CDR: Re: Zero Knowledge changes business model (press release)

Declan McCullagh declan at well.com
Tue Oct 31 14:14:49 PST 2000 

I spent perhaps half an hour on the phone with Austin Hill this afternoon. 
Here's what we discussed.

* I suggested that Freedom had been somewhat less than successful in the 
marketplace. (Out of 3,500 cypherpunks messages I have stored here, only 
one nym appears, and this is presumably one of the target audiences.) I 
suggested that this is a change of strategy for ZKS in an era where 
investors want profitability. Austin denied it, and said that over 100 
engineers "right now" were still working on Freedom.

* I suggested the model they were moving toward was Andersen Consulting. 
Austin said no, "Verisign is the better analogy." He said one difference 
was that he anticipated ongoing licensing/fee arrangements between ZKS and 
clients after original work is complete.

* ZKS will offer to store keys. "That includes us holding encryption keys." 
Austin described the key-splitting the same way Adam has here. He refused 
to say whether or not a third-party (Joe's Escrow Service) would ever hold 
keys.

* ZKS appears to be targeting heavily-regulated areas like medical and 
financial sectors. They will come in, set up a privacy-protective system, 
perhaps provide some ongoing service, and (if so) collect ongoing fees. In 
those cases, "a consumer solution like Freedom allowing anonymity doesn't 
fit that market."

* Austin mentioned cell phones/wireless as a major area. He envisions 
services such as if you call 911, your info is revealed, but not when 
phoning other numbers.

* Tim below suggests that "Wouldn't a better approach be for Alice to 
protect her own privacy?" The answer, generally, is yes. I suspect the 
Brands patents can do much to that end. But Austin seems to be envisioning 
a market in which *some* third party in the transaction, be it a business, 
intermediary, or ZKS, possesses personal info about customers and only 
receives what is necessary.

I welcome responses.

-Declan


At 10:30 10/31/2000 -0800, Tim May wrote:
>At 1:06 PM -0500 10/31/00, Adam Shostack wrote:
>>On Tue, Oct 31, 2000 at 09:11:23AM -0800, Tim May wrote:
>>| >>Zero-Knowledge is committed to deploying systems that are
>>| >>transparent and accountable. In keeping with this policy,
>>| >>MPS will incorporate third party verification and split
>>| >>encryption key structures
>>|
>>| Split encryption key. I think that says it all.
>>
>>Geez.  I don't know how we ended up with that wording. Multiple key
>>would have made more sense.  The goal is to have a set of keys which
>>are held by different entities.  Thus, your data is encrypted such
>>that each of those entities needs to be involved to decrypt it.
>
>>
>>By split key encryption, we mean: E_a(E_b(E_c(data))) where E is a
>>strong algorithm (3des, twofish, AES), and the keys (abc) are full
>>strength, properly generated and stored keys for the system.
>
>Let's stipulate that the split keys are as strong as one can imagine.
>
>OK, let's set the stage with some players:
>
>* Alice, a consumer or customer
>
>* Bobco, a giant corporation dealing with Alice, collecting information on 
>her, and all the usual stuff involving corporations dealing online with 
>consumers like Alice.
>
>* Chuck and Debby, the holders of the "split encryption key," aka the 
>"trusted third parties." (Extending the set to 3 or 4 or N such trusted 
>third parties does not alter the basic discussion. Nor, by the way, does 
>just having a _single_ trusted third party alter the basics of the 
>legal/GAK structure: if the legal or national security system can force 
>two parties to disclose, forcing one is easier, forcing 3 is slightly 
>easier, and so on. But these are "polynomial" issues, so to speak.)
>
>I want to set the state so I can better understand just how and where this 
>new ZKS system might be useful (to Alice, to Bobco, to governments).
>
>>
>>Given that we're doing this for businesses that are collecting data
>>now, if you consider those parties 'trusted third parties,' then we're
>>increasing the assurance that surrounds them.
>
>This business is what I called Bobco above.
>
>Now, suppose Bobco is using the ZKS system. I can see three regimes for 
>any use of a crypto product:
>
>-- storage, at either Alice's or Bobco's site
>
>-- transit, between Alice and Bobco
>
>-- unlinkability: something to do with the linkage of purchase information 
>with identity; how Bobco collects and disseminates information about 
>customers like Alice
>
>The first two are conventional crypto issues, and don't need a new system. 
>Both Alice and Bobco are responsible for securing their own data. Should 
>laws require Bobco to secure Alice's data  in some specific way, split key 
>systems are still a poor solution.
>
>As near as I can tell, your concern about "privacy laws" has something to 
>with the third main use for crypto: unlinkability. Am I right?
>
>Before I proceed further, let's see if this is where we're going.
>
>>We consider them
>>'merchants,' 'shipping companes' and other such businesses who today
>>get data from you.  They're not trusted third parties in the Clipper
>>chip sense, but they are parties who store information about you,
>>often in very insecure and unprivate ways, as MCI, CDnow, and others
>>have found out.
>
>This sounds like the unlinkability again. If so, this is a tough, tough 
>nut to crack.
>
>If Bobco is shipping products to Alice, Bobco knows her address and what 
>she is buying. Fill in whatever examples one wishes.
>
>And if Alice answers a questionnaire about her buying preferences, her 
>income, her age, etc., then Bobco will have this information.
>
>Hard to imagine how adding Charles and Debby to the system as trusted 
>third parties helps things. Now, if Alice goes through a complicated 
>procedure of dealing with Charles and Debby to only selectively reveal her 
>preferences, or if Charles or Debby act as "third party shipping agents," 
>so that Bobco doesn't know who he shipped a product to, then some 
>unlinkability has been gotten.
>
>Anyway, I could ramble on about whether or not this makes for an 
>interesting and profitable market niche, but it doesn't seem to be the 
>thrust of where ZKS is going with this new product.
>
>Fact is, third party secrets are not interesting IF Bobco can aggregate 
>the secret information AT ANY TIME. Unless some kind of unlinkability or 
>blinding (a la Joan Feigenbaum's work on "computing with encrypted 
>instances") is done, the trusted third parties don't serve much purpose 
>that I can see.
>
>Maybe I'm missing something.
>
>How will Alice's privacy be protected from Bobco by having Charles and 
>Debby (or just Charles, or Charles, Debby, Edward, Fred, and Greta, etc.) 
>hold split keys?
>
>Wouldn't a better approach be for Alice to protect her own privacy?
>
>
>--Tim May
>
>--
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>"Cyphernomicon"             | black markets, collapse of governments.
>

More information about the cypherpunks-legacy mailing list