, the books she buys. Which is why remailers, digital cash, proxies, and suchlike are interesting. Perhaps ZKS is planning to unveil robust versions of all of these things. If so, I applaud them. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.