At 12:27 PM -0500 10/31/00, Adam Shostack wrote:
On Tue, Oct 31, 2000 at 04:07:18PM +0100, cyphrpnk wrote: | > >Privacy is good business. Companies in every industry are | > >realizing they must institute the proper privacy policies, | > >practices and infrastructures in order to succeed in | > >today's digital economy. Zero-Knowledge Managed Privacy | > >Services provides the tools and strategies that enable | > >business to establish private customer relationships and | > >earn consumer trust while ensuring legislative compliance | > >and mitigating risk. | legistlative Compliance... | Guess Lew Giles or the CSE came to visit
By legislative compliance, we mean compliance with laws. There are no key escrow laws in Canada. There is a privacy law, bill C-6, and we will help companies comply with that.
Let's look at the key splitting aspect. Alice has some secrets she wishes to protect with your product. Or Alice is communicating with Bob and wishes the contents kept secret. Standard stuff. Of course, she could just use conventional PKS tools. Or even Freedom, should she wish the fact of the communication itself to be protected. Standard stuff. But let us say she, for whatever reason, uses key splitting. Charles and Debby are the holders of the split keys. (If either Alice or Bob is the holder of one of the split keys, this is as if the key is not split at all, of course. Modulo some slight work factor issues.) "Ensuring legislative compliance" now talks on a meaning which is completely separate from whether key escrow laws have been passed. Charles and Debby can be suboenaed (not sure what the Canadian, or Iranian, or Baloneystan equivalents are). This subpoena may be in secret, unknown to Alice. Or Alice and Bob. And this process may not happen with just subpoenas. It will likely happen with national security agencies. Without Alice knowing. This is what happens when Alice or any other customer of your product uses "trusted third parties." GAK beats crack any day. This is the danger of building a "trusted third parties" system. And is precisely the reason the United Kingdom was campaigning for this kind of system. By building precisely the tools they and other governments would need to implement such a system, you are making such a system more likely to happen. --Tim May --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.