[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Having your own computer means never having....



Jonathan Rothkind writes:

> If the bozo has write-priveledges to everything in the office, sounds
> like a problem with or without encryption. Or were you just suggesting
> that he was going to encrypt it all and mail it to a competitor?
> This too seems to be a problem with or without encryption; he can just copy
> to floppy and snailmail to a competitor. Same with industrial espionage of
> just about any kind; sure it makes it _easier_ for the hypothetical
> spy to do his dirty work, but it doesn't actually enable him to do anything
> fundamentally different then he could before.

Companies I am familiar with make some attempts to chech U.S. Mail,
although this is like pissing into the ocean. Packages, though, are
suspect and my old company (Intel, as you all know by now) had strict
rules about sending packages, and all were subject to inspection.

But I agree that it's ridiculously easy to get 4 gigabytes out of a
company. In my years at Intel, my pockets were never searched. A 4 GB
DAT tape....

Still, none of these examples are reasons to "outlaw" a company's ban
on PGP or any other software produce it doesn't want used. My recent
essay explains this position in more detail.

> I can't think of any real security risks introduced by allowing employees
> the use of encryption, that weren't present already. Certainly none
> mentioned thus far fit the bill. 

Here's an example that inspired my early thinking about crypto, crypto
anarchy, and "BlackNet," back in late 1987: Will companies "allow"
employees to log on to information market services to buy and sell
information? I was evaluating the business plan for the "American
Information Exchange," which later got funding from Autodesk (but
failed, and is now essentially dormant), and had to think about this.

My conclusion: allowing employees access to such a system would be
dangerous. Yes, they could log in at home, but that's no reason to
facilitate "digital moonlighting" on company time. Encryption allows
this to happen even if companies don't wish it to, hence a rationale
for limiting encryption use, or requiring a snoop mode to spot-check
what types of business are being conducted.

(We may not like it, but that's tough. Forbidding a company from
enforcing policies is truly disastrous.)

...
> Although of course I'm not accusing you of suggesting that corporations
> shouldn't have access to good cryptology; you probably wouldn't be 
> on the list if you thought that. I'm not completely sure how different it is
> to say that individuals give up their right to good cryptology upon
> being employed by a corporation, however.

Yes, employees give up various "rights" when they enter into
contracts, or work for companies, etc. (They don't actually give up
the rights per se, the rights just don't apply. I have a "civil right"
to read "Moby Dick," in the sense that the U.S. government cannot ban
it, but this does not mean I have a "right" to read "Moby Dick" while
I'm supposed to be working at Apple!).

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."