CDR: Re: Zero Knowledge changes business model (press release)
Declan McCullagh
declan at well.com
Tue Oct 31 14:14:49 PST 2000
I spent perhaps half an hour on the phone with Austin Hill this afternoon.
Here's what we discussed.
* I suggested that Freedom had been somewhat less than successful in the
marketplace. (Out of 3,500 cypherpunks messages I have stored here, only
one nym appears, and this is presumably one of the target audiences.) I
suggested that this is a change of strategy for ZKS in an era where
investors want profitability. Austin denied it, and said that over 100
engineers "right now" were still working on Freedom.
* I suggested the model they were moving toward was Andersen Consulting.
Austin said no, "Verisign is the better analogy." He said one difference
was that he anticipated ongoing licensing/fee arrangements between ZKS and
clients after original work is complete.
* ZKS will offer to store keys. "That includes us holding encryption keys."
Austin described the key-splitting the same way Adam has here. He refused
to say whether or not a third-party (Joe's Escrow Service) would ever hold
keys.
* ZKS appears to be targeting heavily-regulated areas like medical and
financial sectors. They will come in, set up a privacy-protective system,
perhaps provide some ongoing service, and (if so) collect ongoing fees. In
those cases, "a consumer solution like Freedom allowing anonymity doesn't
fit that market."
* Austin mentioned cell phones/wireless as a major area. He envisions
services such as if you call 911, your info is revealed, but not when
phoning other numbers.
* Tim below suggests that "Wouldn't a better approach be for Alice to
protect her own privacy?" The answer, generally, is yes. I suspect the
Brands patents can do much to that end. But Austin seems to be envisioning
a market in which *some* third party in the transaction, be it a business,
intermediary, or ZKS, possesses personal info about customers and only
receives what is necessary.
I welcome responses.
-Declan
At 10:30 10/31/2000 -0800, Tim May wrote:
>At 1:06 PM -0500 10/31/00, Adam Shostack wrote:
>>On Tue, Oct 31, 2000 at 09:11:23AM -0800, Tim May wrote:
>>| >>Zero-Knowledge is committed to deploying systems that are
>>| >>transparent and accountable. In keeping with this policy,
>>| >>MPS will incorporate third party verification and split
>>| >>encryption key structures
>>|
>>| Split encryption key. I think that says it all.
>>
>>Geez. I don't know how we ended up with that wording. Multiple key
>>would have made more sense. The goal is to have a set of keys which
>>are held by different entities. Thus, your data is encrypted such
>>that each of those entities needs to be involved to decrypt it.
>
>>
>>By split key encryption, we mean: E_a(E_b(E_c(data))) where E is a
>>strong algorithm (3des, twofish, AES), and the keys (abc) are full
>>strength, properly generated and stored keys for the system.
>
>Let's stipulate that the split keys are as strong as one can imagine.
>
>OK, let's set the stage with some players:
>
>* Alice, a consumer or customer
>
>* Bobco, a giant corporation dealing with Alice, collecting information on
>her, and all the usual stuff involving corporations dealing online with
>consumers like Alice.
>
>* Chuck and Debby, the holders of the "split encryption key," aka the
>"trusted third parties." (Extending the set to 3 or 4 or N such trusted
>third parties does not alter the basic discussion. Nor, by the way, does
>just having a _single_ trusted third party alter the basics of the
>legal/GAK structure: if the legal or national security system can force
>two parties to disclose, forcing one is easier, forcing 3 is slightly
>easier, and so on. But these are "polynomial" issues, so to speak.)
>
>I want to set the state so I can better understand just how and where this
>new ZKS system might be useful (to Alice, to Bobco, to governments).
>
>>
>>Given that we're doing this for businesses that are collecting data
>>now, if you consider those parties 'trusted third parties,' then we're
>>increasing the assurance that surrounds them.
>
>This business is what I called Bobco above.
>
>Now, suppose Bobco is using the ZKS system. I can see three regimes for
>any use of a crypto product:
>
>-- storage, at either Alice's or Bobco's site
>
>-- transit, between Alice and Bobco
>
>-- unlinkability: something to do with the linkage of purchase information
>with identity; how Bobco collects and disseminates information about
>customers like Alice
>
>The first two are conventional crypto issues, and don't need a new system.
>Both Alice and Bobco are responsible for securing their own data. Should
>laws require Bobco to secure Alice's data in some specific way, split key
>systems are still a poor solution.
>
>As near as I can tell, your concern about "privacy laws" has something to
>with the third main use for crypto: unlinkability. Am I right?
>
>Before I proceed further, let's see if this is where we're going.
>
>>We consider them
>>'merchants,' 'shipping companes' and other such businesses who today
>>get data from you. They're not trusted third parties in the Clipper
>>chip sense, but they are parties who store information about you,
>>often in very insecure and unprivate ways, as MCI, CDnow, and others
>>have found out.
>
>This sounds like the unlinkability again. If so, this is a tough, tough
>nut to crack.
>
>If Bobco is shipping products to Alice, Bobco knows her address and what
>she is buying. Fill in whatever examples one wishes.
>
>And if Alice answers a questionnaire about her buying preferences, her
>income, her age, etc., then Bobco will have this information.
>
>Hard to imagine how adding Charles and Debby to the system as trusted
>third parties helps things. Now, if Alice goes through a complicated
>procedure of dealing with Charles and Debby to only selectively reveal her
>preferences, or if Charles or Debby act as "third party shipping agents,"
>so that Bobco doesn't know who he shipped a product to, then some
>unlinkability has been gotten.
>
>Anyway, I could ramble on about whether or not this makes for an
>interesting and profitable market niche, but it doesn't seem to be the
>thrust of where ZKS is going with this new product.
>
>Fact is, third party secrets are not interesting IF Bobco can aggregate
>the secret information AT ANY TIME. Unless some kind of unlinkability or
>blinding (a la Joan Feigenbaum's work on "computing with encrypted
>instances") is done, the trusted third parties don't serve much purpose
>that I can see.
>
>Maybe I'm missing something.
>
>How will Alice's privacy be protected from Bobco by having Charles and
>Debby (or just Charles, or Charles, Debby, Edward, Fred, and Greta, etc.)
>hold split keys?
>
>Wouldn't a better approach be for Alice to protect her own privacy?
>
>
>--Tim May
>
>--
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May | Crypto Anarchy: encryption, digital money,
>ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
>"Cyphernomicon" | black markets, collapse of governments.
>
More information about the cypherpunks-legacy
mailing list