On Sun, Oct 19, 1997 at 10:54:18AM -0700, Tim May wrote:
I'm not sure the people who wrote the U.S. laws had a clue, either. (Check out Dan Bernstein's report in sci.crypt on the latest appeal arguments of the government side in his case...the Feds are arguing that the First Amendment (to the U.S. Constitution) does not protect speech that may be read and acted upon by computers!).
Ohoh. How interesting. But they have to define what they mean by acted upon computers, and we are back to a technical issue they don't understand. But does the judge understand this issue better ? If I recall correctly my CS classes, translating plain english to computer code is doable, and depending on what rules you use for lexical and syntaxical issues you would get different codes. Wether you can do something with it is another issues, of course... Somehow if they follow this heuristic, they will have to ban speech recognizion software (which would be bad for me as my research has potential applications exactly there).
corporate and institutional purchases. It's not too surprising that the security staff at Random Corporation and at the University of Middle America want access to all communications...if it were up to them alone they'd have video cameras scattered everywhere.
eheh, I had an argument with my local (PU) system administrator, and at some point he said "and what are all mails coming from cypherpunks anyway ?" (I hope he reads this one...). So, they are already snooping, by fear, or because in a moment of boredom, they look at the mail log (the same way phone operators in the old days were listening to calls, I guess. Part of human nature)
And as for the University of Middle America, wait until professors and students discover that UMA bought PGP 5.5 Snoopware for Sysadmins and that communications with other professors, other employers, etc. will be subject to snooping by some low-level security employees.
Somehow, I can play the devil advocate and argue that it would be better than the current situation where: 1) people don't use encryption at all 2) networks are weakly secured and snooping is easy 3) people use e-mail without thinking it can be snooped, archived, and reused later, unlike, say, a phone call. If you tell a professor that any student can easily read his e-mail but that with this nice pgp5.5 software it will be no longer the case, he might embrace it readily, even if on the long run and on second thoughts it might not be a good idea.
What I expect will happen with CMR and CAK is that employees or professors or whatever who really need confidentiality--and their are many valid reasons for this--will use either their own products (probably freeware, to boot), or will use non-company accounts. The professor at UMA who doesn't want administrations snoops monitoring his e-mail will use his AOL or Netcom account. As we are already seeing today. If his institution has a firewall preventing such services from being connected to (itself a hardship), he'll just wait until he gets home and send his sensitive mail then.
Somehow, and even if I perfectly agree with you, you forget to see that while this may be true for professors from, say, CS, Engineering, Math, it won't be true for others which don't have the technical background to understand the problems and their solutions. I guess what I am saying is what seems obvious to you, me, and probably most of the readers is not the the general public. And the group of all professors at UMA probably reflects this. Unfortunatly I don't have any solution to the advertising crypto problem. My best hope is that within a generation people will understand the technical issues and the underlying social implications of the way you make implementations. I fear it might be to late then...
I advocate KISS, "Keep it Simple, Stupid," for the OpenPGP effort. Let PGP, Inc. go off on quixotic crusade to provide snoopware for corporations and universitites, and let the market decide.
Yes and no, as I said before it's not clear what the market will decide, if people who make key buying decisions don't do the right thing. Once every single university is equipped with pgp5.5, it's not that easy to go back. And because of their reputation capital, people are more likely to buy the product blindly. Sounds scary ? I don't believe in conspiration theory, usually stupidity, ignorance and such are enough to make bad things happen. And we see it now. F. -- Fabrice Planchon (ph) 609/258-6495 Applied Math Program, 210 Fine Hall (fax) 609/258-1735