Quote of the Year: ''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind if they sell a program that has a back door in it, but they shouldn't call it PGP. If your employer can read your mail anytime he wants, without your permission, that goes against the spirit of the PGP trademark." At 4:25 AM -0700 10/5/97, Anonymous wrote:
http://simson.vineyard.net/clips/96.SJMN.PGPBusinessEdition.html ... PRETTY LOOSE PRIVACY [...] Published: April 2, 1996 BY SIMSON L. GARFINKEL ... That has not stopped Zimmermann from complaining loudly about the PGP name being used in a product that allows someone other than the author or the intended recipient access to information. Viacrypt owns the licensing rights to sell the commercial versions of PGP.
''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind if they sell a program that has a back door in it, but they shouldn't call it PGP.'' [...] ''If your employer can read your mail anytime he wants, without your permission, that goes against the spirit of the PGP trademark,'' said Zimmermann.
Pretty Good Point, I'd say. And we ought to keep quoting these comments. I agree that an employer has a "right" to read employee mail, sent on company time with company resources. However, a program which facillitates this has no business being called "Pretty Good Privacy." As Phil notes, it goes against the whole spirit of PGP. It's surveillance, pure and simple. Further, while businesses have every right to monitor their workers (Hey, I'm not saying I _like_ this, just that the alternative of banning such monitoring would be abusive to a property owner's rights), we should not be _encouraging_ the spread of such technologies. Especially given the very real risk that wide deployment of "Business PGP" could present. Wide deployment of "Business PGP" would also make eventual GAK much easier to implement. One plausible scenario is that companies would have to make available the escrowed copies of e-mail upon request by law enforcement. (Such records are of course already subject to subpoena, not to mention inspection by various and sundry other government agencies.) A further scenario is that "Business PGP" is _mandated_ within businesses or corporations by the ever-increasing regulatory web imposed by government. The SEC will want to ensure that insider trading is not being discussed, the FTC will want to snoop on possible anti-competitive communications, the DEA will want to investigate use of corporate shipping systems for drug distribution, and, of course, the various intelligence agencies will want access. "Business PGP" will be just another requirement, like certain accounting practices, like OSHA requirements, etc. Random inspections will force compliance, with fines for violations. Under this scenario, the so-called "rights" of individuals will not even arise, as the government rules will affect businesses, which are not held to have rights in the same way individuals are. (I happen to disagree, and think the owners of XYZ Corporation have the same rights to do with their property as J. Random Citizen has, but the courts have ruled otherwise.) The wide adoption of "Business PGP" could also mean short shrift to non-KR versions, including a lag in availability, or even eventual dropping of development efforts. (I'm sure PGP, Inc. will assure us otherwise, but this could still be an eventual development, if, for example, "Business PGP" accounts for 80% of their sales.) I agree with Phil Zimmermann's point: ''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind if they sell a program that has a back door in it, but they shouldn't call it PGP. If your employer can read your mail anytime he wants, without your permission, that goes against the spirit of the PGP trademark." Let's hope PGP, Inc. comes to their senses and stops doing the work of Big Brother. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."