PGP, Inc.--What were they thinking?

Kent Crispin kent at bywater.songbird.com
Sat Oct 25 00:32:35 PDT 1997



On Fri, Oct 24, 1997 at 02:42:19PM +0100, Adam Back wrote:
> 
> Kent Crispin <kent at bywater.songbird.com> writes:
> > It may be less obvious, but despite what PGP claims, a significant
> > fraction of this demand is for the ability to SNOOP, and not just data
> > recovery.  
> 
> I was suspicious about this also, the CMR design makes much more sense
> if this is the user requirement.  Binding cryptography also would make
> sense for this requirement.
> 
> But the last time I expressed this suspicion on this list Jon Callas
> clearly stated that this was not the case:
> 
> Jon Callas <jon at pgp.com> writes:
> :    It is possible that
> :    there is an unstated perceived user requirement, that the messaging
> :    standard be able to allow third party access to the communications
> :    traffic directly.
> : 
> : Nope, that's not what we're arguing for. 
> 
> So it would appear that your suspicious are unfounded...

Jon's statement and my statement are consistent, if you look a little 
more closely.

> > *All* the debate on this list implicitly takes the employee's side,
> > not the management's side, and that is a serious lack.  The
> > unpleasant fact is that managers NEED TO BE ABLE TO SNOOP.
> 
> Okay!  Some one who is able to say the unpleasant words.  (I think
> Lucky may have been hinting at this also).
> 
> If this is the case, I reckon it's still better to just escrow their
> comms keys locally. 

In my early days on the list I spent a great deal of effort arguing
exactly this point, perhaps even with you.  Perhaps you recall my
discussions of the "key-safe" model.  (I suppose we could check the
archives...) At that time, however, my proposal was branded as key
escrow and hence evil, and the STANDARD REPLY WAS THAT IT WOULD BE
FAR, FAR BETTER TO JUST ENCRYPT TO A COMPANY KEY AS WELL AS THE
PRIVATE KEY.  *You* may even have made such arguments. 

Now that PGP has actually gone and implemented exactly what some
months ago was the preferred alternative, the jack-rabbit meme-ridden
collective cypherpunk semiconciousness awakens from its hazy stupor
and says "Huh! GAK!", and parades Key Escrow as a safer solution.

So, for sure, either the thinking those months ago was shallow, or the
thinking now is shallow.  The third alternative, that the thinking has
remained at a constant level, is interesting to contemplate.

> Put them all in the company safe, whatever.  To
> go with this kind of a company with this kind of policy, I would
> presume that sending or receiving super-encrypted messages would would
> be a sackable offense.
> 
> However, there is an alternate reason for the CMR design, which you
> don't include above (tho' you did I think discuss this earlier):
> 
> That PGP Inc thought CMR would be easier to implement within their
> plugin API, and dual function crypto (file encryption, and email
> encryption), and to cope with things like encrypt-to-self on Cc: to
> self to keep copies.

Yes, I did mention the matters of history, backward compatibility, 
and expedience under tight schedules as important factors.

> > It is terrible to work for an employer who will snoop, but it is 
> > just as terrible to have dishonest employees.  It doesn't take a 
> > genius to realize that the existence of dishonest employees is a
> > primary motive for management snooping.
> 
> Even with snoopware such as you describe, and companies with such
> attitudes, there are other similarly easy ways to get data out: user
> walks out of building with floppies.  In fact from memory I think this
> was one you suggested: "frisbee DAT tape out of window to sweetheart"
> or words to that effect.

I don't remember saying that, but the point is obvious, anyway.  The
argument that leaking company secrets is the primary concern is
fallacious for exactly the reason you mention -- there are a thousand
ways to leak data out. 

There are other, more realistic concerns.  Is the employee exchanging
encoded gif images with his friends? Is the employee telling the truth
about an exchange with a customer? Is the employee spending all his
time reading mailing lists devoted to home-brew-beer, and other
hobbies? Is the employee distributing porno images from an ftp site on
a company computer? Is the employee running a consulting business on
the company computers?  For investigating any such suspicions, 
snooping incoming mail would be just as valuable as snooping outgoing 
mail. 

BTW: You may laugh -- But I have seen real-life instances of each of
these examples.

> > Clearly, there are some organizations for which this is more
> > important than others -- financial services companies are only the
> > most obvious example.
> 
> Maybe.  If PGP Inc want to go this far, and design software with these
> features, I reckon local key escrow is better.  

I reckon local key escrow is better, myself.  But be real for a
moment, Adam.  If they had designed a system with "local key escrow"
they would have been crucified by the butterfly brains on cypherpunks
far more intently than they are being lambasted for CMR.  The very
phrase "KEY ESCROW IN PGP" would have turned the cypherpunk group mind
into quivering jelly. 

> However that is not
> what they are saying.

It doesn't matter what they are saying, really.  They designed 
something with a set of constraints, one of which was the meme of 
antipathy to anything that could be termed "key escrow".  

I understand what Lucky meant when he said that PGP had pulled the
greatest hack ever on corporate America.  It's so good that you have
to conceal your mirth, for fear of screwing it up... 

-- 
Kent Crispin				"No reason to get excited",
kent at songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html







More information about the cypherpunks-legacy mailing list