At 12:17 PM -0700 10/19/97, Fabrice Planchon wrote:
On Sun, Oct 19, 1997 at 10:54:18AM -0700, Tim May wrote:
I'm not sure the people who wrote the U.S. laws had a clue, either. (Check out Dan Bernstein's report in sci.crypt on the latest appeal arguments of the government side in his case...the Feds are arguing that the First Amendment (to the U.S. Constitution) does not protect speech that may be read and acted upon by computers!).
Ohoh. How interesting. But they have to define what they mean by acted upon computers, and we are back to a technical issue they don't understand. But does the judge understand this issue better ? If I
By the way, the main discussion for this Bernstein point is on misc.legal.computing, where followups have been redirected. He asked for examples, modern and old, of where the government's position could be used for prior restraint and censorship. I suggested JPEGs and GIFs, which are clearly machine-readable instructions telling a computer how to write a pattern of pixels in a display window. Are we to presume that such JPEGs and GIFs (and WAVs and MOVs and...) have lost their First Amendment protection? If upheld, the CDA would not even be needed. Oh, folks, don't submit your own examples _here_. Do it in the appropriate thread in misc.legal.computing, so Bernstein can get a lot of examples collected.
corporate and institutional purchases. It's not too surprising that the security staff at Random Corporation and at the University of Middle America want access to all communications...if it were up to them alone they'd have video cameras scattered everywhere.
eheh, I had an argument with my local (PU) system administrator, and at some point he said "and what are all mails coming from cypherpunks anyway ?" (I hope he reads this one...). So, they are already snooping, by fear, or because in a moment of boredom, they look at the mail log (the same way phone operators in the old days were listening to calls, I guess. Part of human nature)
Yes, they snoop. Out of boredom, out of instructions from Administration, whatever. Encryption will help, but not if the same snoopers can continue to snoop.
And as for the University of Middle America, wait until professors and students discover that UMA bought PGP 5.5 Snoopware for Sysadmins and that communications with other professors, other employers, etc. will be subject to snooping by some low-level security employees.
Somehow, I can play the devil advocate and argue that it would be better than the current situation where: 1) people don't use encryption at all 2) networks are weakly secured and snooping is easy 3) people use e-mail without thinking it can be snooped, archived, and reused later, unlike, say, a phone call.
I disagree. Snoopware will tend to centralize the files to a point where snooping is easier. Those using PGP 5.0 and earlier will likely be told to switch to the snoopware version. While many may not encrypt now, this is changing. Snoopware rolls back the clock. To be clear: we should be advocating the wider use of strong encryption, not arguing that snoopware is better than nothing. Nothing is not really the proper alternative to weigh snoopware against.
If you tell a professor that any student can easily read his e-mail but that with this nice pgp5.5 software it will be no longer the case, he might embrace it readily, even if on the long run and on second thoughts it might not be a good idea.
Why does this professor not have the option of PGP 5.0? That's the real alternative to consider. (Some of us have fears that development of the "free" version of PGP will not be supported or developed. While PGP may _hope_ that many buy the PGP 5.0 they plan to sell to individuals, the fact is that most individuals won't pay money for what they can get for free. This is presumably a motivation for the development of PGP for Business, with Netscape-like incentives for corporate buys.)
I advocate KISS, "Keep it Simple, Stupid," for the OpenPGP effort. Let PGP, Inc. go off on quixotic crusade to provide snoopware for corporations and universitites, and let the market decide.
Yes and no, as I said before it's not clear what the market will decide, if people who make key buying decisions don't do the right thing. Once every single university is equipped with pgp5.5, it's not that easy to go back. And because of their reputation capital, people are more likely to buy the product blindly. Sounds scary ? I don't believe in conspiration theory, usually stupidity, ignorance and such are enough to make bad things happen. And we see it now.
We all agree that widespread adoption of PGP 5.5 could be scary. Hence our concerns. (Even more scary are the many ways various governments could gain easy access to the CMR keys. Whereas enforcement of key escrow is difficult with millions of diverse, anarchic users and approaches, CMR essentially centralizes the target nicely.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."