At 11:33 AM 4/11/96 -6, Peter Trei wrote:

Ms Denning, Mr. MacDoran

I've read with interest your proposed GPS-based authentication mechanism (it was posted to the cypherpunks mailing list). Can you confirm that you wrote this? Some people on the list think it may be a forgery.

The participants of the list have noted some apparent vulnerabilities in the system, and I am curious as to how you address them. If you respond to me and give permission, I'll forward your response to the list.

The problems are two-fold:

1. The system is easily spoofed. 2. It leaks sensitive location data.

It should occur to all of us that what you (and we) call "problems" are, to government sympathizers, actually FEATURES. Identifying people's locations is probably going to be considered enormously important to the government (if it lasts that long). And since the government runs all the GPS transmitters, and can presumably modulate the S/A function any way it wishes, it has a leg up on all of us who have to depend on the integrity of the system. There is also the possibility of them jamming the system locally to either deny the user the ability to make the identification system work and thus deny access, or detect the location of the user by subtly modulating the local signal in such a way as to leak through the otherwise-secure system. (If we trust it that far, which I don't.)