fallacy alert!

The Right Guy trg at dev.null
Thu Oct 16 14:31:00 PDT 1997



Adam Back wrote: 
> Anonymous writes:
> > I thought that was the whole point of the PGP design.  It makes the
> > presence of third parties clear and visible to all participants.  This
> > seems to be the fundamental principle.
 
> I have noticed serveral PGPers use this fallacy also.
...
> It matters not one whit what `statement of intent' you mark PGP CMR
> extended public keys with.  That statement is semantically meaningless
> as a design principle because it is utterly unenforceable.

Since I am always right, let me give you the benefit of my thoughts on
a few things. (No need to bow at my feet, I'm always willing to help.)

  I have no doubt that the government's framing of the Escrow/Recovery
debate has had an influence on those companies who wish to be compliant
enough with emerging standards to remain in business.
  In a perfect world, those with 'good intentions' would have the time
and resources to do things totally 'right,' both in a technological
manner and in exercising the highest standards of principles and
ethics. In reality, the industry is moving so fast that any company
who dallys about, trying to make the perfect product, might well
find that 'Pretty Freeh Privacy' has the encryption market locked
up, and besides, they don't make Intel CPU's any more--that was 
_last_ week.

  PGP is being castigated for, by way of analogy, not producing a
gun that can _only_ be used for self-defense, and _not_ for killing
the (imaginary) innocent.
  Unfortunately, for PGP, this is not unreasonable, since PGP's 
reputation capital was built on a level of standards and integrity
which go far beyond *only* business concerns.
  Phil Zimmermann, before he sold out his principles (just kidding!),
wrote a documentation for PGP which did not contain a Madison Avenue
pitch assuring the user that if they used PGP on their work machine,
they could let rapists and murders use it, without fear of their
encrypted home address being compromised.
  I truly believe that much of PGP's reputation is a result of people
reading the documentation and having the program's author point out
the _weaknesses_ and _vulnerabilties_ in his product, pointing out
what it could and could _not_ do.

  I respected the points that Jon was making in his first long post
defending PGP's new product, but I was also saying, "Bullshit!" as
I read on. Why? Because while the benefit of the software lies in
what it _does_ do, the danger lies in what it _doesn't_ do.
  How can Jon convince me that the PGP product is their best possible
effort, to date, and that PGP will strive to improve the product's
ability to resist misuse by fascists, while giving the individual
user as much knowledge and control as possible in the product's use?
He can do so by telling me that he wakes up at night, screaming, in
fear of having helped to create the crytp equivalent of the atomic
bomb, when the product is in the hands of the fascists. (Not that
I expect him to be stupid enough to say this on the product packaging.)

> There can be no enforcement of statement of intents.  All you can do
> is hope that companies are not lying; encourage them to behave in ways
> which you consider ethical.

  Governments, corporations and crypto munitions don't kill people.
People kill people.
  When death camps are computerized, the software used will be named,
"I Am Just Following Orders."
("I don't put the in in the gas chambers, I just boot the computer.")

  I have to admit to being somewhat amused by Jon taking a Cypherpunk
to task for being loud, rude, and ranting. Is this your first time
on the list, Jon?

The Right Guy
~~~~~~~~~~~~~
Tomorrow: The Solution to World Peace







More information about the cypherpunks-legacy mailing list