They never learn: "Omniva Policy Systems"

Bill Stewart bill.stewart at pobox.com
Wed Aug 6 02:42:52 PDT 2003 

At 06:52 PM 08/05/2003 -0700, Tim May wrote:

>On Tuesday, August 5, 2003, at 01:00  PM, Bill Stewart wrote:
>
>>It's nice to see that they're still around, unlike so many dot.bombs.
>
>Why is it "nice"?

They had what looked like a legitimate security / privacy product,
and were upfront about the threat models being regulators and anti-trust cops.

>>He started off by being very clear about what problems they were
>>and weren't trying to solve.  They were trying to solve the problem of
>>making messages expire when all the parties involved are cooperating.
>>He viewed the problem of preventing non-cooperating parties from
>>saving copies to be unsolvable snake oil and he wasn't trying to solve it.
>
>This may or may not have been what Jeff believed, or wanted to believe, or 
>told you was the case, but I don't buy that this is their business model.. 
>Their Web site is filled with stuff about how "Save" menus are subverted, 
>so as to, they claim, make it impossible for copies to be saved, blah 
>blah. This hardly fits with your view of a bunch of benign little bears 
>all sitting around cooperating.

While it's hard to tell from the web site, it looks like
they've still got the same basic technical model -
instead of sending raw text, you're sending text encrypted using a key
that you fetch from a key server, and when the recipient wants to view it,
the recipient runs a viewer that fetches a decryption key.
The policy enforcement runs on the key server,
which deletes keys when the policy says the document should expire,
and apparently places some controls on who it's willing to hand keys to.

People save stuff all the time, and forget it, and backup systems often save it
even if they didn't explicitly try to save it themselves.
By shipping the sensitive messages as encrypted files,
the Save functions are only saving the encrypted version, not the cleartext.
On the other hand, I don't know how much their integration with Outlook 
breaks it.

>Further, the site natters about how Omnivora will support government 
>requirements about unauthorized persons seeing mail (how? how will even 
>their crude expiry approach stop unauthorized viewings of mail?).

You can set up your policy servers to set who's allowed to fetch keys.
There's no indication on the web site about how much granularity this has,
or how much protection or authentication they really do.

>This is again inconsistent with the picture of friendly little bears all 
>cooperating. Friendly little bears don't need to have their "Save As" 
>buttons elided (not that this will stop screen grabs and photos, as I 
>mentioned). Nor would friendly little cooperating bears show their 
>messages to "unauthorized viewers," now would they?
>
>(Speculatively, I would not be even slightly surprised if Omnivora is 
>doing more than just nominally erasing some messages. To wit, storing 
>copies for later examination by Authorities with Ministerial Warrants. As 
>Jeff Ubois no longer seems to be attached to Omnivora, perhaps his vision 
>was rejected.)

Policy servers are run by the company using the system, not by Omniva,
so you're still dependent on their competence as well as their honesty,
and if they want to ship a broken system, it's not hard to hide it
(e.g. use a compromised random number generator for the keys.)



>>~~~~
>>In your other message, you mentioned that several Extropians were doing 
>>really
>>squishy stuff, and mentioned that Jeff Ubois's resume also appeared to be.
>
>Something called "Ryze" and something else called "Minciu Sodas."

I didn't see Ryze.  Looks like some kind of job-hunting thing.
Minciu Sodas does look like a weird site - I'm not sure how much it's
just a self-hyping conference board and how many people agree with each 
other like bloggers,
but I didn't see anything on there that was actual content by Jeff,
but it was too cluttery to spend much time hunting through.

>But not as bad as the squishiness poor Max has gotten himself into, granted.
>There's a whole subculture of bottom feeders who think high tech needs 
>some new version of Werner Erhard (originally born Nathan Goldfarb, or 
>somesuch...there was a Jew with major self-doubt).

Jack Rosenberg, actually.  Car salesman, with no self-doubt at all.

While I thought Andrew Orlowski's Register article was pretty shoddy reporting,
the Extropians Secret Handshake bit was funny.

More information about the cypherpunks-legacy mailing list