ietf-openpgp
[Top] [All Lists]

Re: proposal: commercial data recovery [P]

1997-10-14 22:00:12
Anthony Green may have written:
At 15:42 1997-10-14 -0600, Rick Smith wrote:
ObPolitics: Personally, I think it's too soon to tell if PGP's
implementation would benefit the FBI in its pursuit of wiretapping keys. At
most it might resolve whether such mechanisms are in fact a practical
technology. I'm not yet convinced.

A major reason GAK runs into such strong opposition is the gut feeling
that it violates the expectation of privacy. If the communication in
question is already accessible by a third party, it can be argued that
that expectation no longer exists. In this environment a government
might succeed in passing GAK legislation that requires organizations
that have third-party access to encrypted communications to provide the
plaintext to the government on issue of a subpoena or court order.

This is a very important point.
From what I read, the law about privacy is falling to two extremes,
"private", or
"no expectation of privacy"; i.e, public.

Cell phones and cordless phones, for example, fall into the "no expectation"
class.

Calling patterns, (numbers dialed, and length of calls), also have "no
expectation
of privacy", because you disclose them to a third party (the phone company).
You can't avoid disclosing them, but that doesn't seem to matter. :-(

I can see a court deciding that since you encrypted to your company's CMR key,
your email is not private. Even if you are a company officer discussing company
business with the corporate attorney. IANAL, though.

This is not a weakness in CMR, per se, as a weakness in any
"encrypt to additional recepients" scheme.

-- Marshall

Marshall Clow     Aladdin Systems   
<mailto:mclow(_at_)mailhost2(_dot_)csusm(_dot_)edu>

"In Washington DC, officials from the White House, federal agencies and
Congress say regulations may be necessary to promote a free-market
system." --  CommunicationsWeek International April 21, 1997