CDR: RE: The Market for Privacy

[auto107640 at hushmail.com]

--Hushpart_boundary_iWCDbgAikNCcbLlDAWpLjBKeDnioBxsF
Content-type: text/plain

WOW - well I have to start out this post with a REALLY STRONG sense of vindication!!
DAMN it feels good to be right!!

4 months ago (circa July) I made (using a differnet hushmail nym - forgot
the password to that one so I had to make a new one..) a number of posts
to this list of the subject of: (1) why ZKS doesn't really protect privacy
in the first place, (2) why privacy is a MAJOR ecnomic issue, and (3) why,
 (b/c of (2)) the real market for privacy is on the business side of the
equation, not in wimpy pieces of consumer client software like Freedom..

At the time I equated privacy with the Code of Fair Information Practices
(CFIP), and explained at a NUMBER of businesses would be MORE THAN WILLING
to put these principles into practice at their enterprise b/c of the massive
REVENUE potential this could create..

At the time, I was pretty much totally dismissed.. every point I made was
ridiculed as being short-sighted or a pipe dream and, esp concerning the
fact that businesses would be willing to put in place CFIP, I was told that
I was f***ing out of my mind and that that made no sense whatsoever..

How DELICIOUS to watch (in FOUR SHORT MONTHS) ZKS TRY to turn around their
whole business to basically the same principles that I outlined in those
earlier postings!!

Enough w/ the revenge, though -- let's proceed to dismantle Tim May's inept,
 knuckle-dragger arguments on these issues..

>This is a recurring theme, and one we've talked about many times.

>Fact is, most people don't think they need security. Most people
>don't even think they need backups. Until their hard disk crashes.
>And so on. It's a tough sell in either case.

>This is why the market for crypto and security and anonymity has
>tended to be at the "margins" of society: porn, warez, freedom
>fighting, etc. Such has it always been, such shall it always be.
>Targetting the mainstream is a tough sell.

No, completely wrong, as usual. The REAL market for crypto and security
has ALWAYS BEEN and WILL ALWAYS BE in the financial services sector. These
people have absolutely enormous amounts of money at stake, and in so far
as cryptography and security can reduce the risk of bad loans, of theft,
 of a gazillion other risks that financial services companies face, these
companies will continue to operate at the forefront of global cryptography
technology..

Anonymity has NO MARKET in this world outside of free speech.. (I'm sure
I'll be ridiculed for this again too, but in 4 short months something else
will happen to vindicate me.. I'll let you guys know when it does..)

>(The most widely-deployed bits of crypto are in places where huge
>deals were cut with browser makers, e.g., SSL,Verisign, etc. The
>customer is only vaguely aware that such things are happening. No
>sale to Joe Average is needed. Probably this is the way Web proxies
>will ultimately be sold.)

Good security should be so seamless the user doesn't even know it's there.
SSL satisfies this design requirement. So does Verisign. Freedom doesn't.
Freedom sux.. it's like, it's always there and I can't uninstall that hideous
piece of software off my machine fast enough..

>ZKS was just one of many companies attempting to sell privacy tools
>to "Joe Average," and his little daughter Suzy Average (pictured in
>ZKS Freedom ads...). Well, Joe doesn't do much with his home computer
>except check some sites and maybe download a few porn images from
>Danni's Hotbox when Suzy has gone to bed and the wife is passed out
>on the sofa.

>_Could_ ZKS Freedom help Joe a little? Maybe, but it's not something
>even on his radar screen to worry about. His bigger concern is having
>Suzy or the wifey find the paltry pieces of porn he purloined.

Privacy can and is an enormously powerful tool for global consumers, and
like Garfinkel says, maybe it will take years to realize this economic reality,
 but it will be realized, sooner or later.. just not in the form that Tim
May thinks..

>Or he's at work and his boss has just announced that several
>employees have been fired for using the company's networks for
>checking sports scores, downloading porn, usng Napster, etc.

>These are Joe Average's _real_ concerns about privacy. Cute ads about
>little girls needing their privacy probably won't sell ZKS Freedom to
>Joe Average.

I agree - I've always found the ZKS ad campaign to be rather distasteful
in fact.. (the bar codes on people.. esp since the Internet doens't really
operate by bar coding people and even if it did, ZKS wouldn't be able to
do anything about it.. it's called FALSE ADVERTISING.. the FTC might have
a thing or two to say about that..)

>ZKS may do better by bundling Freedom with Danni's Hard Drive
>accounts! "Your porn is downloaded to you in "Plain, Brown Wrapper"
>format, disguised to look like a marketing report containing the key
>words you specify. Your boss will think it's business, your wife will
>be bored."

>(No, I'm not suggesting this as any kind of real product. The market
>is just too small, and downloading porn or Napster songs at work is a
>lose for many good reasons. The proper solution is even more
>straightforward: only fools download porn at company sites, and they
>deserve to be fired. And if Joe Average doesn't have his own
>_personal_ computer at home, they're cheap enough. No reason Little
>Suzy should be doing her homework on the machine he has his porn on.
>And even if he does, encrypted partitions are trivial to set up.
>Plus, removable CD-RWs and Zips. "Zip--for when you don't want your
>porn discovered by your wife!")

>The second major use for privacy tools is preventing the "dossier
>society" effect, where one's words in alt.sex.gerbils are archived
>for all time and are seen by prospective employers, Senate
>confirmation panels, etc. This is a likely market for ZKS Freedom.
>Ah, except that utterly free and easy to use services like MyDeja and
>MyYahoo and suchlike are dominant in this application area ("space").

Everything up to here is basically the ravings of a madman, so I'll leave
it alone..

>It is routine to see "aardvaark42 at mydeja.com" posts in nearly all
>newsgroups. While these are not cryptographically robust, it's
>unlikely these will ever be linked to true names. Especially as they
>may be set up on the fly, through proxies, etc.

That's a good point and that's basically what I've always said about "nyms"..
you don't really need ZKS for a nym (Hushmail works fine for me), and even
when you DO get one, the only thing it's good for is free speech, never
for privacy. (Ever notice how privacy discussions are always framed in the
context of commerce? Like what are the privacy policies of that bank or
HMO? Or what is Amazon doing w/ my purchasing profile? AND YES, there are
privacy threats from government, but you're never going to be able to *make
money* by battling the government (like ZKS was trying to).. since we're
talking about a business here (ZKS), I'll keep the discussion limited to
commerce..)

>Still, some fraction of people will pay for Freedom-type nyms.
>Probably not $50 a year, as that is a significant fraction of their
>entire ISP bill. But not a lot of people. And they won't pay much.

>The real market for robust security and privacy tools is, as always, elsewhere.

Financial services..

>The _interesting_ market has always been for those who
>are--demonstrably!--willing to pay big bucks to get on
>a plane to fly to the Cayman Islands or Luxembourg to open an
>offshore account. For those who are actively interested in untraceable
VISA
>cards. For those selling arms. For those trafficking in illegal
>thoughts.

>In short, for crypto anarchy.

No, this market is actually really really boring. It's too tiny and the
opportunity for recurring revenue streams is too small and ... no.. I won't
rip it apart any further..

>Not for fluff.

>Will the new ZKS business model work? Maybe. But as Simson Garfinkel
>points out in the  article Declan wrote, this may take years to
>develop. Until then, tough sledding.

>MojoNation seems to be a lower burn-rate run at the real low hanging fruit.

It's (vaguely) the right approach to privacy (going after the enterprise),
 and I'm sure ZKS has been pursuing for some time now (probably since I
made those postings back in July). But in terms of being delivering privacy
tools to the enterprise, they're already behind companies like Privada and
PrivacyRight. I mean, granted I slammed Privada earlier for their weenie
knock-off of Freedom, but at least they've been pursuing the enterprise
market for some time now in earnest.. and as for PrivacyRight, it seems
they've already made substantial inroads into the health care and financial
services markets that ZKS claims it wants to pursue..

So what is ZKS really selling to enterprises? Is it anonymity software like
Freedom? No business will ever buy this.. is it fancy, schmancy cryptography
software? Again, I've sold security products to enterprises for years, and
every CIO in America knows that security is not isomorphic to cryptography.
No hacker in the world bothers trying to crack 40-bit encryption when he
knows there are users on the enterprise network dumb enough to have username
"Tim" and password "May".. this is a much easier way to subvert the network..

Security starts with good cryptography, but encompasses a great deal more
(lots of policy, for one). Privacy starts w/ good security, but also encompasses
a great deal more than plain, old vanilla security.. For this reason, if
all ZKS is selling is cryptography, then good luck! you're already way behind
the times..

And if ZKS is selling consulting hours, then thanks, but I think I'll take
my budget to a place where they already have the whole privacy picture in
focus (like PriceWaterhouse Cooper or Ernst & Young), not to a place where
they just brag about cryptography all day long..
--Hushpart_boundary_iWCDbgAikNCcbLlDAWpLjBKeDnioBxsF--


IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.