Canada slaughters civil rights

Mon Oct 15 21:50:29 PDT 2001

On Mon, 15 Oct 2001, Tim May wrote:

> I'm surprised there has been little discussion (any discussion?) of the
> NAI decision this past week to lay off 250 of the 300 PGP employees (*)
> and to either sell the division to someone or abandon it completely.

Judging from the trouble that company has had over the course of its
history, I wouldn't be surprised if this decision would have happened
regardless of the terrorist attacks. NAI has been down-sizing over the
past year, and recently moved a good number of its positions out of the
Bay Area to places like Maryland and (gasp) Canada.

> (* As with ZKS and their couple of hundred employees, just how are 300
> PGP employees justified? As the comments on Slashdot point out, just how
> the hell does a product which has been evolving _very_ slowly
> conceivably justify 250-300 employees? DilbertWorld, obviously.)

Both the 300 employee figure and the PGP name are misleading. My
understanding (and this is based on a conversation I had with a PGP
employee over a year ago, so it may not be exactly accurate) is that the
300 employees were of the "PGP Security, Inc." business unit. NAI was
restructured into four business units in 1999: Sniffer, Magic, McAffee,
and PGP Security. PGP Security was responsible for the traditional "Phil's
PGP"  products and their off-shoots as well as the TIS products (Gauntlet
Firewall, etc.) and NAI's IDS software (Cybercop.) This business unit
probably also had its own marketing and sales and support divisions.

"PGP Security" was far more than just the PGP product Cypherpunks think
of. I suspect the business unit was named this to capitalize on the
reputation of the PGP name.

Taking this into consideration, however, the employee numbers make a bit
more sense.

> The notion of a central service, located in a known location and subject
> to some nation's laws, is ludicrous.

Decentralization has been discussed extensively here in the past, so I'm
not going to comment on that. However, I haven't seen any really plausible
suggestions on how to go about hiding the location of network
infrastructure providing a service. Sure, some components of the system
can be hidden, such as middleman remailers operating behind nym.alias.net
accounts, but this still requires some remailers to be "out in the open."
And, of course, if a physical component is required, then the service will
be subject to some nation's laws.

The best we can do is ensure that there is no nation whose laws affect all
components of this system. (Example being the decentralized network of
mixmaster remailers scattered around the globe.)

This isn't a solution, however. Every nation in which remailers currently
reside could pass a resolution banning them, and that would be curtains.

So, back to my point. The problems I see with achieving the ideal
environment for such services are:

1) How does one avoid being in the jurisdiction of any nation?

2) How does one hide the physical locations of any part of an entire
network?

The first problem is pretty unsolvable. (Starting your own country is not
a feasible solution, in my opinion. For instance, Sealand exists because
Britain tolerates it. As soon as it is branded "a terrorist bunker in
cyberspace" there would be plenty of justification for bombing it.)

I'm interested in hearing thoughts on the second problem, or pointers to
work done on this.

-MW-