RE: Questions about Microsoft and Software Key Escrow
From: Timothy C. May My forte here on the list, I like to think, has always been to have "extremely long-range radar" that can pick up trends far in advance. Black Unicorn once told he this was my main strength, and even everybody's second-favorite nemesis, David Sternlight said much the same thing in sci.crypt. Coming from Sternlight, high praise indeed. <misc. elided> By all means, give Microsoft the benefit of the doubt. But also insist that they explain their work on SKE, and repudiate it. ......................................................... I respect your ability to think clearly and with great foresight also, Tim, but I really cannot think that Microsoft would "sell out" on this issue. There are too many in the company who would are for privacy for the individual, and remember they have their customers to think about. If SKE would constitute a problem for the individual end-user, then I can't see how the company could implement it and expect to remain a leader in the business, with all the negative publicity it would generate (conceivably most of it from cypherpunks!). These are my thoughts based on what I know about attitudes around here that I am familiar with & certain of. As I said in another post, Microsoft is an expert at arriving at a "win-win" situation, but I don't believe this includes sacrificing some of our most cherished values, like personal privacy, in exchange for a little security. If I thought this was not true, *I* would not work here. I may sound naive; hope time does not prove me wrong. Blanc
Blanc I respect your feelings on the matter and your ability to think clearly and with great foresight also :-), but for this list it would probably be much more useful if we got some _OFFICIAL_ answer from Microsoft instead of your "I believe, I cannot think, can't see", etc. etc. You're obviously a concerned individual but you equally obviously don't claim to speak for Microsoft. --JYL Blanc Weber writes:
From: Timothy C. May
My forte here on the list, I like to think, has always been to have "extremely long-range radar" that can pick up trends far in advance. Black Unicorn once told he this was my main strength, and even everybody's second-favorite nemesis, David Sternlight said much the same thing in sci.crypt. Coming from Sternlight, high praise indeed. <misc. elided> By all means, give Microsoft the benefit of the doubt. But also insist that they explain their work on SKE, and repudiate it. .........................................................
I respect your ability to think clearly and with great foresight also, Tim, but I really cannot think that Microsoft would "sell out" on this issue. There are too many in the company who would are for privacy for the individual, and remember they have their customers to think about. If SKE would constitute a problem for the individual end-user, then I can't see how the company could implement it and expect to remain a leader in the business, with all the negative publicity it would generate (conceivably most of it from cypherpunks!). These are my thoughts based on what I know about attitudes around here that I am familiar with & certain of.
As I said in another post, Microsoft is an expert at arriving at a "win-win" situation, but I don't believe this includes sacrificing some of our most cherished values, like personal privacy, in exchange for a little security. If I thought this was not true, *I* would not work here.
I may sound naive; hope time does not prove me wrong.
Blanc
On Thu, 28 Jul 1994, Jacob Levy wrote:
I respect your feelings on the matter and your ability to think clearly and with great foresight also :-), but for this list it would probably be much more useful if we got some _OFFICIAL_ answer from Microsoft instead of your "I believe, I cannot think, can't see", etc. etc. You're obviously a concerned individual but you equally obviously don't claim to speak for Microsoft. People lie. Tim May speaks the truth and does not charge a consulting fee.:-) Who knows what evil lurks in the hearts of men?
Berzerk.
On Thu, 28 Jul 1994, Jacob Levy wrote:
I respect your feelings on the matter and your ability to think clearly and with great foresight also :-), but for this list it would probably be much more useful if we got some _OFFICIAL_ answer from Microsoft instead of your "I believe, I cannot think, can't see", etc. etc. You're obviously a concerned individual but you equally obviously don't claim to speak for Microsoft. People lie. Tim May speaks the truth and does not charge a consulting fee.:-) Who knows what evil lurks in the hearts of men?
Berzerk.
I don't believe the folks at MS are lying--I believe they are telling the truth as they see it. In fact, the paralegal guy told me a lot of stuff about the possible justifications for SKE, the export issues (Feds want SKE for exported products....don't ask me why), etc. He thought, I guess, that this would _convince_ me that Microsoft's motives were not evil--which I have never thought was the case, ironically. Instead, he just confirmed to me via his arguments that some kind of SKE scheme is being talked about, negotiated with one or more federal agencies, and may or may not be planned for future products. This has always been my point: a heads-up on something of profound importance if it happens. That Chicago and Daytona have no SKE built in to current versions is not at all surprising: the SKE proposal got its big boost in momentum less than two months ago, and demo code may or may not even exist yet at TIS. If I were to guess, we're in SKE about where Clipper was in the summer of '92...a few hints (Denning and Micali papers) but the various corporate players (Mykotronx, VLSI Technology, AT&T, etc.) were just being brought on board. And announcement was still 9 months off in the future. (Actually, I don't know when all the Clipper players joined the team...it may've been even earlier than 1992. I'm just making the point that the public knew nothing about this until a press conference on April 16, 1993.) Except this time around there's a greater sensitivity to such deals, and a lot more ways for sources to communicate tips :-}. There are also 600 Cypherpunks ready to critique software key escrow. That Microsoft's legal people know about SKE, despite its newness to most in the crypto community, and that issues are being debated about it, shows pretty compellingly that the SKE idea is indeed being worked on one way or another. This is actually more important than "official statements," for obvious reasons. (We often lose sight of actual realities in our focus on "official statements" and disclaimers about not speaking for Lockheed or Apple or whatever.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Thu, 28 Jul 1994, Timothy C. May wrote:
I don't believe the folks at MS are lying--I believe they are telling the truth as they see it. In fact, the paralegal guy told me a lot of stuff about the possible justifications for SKE, the export issues (Feds want SKE for exported products....don't ask me why), etc. He thought, I guess, that this would _convince_ me that Microsoft's motives were not evil--which I have never thought was the case, ironically. Instead, he just confirmed to me via his arguments that some kind of SKE scheme is being talked about, negotiated with one or more federal agencies, and may or may not be planned for future products.
Here's another possibility.. We put out the word that we don't buy Chicago or any somftware that has SKE built in. KEep your old stuff or make your own operating system. I think most of the computer programmers could on joint effort create something better than what is on the market anyway. We live in a democracy. We should be telling those assholes in Washington DC how we want the country run, not them telling us that we need NIST. Who are they representing anyway??? Aaron
Aron Freed writes:
Here's another possibility.. We put out the word that we don't buy Chicago or any somftware that has SKE built in. KEep your old stuff or make your own operating system. I think most of the computer programmers could on joint effort create something better than what is on the market anyway.
An off-topic aside: this is already done. Check out the NetBSD and Linux projects sometime. NetBSD is about to release 1.0, the first fully-working unencumbered release of bsd 4.4 for several platforms. Linux is well known by now. I have both, they are far superior for my needs than any MS product. -- Dan.
participants (6)
-
Aron Freed -
Berzerk -
Blanc Weber -
Daniel Carosone -
Jacob.Levy@Eng.Sun.COM -
tcmay@netcom.com