On Wed, Oct 22, 1997 at 03:08:07PM -0700, spencer_ante@webmagazine.com wrote:
With all due respect to Tim May:
As a person whose been at work on a very long feature about PGP Inc. for Wired, I can tell you that businesses really don't care that much about PGP's civil liberties advocacy. In fact, its rep could hurt as much as help them. The Fortune 500 is much more pragmatic: They want solutions that work, that help them maintain security for their intellectual property and capital. To that extent, PGP 5.5--which enables IS directors to manage a public key infrastructure and enforce company-wide security policies-- is a step in the right direction.
But with this new product, I agree that they run the risk of alienating their core user group of cypherpunks and hackers.
Alienate some, for sure. It doesn't really matter, though. Cypherpunks and hackers don't have a monopoly on intelligence -- there are plenty of people who will hack crypto for food. PGP can't make a go of it on free software, and they can't live forever on investor financing.
Encryption is a very complicated topic that doesn't lend itself well to sloganeering and histrionics.
Eh? GAK, GAKWare, Big Brother Inside, Four Horsemen of the Infoclypse, etc, etc,etc Sloganeering and histrionics are the very lifeblood of this list. It would die in days if it were limited to rational discussion... And of course, sloganeering and histrionics are just as prevalent in the crypto debates in DC.
And one major thing that needs to be pointed out: PGP's key recovery system is *voluntary and private*--not mandatory and gov. controlled, which is what the Feds and Louis Freeh have been pushing for. One potential positive side effect of PGP 5.5 is that it could realign the crypto debate and force people to consider this question: Whose back door should netizens be more worried about: Big Brother or The Boss?
Nobody denies that your boss has the right to control his equipment and software as he sees fit, and everybody debating on these lists agrees that the government does not need access. It is also incontrovertable that PGP's CMR implementation is a response to real demand. It may be less obvious, but despite what PGP claims, a significant fraction of this demand is for the ability to SNOOP, and not just data recovery. *All* the debate on this list implicitly takes the employee's side, not the management's side, and that is a serious lack. The unpleasant fact is that managers NEED TO BE ABLE TO SNOOP. It is terrible to work for an employer who will snoop, but it is just as terrible to have dishonest employees. It doesn't take a genius to realize that the existence of dishonest employees is a primary motive for management snooping. Clearly, there are some organizations for which this is more important than others -- financial services companies are only the most obvious example. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html