[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
More dangers of corporate snoopware
Suppose I want to send a private message to Andy Grove at Intel. With
current systems, I would encrypt to his public key and send it to him. Only
he, or those with access to his private key, could read the message.
But suppose CAK becomes common, and suppose Intel has adopted PGP 5.5.
I presume I have to also encrypt to Intel's corporate key...or one of them.
(I assume different users in different departments may have different CAK
keys.)
So, who can read my message besides Andy? The Security Operations
department? The Key Compliance Officer? Or, perhaps, only those _higher_
than Andy Grove, e.g., no one.
And suppose I send a communication to a lower-level person? How many
higher-level persons will be able to read the message?
Will companies really accept that lower-level security people will have
access to the communications about business deals, technology deals, etc.?
The prospects for abuse are obvious.
Or will there be provisions for overriding the PGP 5.5 snoopware features?
Will it become a status symbol to have reached the level of trust where
one's private e-mail is not subject to snoopware encryption?
I suppose it's up to companies to figure out all of these troublesome
issues. I just hope the architecture of PGP 5.5 is pliable enough to allow
the market to decide which options to turn on, which to turn off, and which
to take out completely.
--Tim May
The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."