Agreed. What amazes me is how PGP, Inc. would decide this should be a core part of their company. "PGP for Business," indeed. What were they
With all due respect to Tim May: As a person whose been at work on a very long feature about PGP Inc. for Wired, I can tell you that businesses really don't care that much about PGP's civil liberties advocacy. In fact, its rep could hurt as much as help them. The Fortune 500 is much more pragmatic: They want solutions that work, that help them maintain security for their intellectual property and capital. To that extent, PGP 5.5--which enables IS directors to manage a public key infrastructure and enforce company-wide security policies-- is a step in the right direction. But with this new product, I agree that they run the risk of alienating their core user group of cypherpunks and hackers. Encryption is a very complicated topic that doesn't lend itself well to sloganeering and histrionics. And one major thing that needs to be pointed out: PGP's key recovery system is *voluntary and private*--not mandatory and gov. controlled, which is what the Feds and Louis Freeh have been pushing for. One potential positive side effect of PGP 5.5 is that it could realign the crypto debate and force people to consider this question: Whose back door should netizens be more worried about: Big Brother or The Boss? Spencer E. Ante Associate Editor THE WEB Magazine To: cypherpunks@toad.com, fight-censorship@vorlon.mit.edu cc: (bcc: Spencer Ante/PCWORLD) Subject: Re: PGP, Inc.--What were they thinking? At 1:45 PM -0700 10/22/97, Anonymous wrote: thinking?
Um, maybe that they wanted to stay in business?
This is a truism, that businesses want to stay in business. (And thrive, etc.) The interesting question is whether this action will help them. Why it may not is what we're talking about. For example, if PGP loses its "little guy fighting the system" image, and the company is seen as a major supplier of snoopware and GMR systems, it will have squandered the good will which led many of us to support PGP. And it's by no means clear that corporations will pay enough for PGP for Business if this good will has been squandered. The free status of most versions of PGP is indeed an impediment to PGP making a profit. That's an unchangeable situation. Lots of copies of PGP are already out there, and lots more are available from many sites. The "commercial use" vs. "personal use" dichotomy is largely unenforceable. If Joe Employee uses PGP 2.6 or even 5.0 for his messages, PGP, Inc. will have a very hard time proving in court that Joe or his employer can be held liable for this use (at most, maybe Joe will have to pay $50 or so...and probably not even that, as PGP 5.0 is not serialized (so far as I can find) and records aren't kept...Joe can just claim he did in fact buy it, blah blah). This means PGP, Inc. faces a Netscape-like battle in finding revenue sources. Will they succeed? Will people like us continue to give PGP, Inc. the good will it has enjoyed? Stay tuned. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."