Adam Back wrote:
Anonymous writes:
I thought that was the whole point of the PGP design. It makes the presence of third parties clear and visible to all participants. This seems to be the fundamental principle.
I have noticed serveral PGPers use this fallacy also. ... It matters not one whit what `statement of intent' you mark PGP CMR extended public keys with. That statement is semantically meaningless as a design principle because it is utterly unenforceable.
Since I am always right, let me give you the benefit of my thoughts on a few things. (No need to bow at my feet, I'm always willing to help.) I have no doubt that the government's framing of the Escrow/Recovery debate has had an influence on those companies who wish to be compliant enough with emerging standards to remain in business. In a perfect world, those with 'good intentions' would have the time and resources to do things totally 'right,' both in a technological manner and in exercising the highest standards of principles and ethics. In reality, the industry is moving so fast that any company who dallys about, trying to make the perfect product, might well find that 'Pretty Freeh Privacy' has the encryption market locked up, and besides, they don't make Intel CPU's any more--that was _last_ week. PGP is being castigated for, by way of analogy, not producing a gun that can _only_ be used for self-defense, and _not_ for killing the (imaginary) innocent. Unfortunately, for PGP, this is not unreasonable, since PGP's reputation capital was built on a level of standards and integrity which go far beyond *only* business concerns. Phil Zimmermann, before he sold out his principles (just kidding!), wrote a documentation for PGP which did not contain a Madison Avenue pitch assuring the user that if they used PGP on their work machine, they could let rapists and murders use it, without fear of their encrypted home address being compromised. I truly believe that much of PGP's reputation is a result of people reading the documentation and having the program's author point out the _weaknesses_ and _vulnerabilties_ in his product, pointing out what it could and could _not_ do. I respected the points that Jon was making in his first long post defending PGP's new product, but I was also saying, "Bullshit!" as I read on. Why? Because while the benefit of the software lies in what it _does_ do, the danger lies in what it _doesn't_ do. How can Jon convince me that the PGP product is their best possible effort, to date, and that PGP will strive to improve the product's ability to resist misuse by fascists, while giving the individual user as much knowledge and control as possible in the product's use? He can do so by telling me that he wakes up at night, screaming, in fear of having helped to create the crytp equivalent of the atomic bomb, when the product is in the hands of the fascists. (Not that I expect him to be stupid enough to say this on the product packaging.)
There can be no enforcement of statement of intents. All you can do is hope that companies are not lying; encourage them to behave in ways which you consider ethical.
Governments, corporations and crypto munitions don't kill people. People kill people. When death camps are computerized, the software used will be named, "I Am Just Following Orders." ("I don't put the in in the gas chambers, I just boot the computer.") I have to admit to being somewhat amused by Jon taking a Cypherpunk to task for being loud, rude, and ranting. Is this your first time on the list, Jon? The Right Guy ~~~~~~~~~~~~~ Tomorrow: The Solution to World Peace