Re: Netscape gives in to key escrow
And thus we return to my original point, which is that it will depend on what is said/disclosed. If every copy of GAKscape had a banner, bigger than the Netscape "N" which said, "The government can read every message you send using this software no matter what you do" then I think consumers will be hard pressed to say they weren't warned.
I don't mean to be inflamatory, but it isn't much of a point. They aren't going to put such a banner up because that would limit their business. The goal of Netscape (though I don't single them out), any corporation that would profit from business of those who seek encryption while still allowing GAK, and the government, is to limit the public's awareness of the size of the hole. If they let people know the extent of the hole, then they'll use products w/out it which blows profits from companies involved, and doesn't benefit the government who want it in common use.
I disagree. Almost nobody read the fine print on the back of a note you sign when you buy a car or otherwise take out a loan, but the provisions are generally enforceable ... Ignorance is not necessarily an excuse.
The question is whether there was false representation of the security of the product. 1. The general knowledge of encryption and secure electronic financial transactions is significantly lower than that of more standard transactions. 2. Applying for a loan or buying a car involve actively going out, negotiating, signing contracts, etc. It will be much simpler to simply stick your vital info into a 'secure' browser. 3. The choice of browser to use will be done, based on representations by companies about the security of their product. If Netscape doesn't explicitly state in direct terms when accessing the browser that the GAK is a potential security risk, then they will be sued. Simply because someone will get blamed. Since they (or again any company that incorporates GAK.. I really don't want to target Netscape in specific) will make the threat sound as insignificant as possible, and not bring it to people's attention (and they can't afford to do so) when (not if) it is breached they will be taken to court repeatedly.
EBD
Jonathan ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. ..<JonathanZ@consensus.com> 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page ..
On Fri, 1 Dec 1995, Jonathan Zamick wrote:
And thus we return to my original point, which is that it will depend on what is said/disclosed. If every copy of GAKscape had a banner, bigger than the Netscape "N" which said, "The government can read every message you send using this software no matter what you do" then I think consumers will be hard pressed to say they weren't warned.
I don't mean to be inflamatory, but it isn't much of a point. They aren't going to put such a banner up because that would limit their business. The
Once again, I must disagree. Several bulletin boards I frequent include an opening banner announcing that, essentially, all messages left there are "public" and can be read by anyone. I can get the exact language if you like. The message specifically refers to the wiretapping statute, 18 U.S.C. Section 2510 et seq. This keeps the sysop, arguably, from suffering civil liability if mail is intercepted. Nobody reads the banner, but I believe that it has more effect than a fig leaf.
goal of Netscape (though I don't single them out), any corporation that would profit from business of those who seek encryption while still allowing GAK, and the government, is to limit the public's awareness of the size of the hole. If they let people know the extent of the hole, then they'll use products w/out it which blows profits from companies involved, and doesn't benefit the government who want it in common use.
I disagree. Almost nobody read the fine print on the back of a note you sign when you buy a car or otherwise take out a loan, but the provisions are generally enforceable ... Ignorance is not necessarily an excuse.
The question is whether there was false representation of the security of the product. 1. The general knowledge of encryption and secure electronic financial transactions is significantly lower than that of more standard transactions.
But how many of those who are less knowledgable about such things expect the level of privacy you automatically infer? Is that expectation reasonable? Does the party have any duty to inquire???
2. Applying for a loan or buying a car involve actively going out, negotiating, signing contracts, etc. It will be much simpler to simply stick your vital info into a 'secure' browser.
3. The choice of browser to use will be done, based on representations by companies about the security of their product. If Netscape doesn't ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I doubt it in the case of the less sophisticated (and the more sophisticated are on their own). I suspect that Mr. Newbie is more
Getting a browser involves going to the store and installing the software or surfing to a site and downloading the software. Then it must be installed. likely to pick a browser on the basis of what his friend tells him, or what PC Computing tells him, or the fact that he read about Netscape in the business section of the paper.
explicitly state in direct terms when accessing the browser that the GAK is a potential security risk, then they will be sued. Simply because someone will get blamed.
Getting sued and being liable are very different, just as getting charged with a crime and having done something morally wrong can be very different. I am much less confident than you apparently are that the court system (and products liability law) are likely to impose duties on the makers of browsers such as you suggest. In an advancing technological area, I don't believe that liability will be imposed so quickly, especially if some disclosure is made. What disclosure is required is likely to be fact specific on a case by case basis until the law has time to develop some sort of standards. Can I expect to recover from Ford for my injuries in a car wreck because I would not have been hurt in a Volvo, when Ford meets all federal standards? Generally not.
Since they (or again any company that incorporates GAK.. I really don't want to target Netscape in specific) will make the threat sound as insignificant as possible, and not bring it to people's attention (and they can't afford to do so) when (not if) it is breached they will be taken to court repeatedly.
Don't forget, taking them to court takes $$$. And they only have $5 Billion to pay for lawyers ...
EBD
Jonathan
------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation..
participants (2)
-
Brian Davis -
Jonathan Zamick