Re: Netscape gives in to key escrow
I they tell you about it and you buy it anyway -- tough luck.
Same with the cars. Would *you* buy Pinto with explosives in it???? (leaving aside the "inherently dangerous" argument for the moment on the products liability claim).
EBD
Hmm. The key point is that almost no general users will have a clue what actual security is, and what GAK is. They _might_ understand the risks of having an explosive in their vehicle (but can just as easily argue it wasn't properly designed if it went off improperly.) Regardless of what they'd know about their vehicle, they can easily claim to had the risks associated with GAK improperly represented, Netscape misleading them with deceptive claims of security given this potential hole etc. I'm not saying whether or not this is the case, but we are very much in a legal period where individuals are in fact expected not to need common sense, and corporations are responsible for cleaning up after consumer stupidity. It is certainly true that given the general state of education regarding crypto, the average consumer can easily say that regardless of warnings about GAK, that they weren't properly informed of the risk. With all the hype around security, Netscape and encryption people will be under the impression regardless of one little disclaimer tag, that their information is safe. Neither government nor corporations will disabuse them of this belief. The case would be strong against them as a consumer. Jonathan ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. ..<JonathanZ@consensus.com> 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page ..
On Fri, 1 Dec 1995, Jonathan Zamick wrote:
I they tell you about it and you buy it anyway -- tough luck.
Same with the cars. Would *you* buy Pinto with explosives in it???? (leaving aside the "inherently dangerous" argument for the moment on the products liability claim).
EBD
Hmm. The key point is that almost no general users will have a clue what actual security is, and what GAK is. They _might_ understand the risks of having an explosive in their vehicle (but can just as easily argue it wasn't
properly designed if it went off improperly.) Regardless of what they'd know about their vehicle, they can easily claim to had the risks associated with GAK improperly represented, Netscape misleading them with deceptive claims of security given this potential hole etc.
And thus we return to my original point, which is that it will depend on what is said/disclosed. If every copy of GAKscape had a banner, bigger than the Netscape "N" which said, "The government can read every message you send using this software no matter what you do" then I think consumers will be hard pressed to say they weren't warned.
I'm not saying whether or not this is the case, but we are very much in a legal period where individuals are in fact expected not to need common sense, and corporations are responsible for cleaning up after consumer stupidity.
It is certainly true that given the general state of education regarding crypto, the average consumer can easily say that regardless of warnings about GAK, that they weren't properly informed of the risk. With all the hype around security, Netscape and encryption people will be under the impression regardless of one little disclaimer tag, that their information is safe. Neither government nor corporations will disabuse them of this belief. The case would be strong against them as a consumer.
I disagree. Almost nobody read the fine print on the back of a note you sign when you buy a car or otherwise take out a loan, but the provisions are generally enforceable ... Ignorance is not necessarily an excuse.
Jonathan
------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation..
EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
On Fri, 1 Dec 1995, Brian Davis wrote:
On Fri, 1 Dec 1995, Jonathan Zamick wrote:
Hmm. The key point is that almost no general users will have a clue what actual security is, and what GAK is. They _might_ understand the risks of having an explosive in their vehicle (but can just as easily argue it wasn't
properly designed if it went off improperly.) Regardless of what they'd know about their vehicle, they can easily claim to had the risks associated with GAK improperly represented, Netscape misleading them with deceptive claims of security given this potential hole etc.
And thus we return to my original point, which is that it will depend on what is said/disclosed. If every copy of GAKscape had a banner, bigger than the Netscape "N" which said, "The government can read every message you send using this software no matter what you do" then I think consumers will be hard pressed to say they weren't warned.
One might want to consider the effect of _Smith v. Maryland_, 442 U.S. 735 (1979) - As described in _California v. Greenwood_, 486 U.S. 35 (1988). "We held in Smith v. Maryland, for example, that the police did not violate the Fourth Amendment by causing a pen register to be installed at the telephone company's offices to record the telephone numbers dialed by the suspect (without a warrant). An individual has no legitimate expectation of privacy in the numbers dialed on his telephone, we reasoned, because he voluntarily conveys those numbers to the telephone company when he uses the telephone. Again, we observed that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties. or to rephrase in the likely implementation: An individual has no legitimate expectation of privacy in the encryption numbers in his GAK browser, we reasoned, because he voluntarily conveyed those numbers to the government when he purchased the software.
I'm not saying whether or not this is the case, but we are very much in a legal period where individuals are in fact expected not to need common sense, and corporations are responsible for cleaning up after consumer stupidity.
I would say the above indicates that infact a lot more than common sense is needed to try and assure privacy. It would seem that when it comes to privacy, you have to be a phone techie or in this case, a crypto techie, to expect to be protected.
It is certainly true that given the general state of education regarding crypto, the average consumer can easily say that regardless of warnings about GAK, that they weren't properly informed of the risk. With all the hype around security, Netscape and encryption people will be under the impression regardless of one little disclaimer tag, that their information is safe. Neither government nor corporations will disabuse them of this belief. The case would be strong against them as a consumer.
In fact it would seem that there is almost a burden imposed on the user to determine who and what gets the information of the software should he or she want to be protected by the constitution.
I disagree. Almost nobody read the fine print on the back of a note you sign when you buy a car or otherwise take out a loan, but the provisions are generally enforceable ... Ignorance is not necessarily an excuse.
Actually, I was under the impression that adherance contracts like that (the most oft touted example is the ski lift ticket with four paragraphs on the back) are often tossed out when it has to do with liability on that order. The reason loan agreements are not often thrown out is because courts find an increased expectation that the consumer would be paying attention to the back of loan documents than the back of a ski lift ticket. I think it will be unlikely that warnings on the box of a given piece of software will suffice. Large banners in the program itself may meet the threshold. If there is enough interest, I will research the threshold issue.
Jonathan
------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation..
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
--- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Sat, 2 Dec 1995, Black Unicorn wrote:
On Fri, 1 Dec 1995, Brian Davis wrote:
On Fri, 1 Dec 1995, Jonathan Zamick wrote:
I disagree. Almost nobody read the fine print on the back of a note you sign when you buy a car or otherwise take out a loan, but the provisions are generally enforceable ... Ignorance is not necessarily an excuse.
Actually, I was under the impression that adherance contracts like that
You are correct in saying that onerous provisions of adhesion contracts are sometimes not enforced against the party who did not draft the contract (the one who had it "forced" upon them). Again, very fact specific. And that has been my point all along. As an aside, understand that my comments on this thread relate to my semi-educated prediction of how the law will be applied in this context. It does not reflect what the law would be if I were King of the forest.
(the most oft touted example is the ski lift ticket with four paragraphs on the back) are often tossed out when it has to do with liability on that order. The reason loan agreements are not often thrown out is because courts find an increased expectation that the consumer would be paying attention to the back of loan documents than the back of a ski lift ticket. I think it will be unlikely that warnings on the box of a given piece of software will suffice. Large banners in the program itself may meet the threshold. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Precisely.
If there is enough interest, I will research the threshold issue.
EBD
Jonathan Zamick wrote: | > Brian Davis wrote: | >I they tell you about it and you buy it anyway -- tough luck. | > | > | >Same with the cars. Would *you* buy Pinto with explosives in it???? | >(leaving aside the "inherently dangerous" argument for the moment on the | >products liability claim). | > | >EBD | | Hmm. The key point is that almost no general users will have a clue what | actual security is, and what GAK is. They _might_ understand the risks of | having an explosive in their vehicle (but can just as easily argue it wasn't | properly designed if it went off improperly.) Regardless of what they'd know | about their vehicle, they can easily claim to had the risks associated with | GAK improperly represented, Netscape misleading them with deceptive claims | of security given this potential hole etc. I'd just like to add one bit to what Jonathan said here. That is the AT&T Clipper phones don't come with 'Big Brother Inside' stickers on them. The phrase 'key escrow' is not used in the manual (near as I remember.) The disclaimer is in very small print. Its not a reasonable expectation that a product being touted as 'secure' is known to its makers to be insecure. Expecting John Q. Public to know that without warning labels seems like a strech. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (4)
-
Adam Shostack -
Black Unicorn -
Brian Davis -
Jonathan Zamick