CDR: RE: Zero Knowledge changes business model (press release)
I can't help but feel that this is a weakening of ZK's position regarding privacy. The critical paragraph is:
Zero-Knowledge is committed to deploying systems that are transparent and accountable. In keeping with this policy, MPS will incorporate third party verification and split encryption key structures, as well as provide consumers with access to white papers, independent auditors' reports or other materials that assure a company is doing what it claims. With MPS Zero-Knowledge strengthens its commitment to building responsible systems that empower consumers to control the disclosure and use of their personal information, while still enabling businesses to thrive in a data and relationship-driven marketplace.
I don't want to be 'assured that a company is doing what it claims' (with my personal information). Companies change policies at whim. What a firm's founder may fervently believe could become a curio of corporate history after the next board meeting. Look at Amazon's recent policy change, for example. Also, data in the possession of a corporation and me is always less secure than information possessed only by me. Instead of being assured that the company is acting in accordance with their stated policy du jour (or at least, their lawyers' spin on it), I want to know that they CAN'T abuse my personal data, because the don't have any. That is the confidence which ZK's original scheme was intended to produce, and which the introduction of this plan seems to seems to suggest is no longer considered a high priority at ZKS. It may be that the ZK's product 'Freedom' is proving a financial bust (I won't use it until I can buy nyms for cash at CompUSA). I understand the drive to meet payroll and pay off VCs, but I can't help but be saddened. I understand that some transactions require more state than "Here's an order, some money, and a shipping address", but in a great many cases, corporations by policy ask far more than this. The most egregious example I've seen is a cheap travel site which, when you register, suggests that you tell them your 'favorite internet password' as a key to get get back to your account. I hope that ZKS's new service doesn't simply "culminate in the deployment of a tailored privacy layer that integrates seamlessly with the client's existing enterprise applications".... but rather looks at their business and informs them of the absolute minimum of data they need to acquire, and how long to keep that data, if they need to keep it at all. I don't want to rely on a 'privacy layer' under the control of an entity which will profit from silently circumventing it, or be subject to leaks and third party seizures of data. Peter Trei Disclaimer: The above represents my personal opinions only.
On Tue, Oct 31, 2000 at 11:06:32AM -0500, Trei, Peter wrote: | | I can't help but feel that this is a weakening of ZK's position | regarding privacy. The critical paragraph is: | | > >Zero-Knowledge is committed to deploying systems that are | > >transparent and accountable. In keeping with this policy, | > >MPS will incorporate third party verification and split | > >encryption key structures, as well as provide consumers | > >with access to white papers, independent auditors' reports | > >or other materials that assure a company is doing what it | > >claims. With MPS Zero-Knowledge strengthens its commitment | > >to building responsible systems that empower consumers to | > >control the disclosure and use of their personal | > >information, while still enabling businesses to thrive in a | > >data and relationship-driven marketplace. | > | I don't want to be 'assured that a company is doing what it | claims' (with my personal information). Companies change | policies at whim. What a firm's founder may fervently | believe could become a curio of corporate history after the | next board meeting. Look at Amazon's recent policy | change, for example. Also, data in the possession of a | corporation and me is always less secure than information | possessed only by me. | | Instead of being assured that the company is acting in | accordance with their stated policy du jour (or at least, | their lawyers' spin on it), I want to know that they CAN'T | abuse my personal data, because the don't have any. | That is the confidence which ZK's original scheme was | intended to produce, and which the introduction of this | plan seems to seems to suggest is no longer considered | a high priority at ZKS. Peter, You're reading too much in here. We're still working hard on Freedom v2, having released the linux source and install rpms, new windows versions are coming, etc. This is an additional business line, not a change in our commitment to produce the coolest, strongest privacy systems available. | I hope that ZKS's new service doesn't simply | "culminate in the deployment of a tailored privacy layer that | integrates seamlessly with the client's existing enterprise | applications".... | | but rather looks at their business and informs them of the | absolute minimum of data they need to acquire, and how | long to keep that data, if they need to keep it at all. I don't | want to rely on a 'privacy layer' under the control of an | entity which will profit from silently circumventing it, or | be subject to leaks and third party seizures of data. We really hope to be able to do both seamless integration and help the business figure out what personal information it actually needs to collect, how long they need to keep it, etc. We also work hard to ensure that the company doesn't have the information to leak, for example by storing encrypted versions for which we, they, and other parties, like auditors, need to be involved in decrypting. This doesn't change the reality that we're focused on protecting the privacy of individuals through the strongest mechanisms, it adds additional ways that we can do that. If a business isn't willing to meet certain standards, then we're not going to be able to work with them. It would be too damaging to us, and the trust that people place in us. Those standards include disclosing what the privacy systems in place are, and what the limits of their protection is. We don't feel that you can put trust in a company that isn't willing to disclose those things. The systems that we're going to put in place are going to be technically solid and trustworthy. We have a fair number of smart people here who are dedicated to proving that you can move information around with privacy built in, in ways that range from the Brands credentials systems to encrypted database entries, etc. Its hard to talk in the abstract about this, but until we announce deals, thats all I can do. I can say that we will be having some of our best security people, including Ian, Adam Back, Ulf Muller, Stefan Brands, and myself look at the systems before they leave the design phase. Who looks at which system depends on the design and the particular expertise needed. It won't be silently circumventable. Adam PS: Clearly, adding a new product line requires more outstanding security folks. We'll be happy to whisk you away from wherever you are, and you can help ensure that we do this right. :) -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 11:06 AM -0500 10/31/00, Trei, Peter wrote:
I don't want to be 'assured that a company is doing what it claims' (with my personal information). Companies change policies at whim. What a firm's founder may fervently believe could become a curio of corporate history after the next board meeting. Look at Amazon's recent policy change, for example. Also, data in the possession of a corporation and me is always less secure than information possessed only by me.
And sensitive data held by "trusted third parties" is always subject to subpoena by authorities, litigants (in some cases), and by national security access. (Not surprisingly, this is precisely why the U.K. was pushing "trusted third parties" so strongly.) In the United States, for example, the holder of information generally has less power to assert Fourth Amendment protections than the actual owner of that information has. (That is, if Alice the Storage Company is holding stuff for Bob, Alice cannot assert Fourth Amendment rights on behalf of Bob. Greg Broiles, IIRC, wrote up some nice stuff on this a few years ago.) A bank may disclose financial records of a customer subject to the banking laws, not subject to the Fourth and other such amendments. Wanna bet that the "trusted third parties" being talked about in Britain, Europe, and other countries will be treated in this light? In France and Iran for sure, and probably in the U.S. Will a company like Intel feel secure knowing that "trusted third parties" have the ability to access its most important secrets? Gimme a fucking break. Any such key sharing, key splitting, key escrow, GAK, trusted third parties, or "legitmate needs of law enforcement" completely guts the underlying crypto. Why bother trying to break a 128-bit key when court orders--often delivered secretly, as with banks, naational security concerns, etc.--will do the trick? GAK beats crack. (Carl Ellison's term for "government access to keys")
Instead of being assured that the company is acting in accordance with their stated policy du jour (or at least, their lawyers' spin on it), I want to know that they CAN'T abuse my personal data, because the don't have any. That is the confidence which ZK's original scheme was intended to produce, and which the introduction of this plan seems to seems to suggest is no longer considered a high priority at ZKS.
If the original Freedom product is: a. as unbreakable/untraceable as was originally planned (verdict is out, IMO) and b. is continued to be supported and distributed then why would the new "trusted third parties" system be needed? Unless mandated by law, why would any company or organization place its secrets in the hands of others? Which may explain the language in the ZKS release about "in accord with relevant legislation." Of course, if local relevant legislation requires third party key escrow, what happens to the legality of the Freedom product? Hmmmhhh.
It may be that the ZK's product 'Freedom' is proving a financial bust (I won't use it until I can buy nyms for cash at CompUSA). I understand the drive to meet payroll and pay off VCs, but I can't help but be saddened.
I'm saddened as well. Many fine folks work for ZKS, including some folks I count as friends. And Austin Hill is a fine person, from what I have seen (one face-to-face meeting a couple of years ago, one long phone conversation, a few e-mails). Freedom was a sort of interesting product, though the "terms and conditions" for cancelling the prepaid nyms were unacceptable to me. I'm not shelling out $50 for a nym only to find it cancelled because I said something banned by Canada's laws about hate speech, as just one example. The requirement to buy with a credit card or other noncash instrument bothered me, as it bothers Peter. Lastly, the Mac issue. It may be that this new product is just being floated as a trial balloon, that Freedom and other "unbreakable" (so to speak) products will be their main focus. History shows that such trial balloons in the direction of key escrow, GAK, and key-splitting will be devastating. Recall how PGP got sidetracked into discussions of its limited key escrow feature set, with many people speaking out against the GAKware aspects; whether this contributed to what happened to the commercial prospects for PGP is unclear. I know that most of the Cypherpunks folks drifted away from Network Associates. If ZKS is seen as "building in Big Brother," then the PR consequences for them will be devastating. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
participants (3)
-
Adam Shostack -
Tim May -
Trei, Peter