[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Power Blocs in the Crypto Debate



At 10:23 AM 4/30/97 -0800, Tim May wrote:
>              Users of crypto, concerned citizens, the public
>                     Cypherpunks, EFF, ACLU, EPIC, etc.
>                             /
>                            /
>                    Public/Users
>                    /         \
>                   /           \
>                  /             \
>      Corporations  -  -  -  -  Government - - NSA, FBI, military,
>          /                              law enforcement, regulators,
>         /                                    SEC, FCC, etc,
>    PGP, Inc., RSADSI, Cylink
>    Verisign, Netscape, etc.

It's a useful start, but treating corporations as one bloc 
makes it too easy for journalists and government to say things like
"Industry wants <foo>!"

Most corporations are primarily users - they want to protect their own
internal communications and recordkeeping enough for perceived threats,
but they aren't passionate about it - it's just a tool, not a product.
Some corporations, like PGP, selling privacy tools as products,
and most of them want to provide high security with no interference.

Other corporations have a market niche of sucking up to Government,
and trying to create a market for GAKked products - like TIS and Dorothy -
while using the Government to interfere with their competitors;
if a GAKked product increases a user company's security enough that
they're not losing much money on it, they've benefitted substantially,
and most user companies have to tell the government what it wants to know
when it wants to know it anyway, so GAK doesn't hurt them much.

Banks in particular fall into this user category - they really need to keep
from getting ripped off, since their losses are direct and immediate
(unlike, say, intellectual property leaking) - but most US banks
have no illusions that they're maintaining any privacy barriers between
their users and government.

Cellphone companies are a special case - their main privacy concerns
are keeping customers from complaining loudly, but the watered-down
digital encryption standards are enough to reduce eavesdropping,
and there's enough strong crypto to prevent billing fraud.
On the other hand, building an infrastructure that supports wiretapping
can be a big expense, and a big disruption to their network architecture
and operational efficiency, so now you're talking Real Money again.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)