PGP, Inc.--What were they thinking?

Wed Oct 22 15:21:00 PDT 1997

With all due respect to Tim May:

As a person whose been at work on a very long feature about PGP Inc. for
Wired, I can tell you that businesses really don't care that much about
PGP's civil liberties advocacy. In fact, its rep could hurt as much as help
them. The Fortune 500 is much more pragmatic: They want solutions that
work, that help them maintain security for their intellectual property and
capital. To that extent, PGP 5.5--which enables IS directors to manage a
public key infrastructure and enforce company-wide security policies-- is a
step in the right direction.

But with this new product, I agree that they run the risk of alienating
their core user group of cypherpunks and hackers. Encryption is a very
complicated topic that doesn't lend itself well to sloganeering and
histrionics. And one major thing that needs to be pointed out: PGP's key
recovery system is *voluntary and private*--not mandatory and gov.
controlled, which is what the Feds and Louis Freeh have been pushing for.
One potential positive side effect of PGP 5.5 is that it could realign the
crypto debate and force people to consider this question: Whose back door
should netizens be more worried about: Big Brother or The Boss?

Spencer E. Ante
Associate Editor
THE WEB Magazine

To:   cypherpunks at toad.com, fight-censorship at vorlon.mit.edu
cc:    (bcc: Spencer Ante/PCWORLD)
Subject:  Re: PGP, Inc.--What were they thinking?

At 1:45 PM -0700 10/22/97, Anonymous wrote:
>>Agreed. What amazes me is how PGP, Inc. would decide this should be a
core
>>part of their company. "PGP for Business," indeed. What were they
thinking?
>
>Um, maybe that they wanted to stay in business?
This is a truism, that businesses want to stay in business. (And thrive,
etc.)
The interesting question is whether this action will help them.
Why it may not is what we're talking about.
For example, if PGP loses its "little guy fighting the system" image, and
the company is seen as a major supplier of snoopware and GMR systems, it
will have squandered the good will which led many of us to support PGP.
And it's by no means clear that corporations will pay enough for PGP for
Business if this good will has been squandered.
The free status of most versions of PGP is indeed an impediment to PGP
making a profit.  That's an unchangeable situation. Lots of copies of PGP
are already out there, and lots more are available from many sites.
The "commercial use" vs. "personal use" dichotomy is largely unenforceable.
If Joe Employee uses PGP 2.6 or even 5.0 for his messages, PGP, Inc. will
have a very hard time proving in court that Joe or his employer can be held
liable for this use (at most, maybe Joe will have to pay $50 or so...and
probably not even that, as PGP 5.0 is not serialized (so far as I can find)
and records aren't kept...Joe can just claim he did in fact buy it, blah
blah).
This means PGP, Inc. faces a Netscape-like battle in finding revenue
sources.
Will they succeed?
Will people like us continue to give PGP, Inc. the good will it has
enjoyed?
Stay tuned.
--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."