Re: Netscape gives in to key escrow
At 6:44 AM 11/30/95, sameer wrote:
http://www.cnet.com/Central/News/govt.html
Bad. Very Bad. And I was almost starting to like Netscape.
Thank you Sameer for pointing this out. Jim Clark is actively working for the enemies of liberty and freedom. Consider this quote: "To secure Net communications, the government will need to have access to private data exchanges using what is known as a key escrow security system, said Clark. He added that an invincible security system for the Net is possible, but such a system won't be built unless the government has a stake in it. "That's where key escrow comes in," said Clark." Note that this is beyond the "watered down" forms of "commercial key escrow" that many advocates of forms of key escrow often like to talk about (such as the nominally voluntary schemes espoused by TIS). This speech by Clark is actually closer to the real truth of key escrow that we normally here from public speakers: the government will need to have access, therefore the key escrow will be mandatory, not voluntary. Can Netscape continue to prosper? This latest issue won't kill it, naturally, but I doubt a $5 billion market capitalization can persist when a company has no technology that cannot be duplicated or bettered by others. As an example, I use Netscape to do certain things, Eudora to do other things, and Newswatcher to do still other things...I will switch to an improved Web browser _much_ faster than I will switch to a new word processor. I don't see much "staying power" inherent in Netscape's browser, so I can't see how the company can maintain a market capitalization greater than that of General Dynamics, CBS, and Apple. I wonder what discussions Jim Clark has been having with the Feds? --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
What's the point? Surely Clark must realize that even if Netscape adds key escrow to SSL/Secure Courier, it is still possible to tunnel real encryption through that link thus thwarting the escrow system. In fact, this is the perfect job for Java: 1) Client connects to server thru insecure key-escrow channel and downloads Java applet 2) Java applet opens new connection to server using "invincible" security as Clark puts it, and performs add transactions on this channel. In fact, in the future, a large number of "forms" will be Java applets which submit information back to the server themselves. And what about IPSEC ESP? Even if the application layer is weak, the link layer can more than make up for it. Now, Netscape has momentum, and if they set a key-escrow standard, there is a chance of it being adopted widely. However, Java applets and IPSEC can still make transactions through an insecure netscape payment/encryption channel. The genie is out of the bottle. -Ray
On Thu, 30 Nov 1995, Timothy C. May wrote:
Can Netscape continue to prosper? This latest issue won't kill it,
I suspect this will unfortunately help. Stockholders are interested in profits, not principles. Co-oping with the feds will help Netscape get to the commercial market sooner, and most customers, sadly don't give a damn about privacy (or don't understand). Jay Holovacs <holovacs@ios.com> PGP Key fingerprint = AC 29 C8 7A E4 2D 07 27 AE CA 99 4A F6 59 87 90
On Thu, 30 Nov 1995, Jay Holovacs wrote:
On Thu, 30 Nov 1995, Timothy C. May wrote:
Can Netscape continue to prosper? This latest issue won't kill it,
I suspect this will unfortunately help. Stockholders are interested in profits, not principles. Co-oping with the feds will help Netscape get to the commercial market sooner, and most customers, sadly don't give a damn about privacy (or don't understand).
<Rant mode on> Clipper and family are vampires; shine some light on them and they're dead. Witness the public ridicule of the FBI 1% scheme. Compare that to the near mainstream silence about DT. The last round of Clipper was wonderful, for a while in '94 we had Time sounding like Brock Meeks. If Jim Clark really does mean this nonsense then I hope he does a Dorothy Denning and takes his show on the road (sorry Jeff). This is simply easy fodder for journalists without a story, totally black and white cheap shot at the gov. While people don't give a damn about their privacy, they sure do get mad when they're shown how easy it is to take away. They *hate* hearing the $ cost. Maybe some of the people on this list with higher profiles than myself should start defending Clipper and GAK as loudly and stupidly as possible. I've grown dead tired of trying to get anyone around me interested in pgp, remailers and whatnot. Reverse psycho sounds a lot easier: "Noted counterterrorism expert Timothy May was quoted on Connie Chung Live last night as saying "Clipper, GAK and CTHULHU666 are a hundred billion dollar investment in your national security. Only through complete wiretapping will we save our nation's children from violent cigarette smokers, tax cheaters, unlicensed pit-bull owners, Tax 'n Spend Liberals, murderous Nation of Islam Dope Pushers, audiophiles, christians, fat people, OJ and jaywalkers on the infohighway." -USA Today" (Apologies. You may now killfile me with a clear conscience.) If you can't beat 'em, subvert 'em.
Jay Holovacs writes:
On Thu, 30 Nov 1995, Timothy C. May wrote:
Can Netscape continue to prosper? This latest issue won't kill it,
I suspect this will unfortunately help. Stockholders are interested in profits, not principles.
Netscape is currently trading somewhere like 7000 times earnings. What profits are you talking about, precisely? Perry
Jay Holovacs wrote: | On Thu, 30 Nov 1995, Timothy C. May wrote: | > Can Netscape continue to prosper? This latest issue won't kill it, | | I suspect this will unfortunately help. Stockholders are interested in | profits, not principles. Co-oping with the feds will help Netscape get to | the commercial market sooner, and most customers, sadly don't give a damn | about privacy (or don't understand). Thats very true. We should look at what stockholders tend to care about (although, in the case of many internet stocks, it does seem to be 'a bigger fool'). One thing that stockholders do care about is liability. Its my (non lawyerly) opinion that anyone implementing GAK without a government mandate to do so is opening themselves up to huge liability the Clipper database of keys gets out. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Thu, 30 Nov 1995, Adam Shostack wrote:
One thing that stockholders do care about is liability. Its my (non lawyerly) opinion that anyone implementing GAK without a government mandate to do so is opening themselves up to huge liability the Clipper database of keys gets out.
Well that would depend on the terms of the agreement to hold the escrowed keys, wouldn't it? And presumably the GAK keyholder will have lawyers write the agreement so that it says, in essence, "we will try really really hard not to let the keys out, but if they get out, our only liability if to say 'Ooops' followed by a heartfelt apology!" EBD
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
Brian Davis wrote: | On Thu, 30 Nov 1995, Adam Shostack wrote: | > One thing that stockholders do care about is liability. Its | > my (non lawyerly) opinion that anyone implementing GAK without a | > government mandate to do so is opening themselves up to huge liability | > the Clipper database of keys gets out. | Well that would depend on the terms of the agreement to hold the escrowed | keys, wouldn't it? And presumably the GAK keyholder will have lawyers | write the agreement so that it says, in essence, "we will try really | really hard not to let the keys out, but if they get out, our only | liability if to say 'Ooops' followed by a heartfelt apology!" I'm not sure thats true. Allow me to argue by analogy. A car company, hearing the FBI's laments about cars being used as getaway vehicles after bank robberies, starts a program of putting explosives in all their cars, with radio detonators. In an unfortunate accident, some of the explosives go off for no reason, injuring the owner of the car, etc, etc. It seems to me that the car maker would be quite liable for doing something stupid (putting explosives in the engine block), even though they didn't cause the explosion. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Fri, 1 Dec 1995, Adam Shostack wrote:
Brian Davis wrote:
| On Thu, 30 Nov 1995, Adam Shostack wrote:
| > One thing that stockholders do care about is liability. Its | > my (non lawyerly) opinion that anyone implementing GAK without a | > government mandate to do so is opening themselves up to huge liability | > the Clipper database of keys gets out.
| Well that would depend on the terms of the agreement to hold the escrowed | keys, wouldn't it? And presumably the GAK keyholder will have lawyers | write the agreement so that it says, in essence, "we will try really | really hard not to let the keys out, but if they get out, our only | liability if to say 'Ooops' followed by a heartfelt apology!"
I'm not sure thats true. Allow me to argue by analogy.
A car company, hearing the FBI's laments about cars being used as getaway vehicles after bank robberies, starts a program of putting explosives in all their cars, with radio detonators. In an unfortunate accident, some of the explosives go off for no reason, injuring the owner of the car, etc, etc. It seems to me that the car maker would be quite liable for doing something stupid (putting explosives in the engine block), even though they didn't cause the explosion.
I'm presuming that the consumer is aware of the key escrow. It would indeed be foolhardy for Netscape to try to hide that, given the liability problem and the cypherpunks available to discover the "hidden" escrow. I they tell you about it and you buy it anyway -- tough luck. Same with the cars. Would *you* buy Pinto with explosives in it???? (leaving aside the "inherently dangerous" argument for the moment on the products liability claim). EBD
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
On Fri, 1 Dec 1995, Brian Davis wrote:
Well that would depend on the terms of the agreement to hold the escrowed keys, wouldn't it? And presumably the GAK keyholder will have lawyers write the agreement so that it says, in essence, "we will try really really hard not to let the keys out, but if they get out, our only liability if to say 'Ooops' followed by a heartfelt apology!"
<IANAL> This sounds like the fine print you "agree" to by opening commercial software packages. Hasn't this been found void in a couple of places? The "OK" or "I Agree" buttons I'm forced to press (but you don't *have* to download software, nya,nya,nya...) when downloading wares also comes to mind. Has this been tested in a court? (Sega's reverse engineering suit from a while back comes to mind) Pressing buttons is hardly the same as your notarized handwritten signature on paper (we prefer blood, it's more permanent), or its digital equivalent. Mere tokenism, not insurance. </IANAL> About JR's concern about Netscape's shareholders, they're playing a bubble market and they know it. I wish them all the money and luck; luck is something they're gonna need if this is to go on. Ps. Netmanage websurfer ain't so bad, hint, hint, hint (detraction time netscape).
On Fri, 1 Dec 1995 s1113645@tesla.cc.uottawa.ca wrote:
On Fri, 1 Dec 1995, Brian Davis wrote:
Well that would depend on the terms of the agreement to hold the escrowed keys, wouldn't it? And presumably the GAK keyholder will have lawyers write the agreement so that it says, in essence, "we will try really really hard not to let the keys out, but if they get out, our only liability if to say 'Ooops' followed by a heartfelt apology!"
<IANAL> This sounds like the fine print you "agree" to by opening commercial software packages. Hasn't this been found void in a couple of places? The "OK" or
"I agree" that shrinkwrapped licenses are problematic, at best. I don't think the analogy applies, though. Maybe I'm mixing threads up, but I thought the topic was "Why would anyone agree to escrow keys commercially -- given the high risk if the keys get out?" If that is the topic, then the keys would be escrowed by one of two parties: the software developer or the customer. If the customer does it, through an active act on his part, then no problem -- he's expressly consented (not a "shrinkwrap license" problem in my view if he send them his key ...). If the software developer gives the key to the C/GAK escrow agent, then all that should be necessary is to warn the consumer that there is a backdoor through the escrowed key. Then the consumer can buy the product or not, but knows what he is getting so can make a choice. As long as the escrow aspect is not hidden, I don't see any fraud. The remedy is the marketplace. It is a long fall from $5,000,000,000 ... EBD
"I Agree" buttons I'm forced to press (but you don't *have* to download software, nya,nya,nya...) when downloading wares also comes to mind. Has this been tested in a court? (Sega's reverse engineering suit from a while back comes to mind)
Pressing buttons is hardly the same as your notarized handwritten signature on paper (we prefer blood, it's more permanent), or its digital equivalent. Mere tokenism, not insurance. </IANAL>
About JR's concern about Netscape's shareholders, they're playing a bubble market and they know it. I wish them all the money and luck; luck is something they're gonna need if this is to go on.
Ps. Netmanage websurfer ain't so bad, hint, hint, hint (detraction time netscape).
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
FWIW: A guy from the Wall Street Journal was on the CNN biz show this morning explaining all the reasons why Netscape's stock value was supported only by religious belief. This may have a depressing effect on the stock value, as well as the morale of Netscapes major stockholders. bd On Fri, 1 Dec 1995 s1113645@tesla.cc.uottawa.ca wrote:
On Fri, 1 Dec 1995, Brian Davis wrote:
Well that would depend on the terms of the agreement to hold the escrowed keys, wouldn't it? And presumably the GAK keyholder will have lawyers write the agreement so that it says, in essence, "we will try really really hard not to let the keys out, but if they get out, our only liability if to say 'Ooops' followed by a heartfelt apology!"
<IANAL> This sounds like the fine print you "agree" to by opening commercial software packages. Hasn't this been found void in a couple of places? The "OK" or "I Agree" buttons I'm forced to press (but you don't *have* to download software, nya,nya,nya...) when downloading wares also comes to mind. Has this been tested in a court? (Sega's reverse engineering suit from a while back comes to mind)
Pressing buttons is hardly the same as your notarized handwritten signature on paper (we prefer blood, it's more permanent), or its digital equivalent. Mere tokenism, not insurance. </IANAL>
About JR's concern about Netscape's shareholders, they're playing a bubble market and they know it. I wish them all the money and luck; luck is something they're gonna need if this is to go on.
Ps. Netmanage websurfer ain't so bad, hint, hint, hint (detraction time netscape).
participants (8)
-
Adam Shostack -
Brad Dolan -
Brian Davis -
Jay Holovacs -
Perry E. Metzger -
Ray Cromwell -
s1113645@tesla.cc.uottawa.ca -
tcmay@got.net