[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape gives in to key escrow

On Fri, 1 Dec 1995, Brian Davis wrote:

> On Fri, 1 Dec 1995, Jonathan Zamick wrote:
> > Hmm. The key point is that almost no general users will have a clue what
> > actual security is, and what GAK is. They _might_ understand the risks of
> > having an explosive in their vehicle (but can just as easily argue it wasn't
> > properly designed if it went off improperly.) Regardless of what they'd know
> > about their vehicle, they can easily claim to had the risks associated with
> > GAK improperly represented, Netscape misleading them with deceptive claims
> > of security given this potential hole etc.
> And thus we return to my original point, which is that it will depend on 
> what is said/disclosed.  If every copy of GAKscape had a banner, bigger 
> than the Netscape "N" which said, "The government can read every message 
> you send using this software no matter what you do" then I think 
> consumers will be hard pressed to say they weren't warned.

One might want to consider the effect of _Smith v. Maryland_, 442 U.S. 
735 (1979) - As described in _California v. Greenwood_, 486 U.S. 35 
(1988).  "We held in Smith v. Maryland, for example, that the police did 
not violate the Fourth Amendment by causing a pen register to be 
installed at the telephone company's offices to record the telephone 
numbers dialed by the suspect (without a warrant).  An individual has no 
legitimate expectation of privacy in the numbers dialed on his telephone, 
we reasoned, because he voluntarily conveys those numbers to the 
telephone company when he uses the telephone.  Again, we observed that "a 
person has no legitimate expectation of privacy in information he 
voluntarily turns over to third parties.

or to rephrase in the likely implementation:

An individual has no legitimate expectation of privacy in the encryption 
numbers in his GAK browser, we reasoned, because he voluntarily conveyed 
those numbers to the government when he purchased the software.

> > 
> > I'm not saying whether or not this is the case, but we are very much in a
> > legal period where individuals are in fact expected not to need common sense,
> > and corporations are responsible for cleaning up after consumer stupidity.

I would say the above indicates that infact a lot more than common sense 
is needed to try and assure privacy.  It would seem that when it comes to 
privacy, you have to be a phone techie or in this case, a crypto techie, 
to expect to be protected.

> > 
> > It is certainly true that given the general state of education regarding
> > crypto, the average consumer can easily say that regardless of warnings about
> > GAK, that they weren't properly informed of the risk. With all the hype
> > around security, Netscape and encryption people will be under the
> > impression regardless
> > of one little disclaimer tag, that their information is safe. Neither
> > government nor corporations will disabuse them of this belief. The case
> > would be strong against them as a consumer.

In fact it would seem that there is almost a burden imposed on the user 
to determine who and what gets the information of the software should he 
or she want to be protected by the constitution.

> I disagree.  Almost nobody read the fine print on the back of a note you 
> sign when you buy a car or otherwise take out a loan, but the provisions 
> are generally enforceable ...  Ignorance is not necessarily an excuse.

Actually, I was under the impression that adherance contracts like that 
(the most oft touted example is the ski lift ticket with four paragraphs 
on the back) are often tossed out when it has to do with liability on 
that order.  The reason loan agreements are not often thrown out is 
because courts find an increased expectation that the consumer would be 
paying attention to the back of loan documents than the back of a ski 
lift ticket.  I think it will be unlikely that warnings on the box of a 
given piece of software will suffice.  Large banners in the program 
itself may meet the threshold.

If there is enough interest, I will research the threshold issue.

> > Jonathan
> > 
> > ------------------------------------------------------------------------
> > ..Jonathan Zamick                    Consensus Development Corporation..

> Not a lawyer on the Net, although I play one in real life.
> **********************************************************
> Flame away! I get treated worse in person every day!!

"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information