Would the FTC crack down on snake oil someday?

[Deranged Mutant]

On 19 Mar 96 at 19:10, Bill Stewart wrote:

> Sure, they'll be happy to, if we really want.  The NSA will advise them
> on what's good crypto, and what's snake-oil.  Certainly any system that
> didn't provide for back-up key access doesn't rate......
> 
> No, I didn't think you wanted that either....

Maybe the NSA will advise them, maybe not... since there is a 
conflict of interest (not unusual in regulatory circumstances, 
though).

Then again, it would be awkward if the NSA hypothetically said 
product A is crap and product B is secure but non-NSA people said 
differently, esp. if the NSA wouldn't let product A be exported.

They're a governmental organization, with all the flaws of any 
organization/bureaucracy, let alone the government.  So yes, I've
pondered them asking the NSA for advice... but keep in mind it puts
the NSA in a double-bind, because they aren't the only experts, and
because they'll look bad if they contradict themselves.

They (FTC) might go by something different, though. If a company claims 
their product uses an "unbreakable cipher" when there are cracking 
programs (commercial or free) available, then obviously its false 
advertising.  Indeed anything that advertises itself as "unbreakable" 
is a lie.

There's also other consumer groups that are non-governmental, like 
Consumer Reports, PIRGs, and even various state and county consumer 
advoctates who won't tow the federal line (look at bovine growth 
hormone for one example... hm, maybe a bad parallel.)

Part of it is a public learning curve. After a while more people 
(though not enough to eliminate snake oil's market) will recognize 
"PGP", "RSA", 'IDEA", "3DES" and other strong algorithms. (Ascom Tech 
could do themselves a nice turn by pushing for products with "IDEA 
Inside" type of messages...)

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl at unix.asb.com> for a copy of my PGP key.