CDR: Re: Zero Knowledge changes business model (press release)

Tim May tcmay at got.net
Tue Oct 31 09:11:23 PST 2000 

At 10:03 AM -0500 10/31/00, Declan McCullagh wrote:

>>
>>ZERO-KNOWLEDGE SYSTEMS INTRODUCES MANAGED PRIVACY SERVICES
>>TO SOLVE THE PRIVACY CHALLENGES OF BUSINESSES
>>
>>
>>Montreal -- October 31, 2000 -- Zero-Knowledge(R) Systems,
>>the leading developer of privacy solutions, today
>>introduced its new Managed Privacy Services(TM) offering to
>>solve the privacy challenges of businesses and enable
>>enterprise to thrive in a privacy-conscious climate.
>>Delivering a unique combination of technology, policy and
>>strategy expertise, Zero-Knowledge Managed Privacy Services
>>(MPS) enables clients to turn privacy into a competitive
>>advantage by leveraging rich data resources while building
>>stronger and more profitable relationships with customers,
>>employees and partners. MPS is based on responsible and
>>ethical information management in accordance with relevant
>>legislation and industry standards.

"Relevant legislation"? In Canada, in Iran, in Denmark, where?

Surely ZKS is not claiming that they will be somehow targetting each 
instance of their product to specific countries. If not, if the 
product is a general one, then just _whose_ "relevant legislation" 
applies?

(I presume this is related to their split key/key escrow/"trusted 
third parties" nonsense.)


>>
>>* ASSESS AND ADVISE -- Managed Privacy Services begins with
>>a thorough assessment of each client's data storage and
>>usage patterns, as well as their business objectives. From
>>this assessment, recommendations are made regarding areas
>>where data can be better utilized through the addition of a
>>strong privacy layer, and areas of potential privacy risk
>>are identified.

This is beginning to sound like ZKS is restructuring itself as a 
consulting company, a la Arthur Anderson or the (now in the process 
of divorce) Kroll-O'Gara outfit.

>>
>>Zero-Knowledge is committed to deploying systems that are
>>transparent and accountable. In keeping with this policy,
>>MPS will incorporate third party verification and split
>>encryption key structures

Split encryption key. I think that says it all.

>>, as well as provide consumers
>>with access to white papers, independent auditors' reports
>>or other materials that assure a company is doing what it
>>claims. With MPS Zero-Knowledge strengthens its commitment
>>to building responsible systems that empower consumers to
>>control the disclosure and use of their personal
>>information, while still enabling businesses to thrive in a
>>data and relationship-driven marketplace.

"Empower consumers"? "Responsible systems"? "Strengthens its commitment"?

How about:

-- no key escrow, no split keys, no trusted third parties

-- public key crypto

With strong crypto widely available, what business (or knowledgeable 
private person) is going to want or need this "ASSESS AND ADVISE" and 
"COMMIT AND CAPITULATE" (ok, I'm changing their stages) stuff/

I can't see how a large company, like an Intel or an Amgen, is going 
to move away from mathematically robust PKS systems and adopt some 
throwback to the 1940s, some kind of split key or key escrow system. 
And I can't see how Joe Consumer is going to pay for the (apparent) 
"review" of his (presumed) needs and then get some key escrow package 
tailored to his (presumed) needs.

So, what sort of customer is this product tailored for? Some 
middle-sized company which is clueless on crypto and which wants 
hand-holding? Some company in a country which _requires_ key escrow? 
Is ZKS setting itself up to be the premier supplier of key escrow and 
LEAF tools? Sounds like it.

The "relevant legislation" language is the real kicker. Sounds like 
the many former government types working at ZKS got the focus shifted 
from truly secure systems to basically uninteresting--and even 
pernicious!--systems which "meet the legitimate needs of law 
enforcement."

Key escrow, in other words.


"Big Brother Inside"


Whew.


--Tim May
-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.

More information about the cypherpunks-legacy mailing list