Greplaw Interviews Phil Zimmermann

LawGeek writes "The venerable GrepLaw crew has struck again, this time with Editor Mikael Pawlo interviewing PGP author and all-around encryption expert Phil Zimmermann. Pawlo discussed a number of topics with Zimmerman, including the current state of encryption export laws, DRM, and activism against erosion of privacy both in the U.S. and internationally. The interview is here."

fingerprint scanners in police cars

[AyeFly]

Whats wrong with that? It might have prevented the dispute in court over driver's license photos and muslim women wearing veils...with a fingerprint, you dont need picture ID, and its more reliable.

Re:fingerprint scanners in police cars

Yes, but then Big Brother will have everyone's fingerprints. That is more of an invasion of privacy than having my picture (especially since they would demand that too, you know, for carding at supermarkets and whatnot).

Re:fingerprint scanners in police cars

[Dr+Reducto]

...But technology can fail. Technology can also be "hacked". Technology should only be used as a supplement and taken wih a grain of salt when accuracy absolutely matters. Like the Naval saying: Satellites fail, compasses do not.

Re:fingerprint scanners in police cars

[nounderscores]

The difference is that you don't leave your photograph on every door handle and toilet seat you touch... or at least I don't.

______________________________
The Spiders are coming

Re:fingerprint scanners in police cars

[stratjakt]

Bullshit.

You leave your photograph in every store you go to, every public washroom you enter, every highway you drive on.

You're captured on film at least a dozen times a day. At least I am (and other people who go outside).

It's a lot less work to have a computer scan the tapes for the same face than to send crews to dust for fingerprints over the entire planet multiple times daily.

Noone cares where you go to take a dump.

Re:fingerprint scanners in police cars

As a Muslim I think...

As an atheist, I think you ought to stop worshipping a figment of your imagination. ~72 years of average life expectancy, and you choose to spend ~10 of them bowing to some ridiculous body of dogma -- and the remaining time plotting how to kill people who read a different fairy tale than you did?

Seems like an awful waste of time.

Re:fingerprint scanners in police cars

[evilviper]

While driving down the street, the police can't look over and identify you based on your fingerprints... Even with fingerprint scanners in police cars, photos are needed.

with a fingerprint, you dont need picture ID, and its more reliable.

Yes, but the potential for abuse is much higher. Walking down the street some nights, the police think you look suspicious. They don't have any reason to take you in, but they could fingerprint you and find out your entire history in an instant.

Also, that would mean the police would have MANY more fingerprints on file. It's really just one step away from police finger printing every person in the country.

What's wrong with it? Well, it's a matter of opinion. If you believe in police states, nothing is wrong with it at all. If you believe even slightly in privacy, there is much wrong with it...

Zimmerman's contradictory opinions

[geekee]

When asked about encryption technology, he thought it was great that a person could control who read his data. When asked about DRM, he said it was bad that a person could restrict who reads his data. Or does Zimmerman have a bias against companies? A person should be free to encrypt data, but not a company? Or is is, you should be able to encrypt data unless you're selling it? DRM is encryption. I don't see why this guy thinks some people have the right to use it while others don't, just because he thinks it's bad for society somehow when some people use it. He didn't care that terrorists were using PGP, but was concerned about the music industry using DRM. That I find disturbing.

Re:Zimmerman's contradictory opinions

[HeghmoH]

It's not contradictory at all.

Encryption, the way PGP works, is a way to prevent third parties from getting at data you don't want them to.

DRM is a way to prevent the user from using data that was given to him in "unapproved" ways.

Once you get an e-mail and read it with PGP, you can do anything you want with it. You can copy-paste it into a Word document, you can forward it to a million-member Yahoo mailing list, anything you want. DRM is fundamentally different in that it's not for protecting against unauthorized use by third parties, but for protecting against unauthorized use by the person who supposedly owns the data (or a license).

Two different problems.

[dmaxwell]

Email encryption is intended to keep third parties out of private communication. With PGP nothing stops the other side from divulging his end of the conversation to others. Sure some corporate mail clients may try to mark mails unprintable, unsaveable and what not but that won't defeat a digital camera or even a Bic and piece of paper. Encryption just allows Bob and Alice to have a conversation with reasonable assurance Eve isn't listening in.

DRM is something else altogether. DRM is intended to allow a sender to control what a recipient can do with information. In this case, Alice is trying to use encryption to mark information for Bob's eyes only (on Bob's Alice approved OS or Bob's Alice approved player) regardless of how Bob feels about it. This is absurd. If Bob can see it then Bob can copy it. DRM's only true effect is to create varying degrees of inconvienience for Bob.

Is not at all hypocritical to favor technological means for privacy while being opposed to technological means on control. Email encryption: Privacy. DRM: Control.

Re:Two different problems.

[Dr+Reducto]

You are correct sir. Even if you have theoretically unbreakable encryption, or time consuming to break encryption, it is always breakable. There is the human factor. A computer to brute-force encryption algorithms costs millions, but a $1000 bribe can be just as effecive if you have a disgruntled employee who does not take security seriously.

Re:The interview is encrypted!

[jc42]

Heh, yeah. I've used that argument myself in a number of discussions, when I felt like making assorted security schemes look mildly silly. The idea that decrypting a rot13-encrypted message is a violation of the DMCA is one of the better examples of the absurdity of it all. And pointing out that rot26 is just rot13 applied twice (so decrypting rot26 is also a violation of the DMCA) adds a whole new level of fun to the absurdity.

It's even more fun to post the couple-line C program that does xor encryption with another file, and point out that not only is this an unbreakable encryption scheme, but you can also use it to show that any file is an encryption of any other. Thus, your message and mine are both encryptions of any handy pornographic image, and the little xor program will quickly produce the decryption key. This tosses a really fun monkey wrench into any scheme to outlaw pronography in any digital medium.

There's a lot of absurdity flying about here ...

Terrorism and PGP

[alpharoid]

Following the September 11-attacks, it was claimed in some reports that the U.S. authorities investigated if PGP was used to co-ordinate the attacks. Do you regret the decision to release PGP as freeware?

I don't really understand when people bring the subject of PGP being used by terrorists, and how this should weigh against the program. PGP is just a tool that makes encrytion easy for the regular user, and it's not something that suddenly brought encryption to terrorists. There has always been a very simple and effective encryption tool for strong cryptography, called the one-time pad.

I'm just saying that PGP has done nothing to facilitate terrorism. If terrorists really wanted encryption, they could have used it at any point, regardless of PGP's existence. And anyway, historically it seems that terrorists never really used electronic encryption for most of their planning.

Re:Terrorism and PGP

[blibbleblobble]

"I don't really understand when people bring the subject of PGP being used by terrorists, and how this should weigh against the program."

If anything, PGP makes life more difficult for the terrorist, unless we're suggesting that it's a good idea that potential targets use plaintext email when whey're planning their journeys, emailing hotels, etc.

"Blah blah blah, did I mention the [famous person's name] is visiting next thursday, blah blah.

I don't need to encrypt this do I? The government says that encryption is a bad thing.

I'll just email the rental company and check our boss' car, then plan a route on Autoroute Express and email it to the chicago office. No need to worry about security, I'll email to let the guy meeting him know the license-place to look out for.

Encryption? What's that? The news says that only bad people use encryption. I'd best send all this information plain-text.

Fingerprints not absolutely reliable

[HermanAB]

As govs store more fingerprints, the odds of making identity mistakes increase enormously. So far, nobody cared about the relibility (or lack thereof) of fingerprint systems, since only criminals are fingerprinted. Once everybody is on file, it is sure to be a whole different story. If you are living on the west coast and gets picked up for a murder on the east coast, it may be possible to explain it away, but what if you live in the same neighborhood as the victim? So, eventually, all the information that is stored, will become full of entropy and noise and will be useless as a law enforcement tool.

Re:The single greatest moral of the story

[Feztaa]

right to keep and bear arms (which saves more lives than all cops in America combined)

That's a new one on me. Maybe you should check your facts -- looks to me like the U.S.A. has the highest murder rate out of any country in the world. Other countries that don't have gun control seem to be able to keep their citizens from dying some other way, I guess.