Re: libelous action
-----BEGIN PGP SIGNED MESSAGE-----
"JOHN" == JOHN E HOLT <76473.1732@CompuServe.COM> writes:
JOHN> Dear Mr. Curtin JOHN> Your statements about myself and my product, The JOHN> POUCH are defamatory. Since they have been made in writing and JOHN> shown to and seen by other parties on the Internet, they JOHN> constitute libel. Please admit to all parties that you have no JOHN> personal knowledge of my product capabilities or my personal JOHN> character or reputation. Failure to do so at once will result JOHN> in legal action against you personally and Megasoft. As my signature said, I speak only for myself. I am not a representative of Megasoft in any official capacity. That which I have posted does not represent the views of Megasoft, its employees, its shareholders, its customers, its business partners, its landlord, its employees' mothers, and is in no way representative of any person living or dead, other than myself. I have no knowledge of JOHN E HOLT <76473.1732@CompuServe.COM>. The only knowledge I have of THE POUCH is its web site, found at http://www.flagler.com/security.html On 18 August 1996, I posted to the Cypherpunks mailing list, a note regarding THE POUCH, which included this paragraph: If it is any good, there's no way for us to know. But your marketing of the product has every indication that it's nothing more than smoke and mirrors. To coin a phrase, "pseudocrypto." I, speaking only on behalf of myself, stand by this statement. I do not apologize for my comments. If you, Mr. Holt, feel that this is a personal attack against you, I regret that you've misunderstood the tone and nature of my post. My statement is hardly libelous; I simply observed that if your product is truly secure, there is no means by which security experts can verify such claims. Study of computer security has shown that obscurity (using unpublished algorithms, for example) is not "security." By perpetuating confusion between the two terms, nonexpert users of crypographic software are hard pressed to make good decisions about what they use, and the risks of the software they're using. Hiding the internals of such software, claiming that it is "highly resistant to all known forms of cryptographic attack," is, in my opinion, irresponsible marketing. It is my hope that future marketing endeavors of THE POUCH will be more open and straightforward in its approach to security, providing evidence of a crystal-box architecture, whose security can be more objectively determined by potential customers. Hiding a paper from me by putting it somewhere in New York City is obscurity. If you hide a paper from me by putting it in a safe, and then give me the safe, and the technical documentation of the safe's locking mechanism, and I still can't get the paper, then *that* is security. (And, by the way, I think you'll find insisting that I somehow retract my statements, rather than prove me wrong by showing the quality of your product, will likely further add to the suspicion that the security of THE POUCH cannot be proven.) - -- C Mattew Curtin cmcurtin@ee.net -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQCVAwUBMiJEYRhyYuO2QvP9AQFPmwQAgimf3IhoX4wMPPNk7JY9nlFDJG2K/gO3 Xnd7ygPYAhz4BRaEl6SAaOOWiKjBA1l5EI5GhZdTL0WIWdKQv5MJROElzTVcY7nx Tq1wysgTRTLjt7XQS2FyIa1S7OSvyhJttAslbJjpl+PqCwT18bhr3Oh9Cp2g1LRq sNxdtB1BtQQ= =I28g -----END PGP SIGNATURE-----
Mr. Curtin; You are too kind. I suspect that 'The Pouch' is a piece of junk, although the lack of public disclosure makes it impossible to demonstrate that. If Mr. Holt would like to sue me, he's invited to. I'm sure he'll be at least as likely to follow up as Karl Denninger or "Dr." Fred C. Cohen. Perry C Matthew Curtin writes:
JOHN> Dear Mr. Curtin JOHN> Your statements about myself and my product, The JOHN> POUCH are defamatory. Since they have been made in writing and JOHN> shown to and seen by other parties on the Internet, they JOHN> constitute libel. Please admit to all parties that you have no JOHN> personal knowledge of my product capabilities or my personal JOHN> character or reputation. Failure to do so at once will result JOHN> in legal action against you personally and Megasoft. [...] I, speaking only on behalf of myself, stand by this statement. I do not apologize for my comments. If you, Mr. Holt, feel that this is a personal attack against you, I regret that you've misunderstood the tone and nature of my post. My statement is hardly libelous; I simply observed that if your product is truly secure, there is no means by which security experts can verify such claims.
On Mon, 26 Aug 1996, Perry E. Metzger wrote:
Mr. Curtin;
You are too kind. I suspect that 'The Pouch' is a piece of junk, although the lack of public disclosure makes it impossible to demonstrate that. If Mr. Holt would like to sue me, he's invited to. I'm sure he'll be at least as likely to follow up as Karl Denninger or "Dr." Fred C. Cohen.
Perry
C Matthew Curtin writes:
JOHN> Dear Mr. Curtin JOHN> Your statements about myself and my product, The JOHN> POUCH are defamatory. Since they have been made in writing and JOHN> shown to and seen by other parties on the Internet, they JOHN> constitute libel. Please admit to all parties that you have no JOHN> personal knowledge of my product capabilities or my personal JOHN> character or reputation. Failure to do so at once will result JOHN> in legal action against you personally and Megasoft. [...] I, speaking only on behalf of myself, stand by this statement. I do not apologize for my comments. If you, Mr. Holt, feel that this is a personal attack against you, I regret that you've misunderstood the tone and nature of my post. My statement is hardly libelous; I simply observed that if your product is truly secure, there is no means by which security experts can verify such claims.
As an attorney I can say that not only would I happily represent anyone Mr. Holt sued for libel, but I would consider my contingency fee a free lunch. I wouldn't even bother preparing for the pre-trial hearing. Truth, afterall, is an absolute defense to libel. Your threat to sue is, clearly, merely an attempt to stifle any effort to criticize your product. I believe a more accurate legal view is that you are committing fraud by misrepresenting "The Pouch" as a more potent implementation than it really is. You state:
The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization vector and the CBC technique. Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
This position has been refuted by at least one expert on this list. I would remind you that each and every sale you make of this product, when based on material misrepresentation, constitutes a fraud. If made by wire, as these sales seem they may, they represent wire fraud. That's one count of fraud and one count of wire fraud. If a check is sent to you via mail, that's a count of mail fraud to boot. As you have been warned now of the flaws in your system, I don't think you have much of a defense unless you can produce some experts to support your own view of the cipher. I won't hold my breath. I am constantly amazed that people advertize new crypto products on this list and then whine when they are literally decimated as to their technical merit. Go sell to children if your product can't stand the intelligence of adults. -- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li
participants (3)
-
Black Unicorn -
C Matthew Curtin -
Perry E. Metzger