FWD: [press release] Kasten Chase to supply U.S. prez . . .
--- The Executive Office Of The President Of The United States Deploys Kasten Chase's RASP Secure Access RESTON, Virginia--(BUSINESS WIRE)--Nov. 1, 2000--Kasten Chase (TSE:KCA. - news), a leading supplier of high-assurance data security systems, today announced that it has supplied RASP Secure Access to the Executive Office of the President of the United States. The company is unable to disclose any further information regarding the sale under the terms of the agreement. [more at: http://ca.biz.yahoo.com/bw/001101/va_kasten_.html ] - And now a question for you Americans on the list: The CIA is Langley; the NSA HQ is in Fort Meade, Maryland -- what agency has headquarters in Reston, Va? Thanks. David Akin / Senior technology Reporter National Post / [EMAIL PROTECTED] AOL Instant Messenger: DavidAkin2 VOX: 416.383.2372 / FAX: 416.383.2443 300-1450 Don Mills Road Don Mills / Ontario / CANADA / M3B 3R5
e-jihad
EXPERTS FEAR CYBERWARS SPREAD Tuesday,October 31,2000 By NILES LATHEM The growing electronic war between Israeli and pro-Palestinian hackers threatens to shut down large portions of the Internet, government and industry, experts warned last night. The FBIs National Infrastructure Protection Center, the agency that combats cybercrimes, recently sent out an advisory warning that the tit-for-tat attacks that have shut down and defaced Israeli government and Hezbollah and Hamas Web sites in the last month could "spill over," into the United States. "Due to the credible threat of terrorist acts in the Middle East region and the conduct of these Web attacks, users should exercise increased vigilance to the possibility that U.S. government and private-sector Web sites may become potential targets," the FBI advisory said. "In recent days, the overall threat condition for U.S. military forces in the Middle East has increased due to new credible threats of terrorist acts in the region. Similarly NIPC views the current conditions as creating the possibility for related cyberattack activity against U.S. sites," it said. The cyberwar, or "e-Jihad" as the Palestinian side calls it, began earlier this month, when the Israeli-Palestinian conflict exploded. Sophisticated Israeli hackers defaced a Hezbollah Web site that was trying to incite anti-Israel violence among Palestinians. The attacks escalated when Islamic militants based in Lebanon, London and the United States set up special "attack Web sites," in which users could send special jamming software via e-mail. The attacks shut down top Israeli government Web sites for days. ATT, which helped Israeli sites get back online, has become a recent target, according to recent message traffic from the Palestinian side. Ben Venzke, an intelligence analyst for the Virginia-based iDefense, a computer security firm that is tracking the cyberwar, said hackers going by the names Dodi, ReAList and Nir-MN are turning to increasingly sophisticated programs and are now threatening to unleash devastating viruses and software. http://www.nypostonline.com/news/14989.htm
Re: Zero Knowledge changes business model (press release)
At 12:13 PM 10/31/00 -0500, Tim May wrote: How about: -- no key escrow, no split keys, no trusted third parties I don't see any way around the fact that some companies will want to have key escrow of some form for employees who disappear, e.g., car accident, pickpocket stole the key-carrier, etc. I think companies will want this because of the risks of financial damage to the company. Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups? Are there equivalent methods which don't use escrowed keys, which I am unaware of? Strong crypto means the employee can put an invincible lock on the corporate file cabinet. This might mean that invincible locks are not used in corporations. A corporation might require that any invincible physical locks be used in series, so the corp can get into the files if the first lock stays locked. That doesn't seem wrong to me; and in meatspace two locks in series is obvious and no compromise is made to either lock's design. Maybe no escrow per se, but corp. data is duplicated and each copy is encrypted by a person's bizkey and the corporate shared key for that person. Locks in series. (Now, it may be 'sad' that ZKS has changed its bizmodel to service businesses that need locks in series, but I'm only interested in whether its rational to universally denounce any locks-in-series architectures.) The "relevant legislation" language is the real kicker. Though this was elaborated on in a later reply, they really do need to specify what they mean exactly (re Canada 'consumer privacy') when they say the nasty l-word in their public literature. Any mention of the law in crypto lit turns the stomache, puts the scanners on highest sensitivity.
Re: Zero Knowledge changes business model (press release)
At 3:56 PM -0500 11/1/00, David Honig wrote: At 12:13 PM 10/31/00 -0500, Tim May wrote: How about: -- no key escrow, no split keys, no trusted third parties I don't see any way around the fact that some companies will want to have key escrow of some form for employees who disappear, e.g., car accident, pickpocket stole the key-carrier, etc. I think companies will want this because of the risks of financial damage to the company. Indeed, and this is a very good use for company attorneys! Or other company officers. If one is concerned that the company lawyer will use the key improperly, split the key. Or place it in a fireproof safe with dual-key access, then distribute the physical keys suitably. Or, more simply, drop the disks with the spare keys in an envelope, seal it, and place it in the safe of the company officers or attorneys. Off site, split, whatever. This is an old problem, solved long ago. I'm sure there is some role for privately-arranged (that is, not government-required) holding of critical keys, just as there is for critical documents stored in old mercury mines (as Intel did at the old New Almaden Mine in the Santa Cruz Mountains). As I said, well-solved. Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups? I've never said there is *no* role for safe alternate storage of keys. See above, and se my past comments on legitimate use of backup options. Most of us likely use some form of key backup. Building in transparent key escrow with "trusted third parties" is dangerous, however. Remember that the British model for "trusted third parties" did not include free choice of who those third parties were, but, rather, were limited to Officially Approved TTPs. The whole approach of the Authorities has been to mandate access to encrypted data. The ZKS plan speaks of regulatory conformance...this is what is inimical to our goals. Strong crypto means the employee can put an invincible lock on the corporate file cabinet. This might mean that invincible locks are not used in corporations. A corporation might require that any invincible physical locks be used in series, so the corp can get into the files if the first lock stays locked. That doesn't seem wrong to me; and in meatspace two locks in series is obvious and no compromise is made to either lock's design. Sounds fair to me. See above. What companies or individuals do is their concern, not mine, and not government's. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
nsa watch
from elsewhere: FORMER NSA EMPLOYEES LAUNCH CYBER SECURITY BUSINESS http://www.redherring.com/vc/2000/1019/vc-spies101900.html MEANWHILE, NSA SEEKS NEW EMPLOYEES ON-LINE. (submitted by Jeremy Compton) http://www.nsa.gov/programs/employ/index.html
Re: California bars free speech of those cutting deals on votes
At 03:29 PM 11/1/00 -0500, jim bell wrote: What I'd like to see is for a state, any state, to apply some sort of "100% State Income Tax for People engaged in violating the right of citizens to make and use pot [for medicinal reasons, etc]." Actually you can sue a government official (cop, clerk, etc) who violates your rights knowingly, and under 'color of authority'. The trick is convincing a jury that it was suitably malicious and obvious violation. E.g., false arrest because you look like a suspect won't cut it almost always. BTW, Calif is the 'other' state to have a proposition this year to dissolve the 'drug court' infrastructure and replace it with a medical (vs punitive) structure. Needless to say, the drug-court-workers don't like the possibility of taking their teat away. Interestingly, Tom Cambell (R from San Jose) who is running against Feinswine supports this proposition, and the Swine doesn't. Cambell also doesn't want to do Vietnam in Columbia, and the Swine does. Interesting reversal, eh?
Re: Zero Knowledge changes business model (press release)
At 4:20 PM -0500 11/1/00, Eric Murray wrote: On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote: Are there equivalent methods which don't use escrowed keys, which I am unaware of? I beleive it was Eric Hughes who at a Cypherpunks meeting about four years ago, said "the solution isn't key escrow, it's document escrow". Which makes sense- a business doesn't (or shouldn't) allow employees to keep a single copy of an important document on their hard drive. It should be replicated in other known places in case of disaster (drive failure, stolen computer, employee hit by bus, etc). Just because documents are encrypted doesn't mean that this practice is abandoned. One can envision a system where there's a corporate "document czar" who is regularly given docs from various employees and who then encrypts them in his own key. When and where the docs get decrypted is determined by corporate policies. No key escrow required. Exactly. A pity we can't easily draw pictures here in mailinglistspace. If we were at a blackboard, we could easily see that the issue of encryption is clearly partitioned thusly: * Alice's files, stored on her local computer or file repository. Maybe in plaintext, maybe in encrypted form. * Files in transit between Alice's site and Bob's site. These should at the very least be link-encrypted, and possibly end-to-end encrypted with PKS tools. Forward secrecy is also good, so that the transit keys can't be recovered. * And then of course the files at Bob's computer, in plaintext or encrypted. Or, more simply, files at sites and files in transit. Alice may have partners or bosses who have rules about how she leaves the files on her machine, encrypted or not encrypted, backed-up or not backed-up. But her storage is SEPARABLE from files in transit. I don't know of any existing system like this, but formal corporate document control isn't my field. There are companies doing exactly this kind of document control for large and small companies, for hospitals, for schools, etc. They offer services for back ups to vaults and repositories, for key control, for distribution, and tools for collaboration. Mentor, Oracle, Adobe, and many others are in this market. If ZKS plans to enter this market, good luck to them. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
RE: nsa watch
Title: RE: nsa watch From article: Netsec differs from its competitors in that it designs and builds its own hardware- and software-management systems, and it produces its own crypto-acceleration cards, Mr. Harold says. The company installs, monitors, and runs the systems for fees starting at $12,000 per solution. Hrmm do I really want a crypto solution built and managed by NSA guys? ok, Rush -Original Message- From: David Honig [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 01, 2000 3:49 PM To: Multiple recipients of list Subject: nsa watch from elsewhere: FORMER NSA EMPLOYEES LAUNCH CYBER SECURITY BUSINESS http://www.redherring.com/vc/2000/1019/vc-spies101900.html MEANWHILE, NSA SEEKS NEW EMPLOYEES ON-LINE. (submitted by Jeremy Compton) http://www.nsa.gov/programs/employ/index.html
RE: Zero Knowledge changes business model (press release)
Title: RE: Zero Knowledge changes business model (press release) I remember running into a case where there was a system in place that worked somewhat like an encrypted CVS system. There was a central document czar, like you said, and when he left, the company realized how foolish it was to put a single employee in charge of the key. So then (not seeming to have truly learned from their mistakes) they gave copies of the new private key to members of the executive team. Then an executive left. I will not soon forget hearing of thousands of pages of documentation being systematically decrypted with the old key, and re-encrypted with a new key. The process apparently took quite an amount of time. I also remember my squeamishness about the fact that the CVS-like system was designed to encrypt and decrypt on the fly based on some cheesy authentication, so as to provide a way to maintain this system without having to talk to the key holders every time you needed to make a change. The entire system was a big messy nightmare, and when considered carefully, really didn't provide much in the way of security. It would have been much easier for them to put a system in place that required multiple people to sign off on a document for it to be encrypted or decrypted. I took a lot of notes at the time on how I thought this sort of system could be implemented... I should dig it up and see what I was thinking. ok, Rush -Original Message- From: Eric Murray [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 01, 2000 3:21 PM To: Multiple recipients of list Subject: Re: Zero Knowledge changes business model (press release) On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote: At 12:13 PM 10/31/00 -0500, Tim May wrote: How about: -- no key escrow, no split keys, no trusted third parties I don't see any way around the fact that some companies will want to have key escrow of some form for employees who disappear, e.g., car accident, pickpocket stole the key-carrier, etc. I think companies will want this because of the risks of financial damage to the company. Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups? Are there equivalent methods which don't use escrowed keys, which I am unaware of? I beleive it was Eric Hughes who at a Cypherpunks meeting about four years ago, said the solution isn't key escrow, it's document escrow. Which makes sense- a business doesn't (or shouldn't) allow employees to keep a single copy of an important document on their hard drive. It should be replicated in other known places in case of disaster (drive failure, stolen computer, employee hit by bus, etc). Just because documents are encrypted doesn't mean that this practice is abandoned. One can envision a system where there's a corporate document czar who is regularly given docs from various employees and who then encrypts them in his own key. When and where the docs get decrypted is determined by corporate policies. No key escrow required. I don't know of any existing system like this, but formal corporate document control isn't my field. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
RE: California bars free speech of those cutting deals on votes
Radio is cheap and hot. When was the last time you heard a Libertarian sentiment on radio (except talk radio). The closest I've heard are the "Vote Freedom" ads by Charleton Heston. Last week I heard 2 different ads for Indiana LP candidates on a station that plays hip-hop, alternative, and pop music (Radio Now FM 93.1, Emmis Communications). The ads were paid for locally, IIRC. === Mark Leighton Fisher[EMAIL PROTECTED] Thomson Consumer ElectronicsIndianapolis IN "Display some adaptability." -- Doug Shaftoe, _Cryptonomicon_
Re: Zero Knowledge changes business model (press release)
On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote: | At 12:13 PM 10/31/00 -0500, Tim May wrote: | How about: | | -- no key escrow, no split keys, no trusted third parties | | I don't see any way around the fact that some companies will want to have | key escrow of some form for employees who disappear, e.g., car accident, | pickpocket stole the key-carrier, etc. I think companies will want this | because of the risks of financial damage to the company. | | Although its hazardous if done wrong [cf recent PGP problems], is | tarnished by the Fedz/Denning/etc, and might have no use in a personal | privacy tool (your diary dies with you), isn't it too dogmatic to rule out | key escrow for tools intended for use by groups? | | Are there equivalent methods which don't use escrowed keys, which I | am unaware of? Matt Blaze did some work on non-subvertable key escrow, where you escrow keys with random folks, and when you, or Uncle Sam, want the key, you announce that, and hope to get the key back. Let me be clear that this also is not what we're doing. :) | Strong crypto means the employee can put an invincible lock on the | corporate file cabinet. This might mean that invincible locks are | not used in corporations. A corporation might require that any | invincible physical locks be used in series, so the corp can get into the | files if the first lock stays locked. That doesn't seem wrong | to me; and in meatspace two locks in series is obvious and no compromise | is made to either lock's design. | | Maybe no escrow per se, but corp. data is duplicated and each copy is | encrypted by a person's bizkey and the corporate shared key for that person. | Locks in series. | | (Now, it may be 'sad' that ZKS has changed its bizmodel to service | businesses that need locks in series, but I'm only interested in | whether its rational to universally denounce any locks-in-series | architectures.) Thats not really it. We're much more focused on layered locks than series locks. I would worry a lot about the architecture you outline above being vulnerable to a whole slew of attacks on any one key, which means an N key system is at least N times as vulnerable. | The "relevant legislation" language is the real kicker. | | Though this was elaborated on in a later reply, they really do need to | specify what they mean exactly (re Canada 'consumer privacy') when | they say the nasty l-word in their public literature. Any mention of the | law in crypto lit turns the stomache, puts the scanners on highest | sensitivity. When we say 'nasty l-word' you can assume we're refering to CALEA, RIP, and that sort of thing. When we talk about legislative compliance, we mean complying with that whole slew of privacy laws. As to the hypothetical that Tim will ask, we'll work very hard to prevent laws requiring key escrow from coming into being. We spend time and energy maintaining relations with law enforcement in a lot of places, explaining to them why we don't build in back doors. And, suprisingly, when you go and talk to them, rather than hissing and shouting, they listen. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Re: Zero Knowledge changes business model (press release)
On Wed, 1 Nov 2000, David Honig wrote: Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups? Are there equivalent methods which don't use escrowed keys, which I am unaware of? First, I think the people who've spoken about document escrow are right. A much safer approach than key escrow. But I'm going to talk about key escrow, because there *are* decent ways to do it. There are methods for key escrow that don't involve a single trusted party having all the keys. For example, you can generate a dozen random strings of bits, XOR them together, then XOR the result with your key. Take the result of that operation and it's your thirteenth string. Now you can hand the thirteen strings out to thirteen different people. Now if you get hit by a bus, or if they are *ALL* ready to subvert the protocol by working together, they can get together, XOR all the strings together, and produce your key. A reasonable protocol for a company with fourteen board members, perhaps. There would be no way to serve thirteen out of fourteen board members with subpeonas and still have the investigation of the fourteenth board member be a secret to the company. Third, there are methods for key escrow with a single escrow agent that don't allow the escrow agent access to the key while it's still live. Take your August key on August First, and use a digital timelock to put one solid month of computing between the company escrow officer and the key. Hand the escrow officer the resulting blob, and use your key with impunity until August 30. On the 30th, you encrypt everything with your September key. On September 1, if she's put the fastest available machine to work on it the whole time, the escrow agent gets your August Key. Now, if you get hit by a bus during august, the escrow officer will be able to get stuff from your drive after august -- but will never have your key while that key is still in use. Fourth, the trusted third party doesn't need access to your keys. I could set up a web service that generated complementary asymmetric key pairs and published them thirty days apart. Now when Alice wants to put her key in storage for the company escrow officer, she can come to my site, pick up the key of the day, encrypt her key with it, and hand it to Bob the escrow officer. If Bob needed to use the key, and it were more than a month later, he could come to my site and get the complementary key and decrypt Alice's key. With this setup, I'm the only one that knows the decryption key, and I don't know diddley about what's encrypted under it or where anything encrypted under it is stored. Bear
Re: Zero Knowledge changes business model (press release)
At 7:56 PM -0500 11/1/00, [EMAIL PROTECTED] wrote:
At 7:08 PM -0500 11/1/00, Tim May wrote:
An ordinary little girl using Freedom, the putative target candidate for
Freedom, say the ads, is not going to need PipeNet-style traffic
padding!!!
A little girl wanting to sell nude digital snapshots of herself for
milk(bar) money might. You never can tell what passes for "ordinary"
these days.
I think ZKS just needs to revamp its "little girl" ads. That should
increase their subscri(b/v)er base.
Indeed.
Some years ago, in 1993, I used an anonymous remailer (I think I used
a remailer, but I may have just posted it directly) to advertise
a"nude lolita." Just as your example cites. ("Lolitas" being a code
word for young girls, snatch, er, natch.)
Much gnashing of teeth, much demand that the author be tracked down
and prosecuted.
I wonder how long a Freedom nym would have lasted?
After several days of merriment, I pointed out that that _diagonal_
of my .GIF ASCII text block read: "t H i S i s N O t A r e a L i M a
G E," or something similar to this. I just took a PGP-encrypted text
block I had laying around, edited it to add the hidden disclaimer,
then remailed the alleged "Lolita" to places where the call for
censorship would be predictable.
I had always planned to someday get a Freedom account and use my
"five nyms" for some true tests of how free the free speech they
advocate really is. The lack of a Mac version has held me back, as I
only have a PC emulator, and I never use it for the Net.
Anyone know how well Freedom 1.1 operates under Virtual PC 3.0
running Windows 98 SE with underlying Mac PPP and TCP/IP services?
I may still get an account and really go to town with the most
outrageous uses I can think of, then report back here on how many
nyms lasted for how long.
--Tim May
--
-:-:-:-:-:-:-:
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
Minesweeper could hold key to Net security
http://digitalmass.boston.com/news/daily/11/01/minesweeper.html By Gareth Cook, Boston Globe Staff, 11/1/2000 The key to solving one of the most vexing and profound problems of modern mathematics could lie in a most unusual place: Minesweeper, a simple computer game that rivals solitaire as an office time-waster. The math problem, called the "P versus NP conjecture," asks why some questions are so difficult to answer with computers. It is considered so important that in May the Clay Mathematics Institute in Cambridge offered a $1 million prize for a solution. Proving the conjecture false would mean that modern encryption technology, the foundation of electronic commerce, would be open to easy attack. In the spring issue of the journal Mathematical Intelligencer, a British specialist in mathematical logic demonstrated that the conjecture would be false if someone can crack Minesweeper, a game in which players race to clear a path through a sea of explosives. Mathematicians hope the insight, the topic of an open lecture tonight at Harvard University, would bring the public in on a drama that, among specialists, has generated the same fervor that mariners of another age once brought to their search for a passage around the world. ''I have sometimes dreamt that someone found a solution,'' said Michael Sipser, an MIT math professor who has spent two decades and ''about 15,000 hours'' searching for the secret. The dreams ''filled me with an intense mixture of curiosity and envy,'' he said. Engineers are already building processors that run faster than a previous generation could imagine, powering computers that can conquer chess or generate directions from Boston to Walla Walla, Wash., in an instant. But the ''P versus NP conjecture,'' Sipser said, is an attempt to draw, with mathematical certainty, the boundary beyond which computers, no matter how powerful, cannot cross. ''This is enormously fundamental,'' said Ian Stewart, who is delivering the Harvard lecture and is a columnist for the magazine Scientific American and professor at the University of Warwick in England. Minesweeper, which is included free with the Windows operating system, does not look like the kind of game that would fascinate theorists. The gamer clicks squares of a grid on which mines have been hidden. Numbers then appear, indicating the number of mines in surrounding squares. Using these clues, the aim is to find all the mines. Intrigued by the kind of logic puzzles the game generates, Richard Kaye of the University of Birmingham in England posed ''the minesweeper consistency problem'': Given a board of numbers, is it possible to determine whether the clues are consistent with the rules? This question took him to outer reaches of computer science and to the essence of the ''P versus NP conjecture.'' Many common problems, including multiplying large numbers or putting a list in alphabetical order, are what computer scientists call ''P'' problems, readily solvable by computer. On the other hand, ''NP'' problems seem far more difficult; the only known solution is to break the problem into a large, often prohibitively large, number of P problems. One example is the classic ''traveling salesman'' question: If a salesman has to visit certain cities, what is the fastest route? Breaking the codes used to protect Internet communications is also an NP problem. But perhaps, some mathematicians have suggested, the NP problems are actually no more difficult than P problems; they just look that way because nobody has been inventive enough to find an easy way to solve them. Although mathematicians assume this is wrong, they still have not been able to prove the resulting ''P versus NP conjecture'' true after more than two decades of intense labor and several false alarms. Kaye's contribution, scrawled on loose sheets of paper during his daily train ride to work, was showing that the ''minesweeper consistency problem'' is ''NP complete,'' that a solution would mean that all NP problems are easily solvable. So, write a program that can decode Minesweeper for any size board, and you will join the pantheon of mathematical greats, alongside Euler and Pythagoras. And, of course, there is that million-dollar prize. The prize offered for the ''P versus NP conjecture'' is one of seven different million-dollar prizes for what the Clay Mathematics Institute considers to be the most important mathematical challenges of the new millennium, according to Clay president Arthur Jaffe. In the meantime, word that minesweeper has attained a new veneer of respectability will no doubt be treated with caution by recovered addicts. ''The first night I started playing it, my wife woke up at 3 in the morning and said, `What are you doing?''' said Rick Kane, an orthopedic surgeon at Noble Hospital in Westfield. ''Now,'' he said with a tentative laugh, ''I'm going to have to start playing again.''
RE: The Market for Privacy
Tim wrote: The real market for robust security and privacy tools is, as always, elsewhere. The _interesting_ market has always been for those who are--demonstrably!--willing to pay big bucks to get on a plane to fly to the Cayman Islands or Luxembourg to open an offshore account. For those who are actively interested in untraceable VISA cards. For those selling arms. For those trafficking in illegal thoughts. In short, for crypto anarchy. Not for fluff. In my view (I suspect this may be in agreement with Tim's comments above, though I naturally do not presume to speak for Tim) ZKS' inability to derive meaningful revenue of the Freedom (TM) product can be explained quite trivially: the product fails to meet market requirements. Those willing to pay cash to protect their Internet activities demand real privacy. Not the watered-down, Mickey Mouse "privacy" Freedom provided. Freedom does not offer the user untracable IP. Hence those seeking untracable IP didn't buy the product. Little surprise here. Freedom's current fate was predicted in detail on this list the moment ZKS' deviated from their initial anon IP promises. It appears that ZKS is yet another company that fell prey to the DigiCash "we know better than the market what the market wants" syndrome. What a shame, really. --Lucky Green [EMAIL PROTECTED] "Anytime you decrypt... its against the law". Jack Valenti, President, Motion Picture Association of America in a sworn deposition, 2000-06-06
Who wants to be a millionaire?? 3946
Do You Have The Yen To Be a A Millionaire? 100% return in less than 90 days! Unique Strategy Trading in the International Currency Markets! Largest MarketPlace in the World! Get our Reports, Charts and Strategies on the U.S. Dollar vs Japanese yen and euro dollar. Example: A $5,000 Investment in the yen vs the dollar, "properly positioned", on 08/18 could have returned $15,184.45 on 09/19/99. For a "FREE NO OBLIGATION" Just Click Below to visit our website: GO TO NOW FOR BEST DEALS ~~ To Be Removed From Any Future Mailings: Click here and click on link at bottom of page that loadsThanks!
RE: The Market for Privacy
--Hushpart_boundary_iWCDbgAikNCcbLlDAWpLjBKeDnioBxsF Content-type: text/plain WOW - well I have to start out this post with a REALLY STRONG sense of vindication!! DAMN it feels good to be right!! 4 months ago (circa July) I made (using a differnet hushmail nym - forgot the password to that one so I had to make a new one..) a number of posts to this list of the subject of: (1) why ZKS doesn't really protect privacy in the first place, (2) why privacy is a MAJOR ecnomic issue, and (3) why, (b/c of (2)) the real market for privacy is on the business side of the equation, not in wimpy pieces of consumer client software like Freedom.. At the time I equated privacy with the Code of Fair Information Practices (CFIP), and explained at a NUMBER of businesses would be MORE THAN WILLING to put these principles into practice at their enterprise b/c of the massive REVENUE potential this could create.. At the time, I was pretty much totally dismissed.. every point I made was ridiculed as being short-sighted or a pipe dream and, esp concerning the fact that businesses would be willing to put in place CFIP, I was told that I was f***ing out of my mind and that that made no sense whatsoever.. How DELICIOUS to watch (in FOUR SHORT MONTHS) ZKS TRY to turn around their whole business to basically the same principles that I outlined in those earlier postings!! Enough w/ the revenge, though -- let's proceed to dismantle Tim May's inept, knuckle-dragger arguments on these issues.. This is a recurring theme, and one we've talked about many times. Fact is, most people don't think they need security. Most people don't even think they need backups. Until their hard disk crashes. And so on. It's a tough sell in either case. This is why the market for crypto and security and anonymity has tended to be at the "margins" of society: porn, warez, freedom fighting, etc. Such has it always been, such shall it always be. Targetting the mainstream is a tough sell. No, completely wrong, as usual. The REAL market for crypto and security has ALWAYS BEEN and WILL ALWAYS BE in the financial services sector. These people have absolutely enormous amounts of money at stake, and in so far as cryptography and security can reduce the risk of bad loans, of theft, of a gazillion other risks that financial services companies face, these companies will continue to operate at the forefront of global cryptography technology.. Anonymity has NO MARKET in this world outside of free speech.. (I'm sure I'll be ridiculed for this again too, but in 4 short months something else will happen to vindicate me.. I'll let you guys know when it does..) (The most widely-deployed bits of crypto are in places where huge deals were cut with browser makers, e.g., SSL,Verisign, etc. The customer is only vaguely aware that such things are happening. No sale to Joe Average is needed. Probably this is the way Web proxies will ultimately be sold.) Good security should be so seamless the user doesn't even know it's there. SSL satisfies this design requirement. So does Verisign. Freedom doesn't. Freedom sux.. it's like, it's always there and I can't uninstall that hideous piece of software off my machine fast enough.. ZKS was just one of many companies attempting to sell privacy tools to "Joe Average," and his little daughter Suzy Average (pictured in ZKS Freedom ads...). Well, Joe doesn't do much with his home computer except check some sites and maybe download a few porn images from Danni's Hotbox when Suzy has gone to bed and the wife is passed out on the sofa. _Could_ ZKS Freedom help Joe a little? Maybe, but it's not something even on his radar screen to worry about. His bigger concern is having Suzy or the wifey find the paltry pieces of porn he purloined. Privacy can and is an enormously powerful tool for global consumers, and like Garfinkel says, maybe it will take years to realize this economic reality, but it will be realized, sooner or later.. just not in the form that Tim May thinks.. Or he's at work and his boss has just announced that several employees have been fired for using the company's networks for checking sports scores, downloading porn, usng Napster, etc. These are Joe Average's _real_ concerns about privacy. Cute ads about little girls needing their privacy probably won't sell ZKS Freedom to Joe Average. I agree - I've always found the ZKS ad campaign to be rather distasteful in fact.. (the bar codes on people.. esp since the Internet doens't really operate by bar coding people and even if it did, ZKS wouldn't be able to do anything about it.. it's called FALSE ADVERTISING.. the FTC might have a thing or two to say about that..) ZKS may do better by bundling Freedom with Danni's Hard Drive accounts! "Your porn is downloaded to you in "Plain, Brown Wrapper" format, disguised to look like a marketing report containing the key words you specify. Your boss will think it's business, your wife will be bored." (No, I'm not suggesting this as
GREAT CHRISTMAS GIFT
LOOKING FOR A UNIQUE GIFT FOR A MAN? IS HE INTO GADGETS AND COOL TOOLS? ITS A PERFECT GIFT FOR THE HANDY-MAN, DO-IT-YOURSELFER OR EVEN A PROFESSIONAL!! MAKES A GREAT STOCKING STUFFER AND IS UNDER $20.00. WE WILL EVEN GIFT WRAP IT AND GET IT UNDER THE TREE FOR YOU!! CHECK IT OUT AT http://208.209.159.23 To be removed from this list respond to mailto:receiptstud.yahoo.com?Subject=Remove
Re: Zero Knowledge changes business model (press release)
-- At 08:22 PM 11/1/2000 -0500, Tim May wrote: I had always planned to someday get a Freedom account and use my "five nyms" for some true tests of how free the free speech they advocate really is. I attempted to do this, but was foiled by bugs. I paid my money, but did not get my nyms. This seems to have been a widespread experience. ZKS denied any problem. I concluded that if I could not trust them, I could not trust their proprietary cryptography, and forgot about it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 79Not33QUrv6kvtoRfClah4adIOLJIZt2C23ACey 4nB2i8GGZcsW/nRadMBER2tYL63mp4v74YcsvYMJA
