At 10:56 AM 10/11/97 -0700, Tim May wrote:
Suppose I want to send a private message to Andy Grove at Intel. With current systems, I would encrypt to his public key and send it to him. Only he, or those with access to his private key, could read the message.
But suppose CAK becomes common, and suppose Intel has adopted PGP 5.5.
I presume I have to also encrypt to Intel's corporate key...or one of them. (I assume different users in different departments may have different CAK keys.)
So, who can read my message besides Andy? The Security Operations department? The Key Compliance Officer? Or, perhaps, only those _higher_ than Andy Grove, e.g., no one.
And suppose I send a communication to a lower-level person? How many higher-level persons will be able to read the message?
Will companies really accept that lower-level security people will have access to the communications about business deals, technology deals, etc.? The prospects for abuse are obvious.
I wonder how many of them know if their mail can be read now? Any admin could just use `less /var/spool/mail/andyg` to read the unencrypted mail queue.
Or will there be provisions for overriding the PGP 5.5 snoopware features? Will it become a status symbol to have reached the level of trust where one's private e-mail is not subject to snoopware encryption?
There will always be an out for management. Managers will not like the idea of someone being able to read their mail, thus, they will make rules that they do not have to follow. (People who think that such rules will be equally enforced have never worked for a big company.) But the higher up the corporate ladder, the bigger risk that they will have more info to sell out to the competition. This sort of policy is only to tighten management's grip on the proles, not solve any real problem within the corporation. (Kind of like drug testing, but without all that messy urine.)
I suppose it's up to companies to figure out all of these troublesome issues. I just hope the architecture of PGP 5.5 is pliable enough to allow the market to decide which options to turn on, which to turn off, and which to take out completely.
But those who will make the rules will not think through those issues. Those decisions will be made for totally alien reasons. Control will be a big one. Because it is there will be another. The corporate GAKware features of 5.5 will be a big thing with the management types who think it is a good thing to measure workers keystrokes and monitor their precious bodily fluids. --- | "That'll make it hot for them!" - Guy Grand | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|