
NSB's messages have suggested, amongst the fear-mongering, that the real target of the card-shark publicity campaign is not Joe Consumer but bankers, investors, and other "big money" folks; people who care about the large-scale fraud rate of credit card use. (Yes, the rate of fraud affects all consumers, but most people experience it as a relatively small and unavoidable cost lost in the noise of other small costs.) NSB/FV used the Murky News to reach those people the way that some people will rent a freeway-visible billboard to propose marriage to a single commuter. The trouble and expense that the sender was willing to suffer to send the message are intended to cause the reader to take the message more seriously. The rest of us who see the message on C-punks or drive past and wonder "Who is Bonnie, and why is Clyde proposing marriage to her on the freeway?" aren't an important part of the process. But I don't see FV's tactics as being especially different from folks at IBM writing a virus which affects Windows but not OS/2, and quietly shopping it around to scare Microsoft customers, or Ford underwriting an NBC news program which shows Chevy pickups blowing up. (both are hypotheticals.) Sure, it can be done, and perhaps it's not dishonest, and perhaps they can wear the hat of "Consumer Protector Man", but I think it'd come across as less offensive if it weren't presented as a discussion about security. Statements which can be boiled down to "We think our product is superior to our competitor's product" don't mix well with quotes from academics and a "Chief Scientist" signature block. While, as Vin McLellan points out, Simson Garfinkel's articles were technically accurate (modulo the quote from Daguio, where he's quoted as suggesting an "out of hand" transaction, which is likely either a typo or a misunderstanding - dollars to donuts he said "out of band"), they also appeared as part of a marketing process. Netscape and FV have both taken a "security is a product" stance, which is a gross misrepresentation. FV and NSB's materials have done a good job of critiquing Netscape's "security is a product / don't worry, just look for the cute blue key" approach, but would replace it with their own "security is a product / trust the phone but not the net" approach. Both suggestions (and the implication of the Murky News articles, that one can be trusted but not the other) are wrong. Security is never a product. (Not a firewall, not a fancy browser, not PGP, not a gun, not the Club, not an airbag.) FV has tried to productize their approach (out-of-band transfer of credit card number + long clearing time for sellers + negligible per-unit cost for goods sold) but it won't work any better for FV consumers than it does for anyone else who tries to buy something which can't be sold. It's a shame that Garfinkel didn't spend more time/column space on suggestions or observations from the independent people he interviewed and less time on the "hot news - Netscape security broken by a competitor" angle. Are there really any "big money" people left who don't have formal or informal access to someone computer/Internet savvy enough who could have pointed out that the cardshark attack is nothing new? Yes, bad things happen if you run bad software. A two-way link between your computer and the rest of the world means it's possible for bad software to send your data to other people. It's the "Prodigy reads your hard disk/Microsoft Registration Wizard reads your hard disk" scare all over again, with "Prodigy" replaced by "evil untraceable criminals" and "hard disk" replaced by "keystrokes". Duh. We should, however, learn from what FV did right - they wrote software which (apparently) had or can have a real political effect. (It seems to have worked on Garfinkel, anyway). Cypherpunks write code? FV wrote code and got some attention for their otherwise unexciting message. (It seems to be a combination of working code and good user interface - witness the cooing over the icon indicating which type of credit card you're using and the fact that it uninstalls itself.) It's a shame that they won't use their powers for good instead of evil. -- "The anchored mind screwed into me by the psycho- | Greg Broiles lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com every temptation, every desire, every inhibition." | -- Antonin Artaud |