[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building the Surveillance State

To: Alan <[email protected]>, Tim May <[email protected]>, cypherpunks <[email protected]>
Subject: Re: Building the Surveillance State
From: "Attila T. Hun" <[email protected]>
Date: Mon, 13 Oct 97 16:32:59 +0000
In-Reply-To: <[email protected]>
No-Archive: NoArchive
Organization: home for unpenitent hackers; no crackers!
Owner: Attila T. Hun <[email protected]>
Reply-To: "Attila T. Hun" <[email protected]>
Sender: [email protected]


-----BEGIN PGP SIGNED MESSAGE-----

on or about 971011:1040 
    Alan <[email protected]> was purported to have 
    expostulated to perpetuate an opinion:

+At 10:22 AM 10/11/97 -0700, Tim May wrote:
+>
+>-----BEGIN PGP SIGNED MESSAGE-----
+>Hash: SHA1
+>
+>I predict that nearly every company which enforces the PGP 5.5 corporate
+>snoopware will in fact routinely convert every incoming and outgoing
+>message to plaintext for searching by keywords, topics, etc.
+>
    I really think you are overreacting on this one --sure some will,
    but corporations who reduce employees to a level of "distrust"
    will find the employees doing same as they become inurred with
    the attitude that they are distrusted --so why not?

+>This would be analogous to every phone call, incoming and outgoing, being
+>recorded. 
+>
    stockbrokers work under those conditions, and have for years.

    dispute resolution

+>Except that instead of having security people _listen_ to each
+>recording, 
+>
    voice recognition software today easily handle a conferance call
    with more than adequate accuracy to support digital keyword sorting.
    NSA has been doing that for years, and the software is at the PC
    level now.

+>the messages can be glanced at quickly, marked for further
+>review, compiled into dossiers, or searched for the keywords of interest to
+>the security people.
+>
    same reason as above; if you give no level of trust, you will have
    no level of respect or honesty.  employers also realize that the
    "mental health" and attitude of their employees is critical to job
    performance --and employee retention; turnover is expense in more 
    ways than money.

    to blanket label corporations to scan for keywords in all cases is
    like saying all Southern slave owners were Simon Legree --which is
    patently absurd since destroying or dehibilitating the collateral
    was damaging to their personal finances.  sure, there will be bad
    apples...  personally, I have seen secure facilities where you
    check your fingers in at the desk... and, you need to whiz, you are
    not only escorted to the porcelain, but the security guard will be 
    right next to you.

+>(Please note that I am not saying such phone call or e-mail monitoring is
+>illegal, or should be illegal. A property owner is free to define his own
+>policies for how he uses his own property. This includes company phones,
+>company computers, and even the time of employees while they are on his
+>premises. The issues are not the legality or ethicality of such recordings
+>and monitorings, but the dangers. And whether people such as ourselves
+>should help build or deploy such surveillance capabilitities. Or work for
+>companies with such surveillance policies.)
+>
    it sounds trite to say that if we do not, someone else will. I would
    rather believe we should be involved in the project to a) try and
    maintain a reference point of "wisdom", and b) even more importantly,
    to *know* there are no further trap doors, etc.  'know thine enemy'

+>I further predict that this will actually _increase_ the amount of e-mail
+>surveillance being done. Whereas today it is of course easy for companies
+>to surveil unencrypted employee mail, I doubt that most of them do. But the
+>adoption of snoopware like PGP 5.5 will raise the consciousness of company
+>security people. "Hmmhh, maybe we ought to buy some of those e-mail keyword
+>analyzers and combine them with our new purchase of PGP 5.5? If our
+>employees are encrypting, we'd better keep tabs on them."
+>
    law of diminishing returns. employers are sensitive to employee
    grousing.  second, if the system is using keyword search, it should
    be coming up blank in personal mail.

    as for the libel message to sue@m$, the message should not have
    been sent --PGP or no PGP.  get a hotmail account!

+>By building in such easily-enforceable snooping capabilities, and by
+>building in such things as the ability to reject even _incoming_ e-mail
+>which has failed to encrypt to the corporate key (as I understand the
+>product), this greatly moves us toward a surveillance era.
+>
+>Is this what "Pretty Good Privacy" really stands for?

    again, get a hotmail account.

    either PGP provides a complete range of control in the SNMP goody
    or systems with less flexibility will be deployed, systems that 
    are truly GAK.

    the real issue for cypherpunks, and the whole range of the 
    privacy forums, watch lists, Declan, Meeks, whatever is to
    broadcast the fact that PGP 5.5 can be used for storage key
    levels which most of us are willing to accept.

    stand up and be counted on the soapbox. I have been involved in 
    crypto since a lot of years before DH and RSA were published. I
    never really thought about separate signature and encryption 
    keys 

    I actually encryt very little, but sign everything --and am in
    the process of REXXing a script to sign html documents for email.

    that is the purpose of discussion; even old dawgs can learn new tricks 
    occasionally.

+I seem to remember that it was just this sort of feature set that Phil
+Zimmerman was grousing about when ViaCrypt came out with their
+"Business Version".  It was used as one of the reasons for his takeover
+of ViaCrypt.

+I guess it shows you just how much influence he has on PGP inc now...

    no, not how much influence Phil has at PGP, but how much influence the 
    needs of business influence Phil and PGP.

    look at it this way.  the boss is the employee of the customers.

+"We have always supported the needs of law enforcement.  We have always
+been at war with terrorists and law breakers." - Winston Zimmerman

    yeah, right.  dont you mean 'Neville Zimmerman'?

 --
 "When I die, please cast my ashes upon Bill Gates. 
     For once, let him clean up after me! " 
 ______________________________________________________________________
 "attila" 1024/C20B6905/23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: No safety this side of the grave. Never was; never will be

iQCVAwUBNEJTUL04kQrCC2kFAQFOqwP/VSF0J57tdkeNORshR8+zx363wPMyEjlA
7b1wvRs25dHP3jL3NBttKgt7PPMCrDCgZe+xZVnTTsn+I74tLrNr9NO6kvOMYi8d
WlHQJL5P5uelkMsdK2xAvaf5MoKLYEIX4TjIKsurvcyKhgdqs7ls3A2zh6LCXg3g
Qjk+ZVTnuUA=
=nfbf
-----END PGP SIGNATURE-----

References:
- Re: Building the Surveillance State
  - From: Alan <[email protected]>

Prev by Date: Re: Attitude and Assumptions
Next by Date: Re: D-H Forward Secrecy for E-Mail?
Prev by thread: Re: Building the Surveillance State
Next by thread: For Immediate Release
Index(es):
- Date
- Thread