Cyphernomicon Top
Cyphernomicon 6.4

The Need For Strong Crypto:
Protection of Corporate and Financial Privacy


    6.4.1. corporations are becoming increasingly concerned about
            interception of important information-or even seemingly minor
            information-and about hackers and other intruders
           - calls for network security enhancement
           - they are hiring "tiger teams" to beef up security
           + cellular phones
             - interceptions are common (and this is becoming
                publicized)
             - modifications to commercial scanners are describe in
                newsletters
           - something like Lotus Notes may be a main substrate for the
              effective introduction of crypto methods (ditto for
              hypertext)
    6.4.2. Corporate Espionage (or "Business Research")
           + Xeroxing of documents
             - recall the way Murrray Woods inspected files of Fred
                Buch, suspecting he had removed the staples and Xeroxed
                the documents for Zilog (circa late 1977)
             - a precedent: shapes of staples
             + colors of the paper and ink...blues, for example
               - but these low-tech schemes are easy to circumvent
           + Will corporations crack down on use of modems?
             + after all, the specs of a chip or product could be mailed
                out of the company using the companies own networks!
               - applies to outgoing letters as well (and I've never
                  heard of  any company inspecting to this detail, though
                  it may happen at defense contractors)
             + and messages can still be hidden (covert channels)
               - albeit at much lower bandwidths and with more effort
                  required (it'll stop the casual leakage of information)
               - the LSB method (though this still involves a digital
                  storage means, e.g., a diskette, which might be
                  restricted)
               - various other schemes: buried in word processing format
                  (at low bandwidth)
               - subtleties such as covert channels are not even
                  considered by corporations-too many leakage paths!
             + it seems likely that government workers with security
                clearances will face restrictions on their access to AMIX-
                like systems, or even to "private" use of conventional
                databases
               - at least when they use UseNet, the argument will go,
                  they can be overseen to some extent
           + Offsite storage and access of stolen material
             + instead of storing stolen blueprints and schematics on
                company premises, they may be stored at a remote location
               - possiby unknown to the company, via cryptoanarchy
                  techniques
           + "Business research" is the euphemism for corporate
              espionage
             - often hiring ex-DIA and CIA agents
           + American companies may step up their economic espionage
              once it is revealed just how extensive the spying by
              European and Japanese companies has been
             - Chobetsu reports to MITI
             - Mossad aids Israeli companies, e.g., Elscint. Elbit
           + Bidzos calls this "a digital Pearl Harbor" (attacks on
              network security)
             - would be ironic if weaknesses put into encryption gear
                came back to haunt us
           + corporations will want an arms length relationship with
              corporate spies, to protect themselves against lawsuits,
              criminal charges, etc.
             - third party research agencies will be used
    6.4.3. Encryption to Protect Information
           - the standard reason
           + encryption of e-mail is increasing
             - the various court cases about employers reading
                ostensibly private e-mail will sharpen this debate (and
                raise the issue of employers forbidding encryption;
                resonances with the mostly-settled issue of reasonable
                use of company phones for private calls-more efficient to
                let some personal calls be made than to lose the time of
                employees going to public phones)
           + encryption of faxes will increase, too, especially as
              technology advances and as the dangers of interception
              become more apparent
             - also, tighter links between sender and receive, as
                opposed to the current "dial the number and hope it's the
                right one" approach, will encourage the additional use of
                encryption
           - "electronic vaulting" of large amounts of information, sent
              over T1 and T3 data networks, e.g., backup material for
              banks and large corporations
           + the miles and miles of network wiring within a
              corporation-LANs, WANs, Novell, Ethernet, TCP-IP, Banyan,
              and so on-cannot all be checked for taps...who would even
              have the records to know if some particular wire is going
              where it should? (so many undocumented hookups, lost
              records, ad hoc connections, etc.)
             - the solution is to have point-to-point encryption, even
                withing corporations (for important items, at least)
           - wireless LANs
           - encryption provides "solidity" to cyberspace, in the sense
              of creating walls, doors, permanent structures
           - there may even be legal requirements for better security
              over documents, patient files, employee records, etc.
    6.4.4. U.S. willing to seize assets as they pass through U.S.
            (Haiti, Iraq)
    6.4.5. Privacy of research
           - attacks on tobacco companies, demanding their private
              research documents be turned over to the FDA (because
              tobacco is 'fair game" for all such attacks, ...)
    6.4.6. Using crypto-mediated business to bypass "deep pockets"
            liability suits, abuse of regulations, of the court system,
            etc.
           + Abuses of Lawsuits: the trend of massive
              judgments...several million for a woman burned when she
              spilled hot coffee at a MacDonald's ($160K for damages, the
              rest for "punitive damages")
             - billions of dollars for various jury decisions
             - "deep pockets" lawsuits are a new form of populism, of de
                Tocqueville's pocket-picking
           + For example, a shareware author might collect digital cash
              without being traceable by those who feel wronged
             - Is this "right"? Well , what does the contract say? If
                the customer bought or used the product knowing that the
                author/seller was untraceable, and that no additional
                warranties or guarantees were given, what fraud was
                committed?
           + crypto can, with some costs, take interactions out of the
              reach of courts
             - replacing the courts with PPL-style private-produced
                justice
    6.4.7. on anonymous communication and corporations
           - Most corporations will avoid anonymous communications,
              fearing the repercussions, the illegality (vis-a-vis
              antitrust law), and the "unwholesomeness" of it
           + Some may use it to access competitor intelligence, offshore
              data havens, etc.
             - Even here, probably through "arm's length" relationships
                with outside consultants, analogous to the cutouts used
                by the CIA and whatnot to insulate themselves from
                charges
           - Boldest of all will be the "crypto-zaibatsu" that use
              strong crypto of the crypto anarchy flavor to arrange
              collusive deals, to remove competitors via force, and to
              generally pursue the "darker side of  the force," to coin a
              phrase.
  

Next Page: 6.5 Digital Signatures
Previous Page: 6.3 General Uses of and Reasons for Crypto

By Tim May, see README

HTML by Jonathan Rochkind