CDR: RE: Zero Knowledge changes business model (press release)

[Trei, Peter]

I can't help but feel that this is a weakening of ZK's position
regarding privacy. The critical paragraph is:

> >Zero-Knowledge is committed to deploying systems that are
> >transparent and accountable. In keeping with this policy,
> >MPS will incorporate third party verification and split
> >encryption key structures, as well as provide consumers
> >with access to white papers, independent auditors' reports
> >or other materials that assure a company is doing what it
> >claims. With MPS Zero-Knowledge strengthens its commitment
> >to building responsible systems that empower consumers to
> >control the disclosure and use of their personal
> >information, while still enabling businesses to thrive in a
> >data and relationship-driven marketplace.
> 
I don't want to be 'assured that a company is doing what it
claims' (with my personal information). Companies change
policies at whim. What a firm's founder may fervently 
believe could become a curio of corporate history after the
next board meeting. Look at Amazon's recent policy
change, for example. Also, data in the possession of a
corporation and me is always less secure than information
possessed only by me.
 
Instead of being assured that the company is acting in
accordance with their stated policy du jour (or at least, 
their lawyers' spin on it), I want to know that they CAN'T 
abuse my personal data, because the don't have any. 
That is the confidence which ZK's original scheme was 
intended to produce, and which the introduction of this 
plan seems to seems to suggest is no longer considered 
a high priority at ZKS.

It may be that the ZK's product 'Freedom' is proving a
financial bust (I won't use it until I can buy nyms 
for cash at CompUSA). I understand the drive to meet
payroll and pay off VCs, but I can't help but be
saddened.

I understand that some transactions require more state
than "Here's an order, some money, and a shipping
address", but in a great many cases, corporations
by policy ask far more than this. The most egregious 
example I've seen is a cheap travel site which, when 
you register, suggests that you tell them your 'favorite
internet password' as a key to get get back to your
account.

I hope that ZKS's new service doesn't simply 
"culminate in the deployment of a tailored privacy layer that
 integrates seamlessly with the client's existing enterprise
 applications"....

but rather looks at their business and informs them of the
absolute minimum of data they need to acquire, and how
long to keep that data, if they need to keep it at all. I don't
want to rely on a 'privacy layer' under the control of an
entity which will profit from silently circumventing it, or
be subject to leaks and third party seizures of data. 

Peter Trei

Disclaimer: The above represents my personal opinions
only.