6.4.1. corporations are becoming increasingly concerned about
interception of important information-or even seemingly minor
information-and about hackers and other intruders
- calls for network security enhancement
- they are hiring "tiger teams" to beef up security
+ cellular phones
- interceptions are common (and this is becoming
publicized)
- modifications to commercial scanners are describe in
newsletters
- something like Lotus Notes may be a main substrate for the
effective introduction of crypto methods (ditto for
hypertext)
6.4.2. Corporate Espionage (or "Business Research")
+ Xeroxing of documents
- recall the way Murrray Woods inspected files of Fred
Buch, suspecting he had removed the staples and Xeroxed
the documents for Zilog (circa late 1977)
- a precedent: shapes of staples
+ colors of the paper and ink...blues, for example
- but these low-tech schemes are easy to circumvent
+ Will corporations crack down on use of modems?
+ after all, the specs of a chip or product could be mailed
out of the company using the companies own networks!
- applies to outgoing letters as well (and I've never
heard of any company inspecting to this detail, though
it may happen at defense contractors)
+ and messages can still be hidden (covert channels)
- albeit at much lower bandwidths and with more effort
required (it'll stop the casual leakage of information)
- the LSB method (though this still involves a digital
storage means, e.g., a diskette, which might be
restricted)
- various other schemes: buried in word processing format
(at low bandwidth)
- subtleties such as covert channels are not even
considered by corporations-too many leakage paths!
+ it seems likely that government workers with security
clearances will face restrictions on their access to AMIX-
like systems, or even to "private" use of conventional
databases
- at least when they use UseNet, the argument will go,
they can be overseen to some extent
+ Offsite storage and access of stolen material
+ instead of storing stolen blueprints and schematics on
company premises, they may be stored at a remote location
- possiby unknown to the company, via cryptoanarchy
techniques
+ "Business research" is the euphemism for corporate
espionage
- often hiring ex-DIA and CIA agents
+ American companies may step up their economic espionage
once it is revealed just how extensive the spying by
European and Japanese companies has been
- Chobetsu reports to MITI
- Mossad aids Israeli companies, e.g., Elscint. Elbit
+ Bidzos calls this "a digital Pearl Harbor" (attacks on
network security)
- would be ironic if weaknesses put into encryption gear
came back to haunt us
+ corporations will want an arms length relationship with
corporate spies, to protect themselves against lawsuits,
criminal charges, etc.
- third party research agencies will be used
6.4.3. Encryption to Protect Information
- the standard reason
+ encryption of e-mail is increasing
- the various court cases about employers reading
ostensibly private e-mail will sharpen this debate (and
raise the issue of employers forbidding encryption;
resonances with the mostly-settled issue of reasonable
use of company phones for private calls-more efficient to
let some personal calls be made than to lose the time of
employees going to public phones)
+ encryption of faxes will increase, too, especially as
technology advances and as the dangers of interception
become more apparent
- also, tighter links between sender and receive, as
opposed to the current "dial the number and hope it's the
right one" approach, will encourage the additional use of
encryption
- "electronic vaulting" of large amounts of information, sent
over T1 and T3 data networks, e.g., backup material for
banks and large corporations
+ the miles and miles of network wiring within a
corporation-LANs, WANs, Novell, Ethernet, TCP-IP, Banyan,
and so on-cannot all be checked for taps...who would even
have the records to know if some particular wire is going
where it should? (so many undocumented hookups, lost
records, ad hoc connections, etc.)
- the solution is to have point-to-point encryption, even
withing corporations (for important items, at least)
- wireless LANs
- encryption provides "solidity" to cyberspace, in the sense
of creating walls, doors, permanent structures
- there may even be legal requirements for better security
over documents, patient files, employee records, etc.
6.4.4. U.S. willing to seize assets as they pass through U.S.
(Haiti, Iraq)
6.4.5. Privacy of research
- attacks on tobacco companies, demanding their private
research documents be turned over to the FDA (because
tobacco is 'fair game" for all such attacks, ...)
6.4.6. Using crypto-mediated business to bypass "deep pockets"
liability suits, abuse of regulations, of the court system,
etc.
+ Abuses of Lawsuits: the trend of massive
judgments...several million for a woman burned when she
spilled hot coffee at a MacDonald's ($160K for damages, the
rest for "punitive damages")
- billions of dollars for various jury decisions
- "deep pockets" lawsuits are a new form of populism, of de
Tocqueville's pocket-picking
+ For example, a shareware author might collect digital cash
without being traceable by those who feel wronged
- Is this "right"? Well , what does the contract say? If
the customer bought or used the product knowing that the
author/seller was untraceable, and that no additional
warranties or guarantees were given, what fraud was
committed?
+ crypto can, with some costs, take interactions out of the
reach of courts
- replacing the courts with PPL-style private-produced
justice
6.4.7. on anonymous communication and corporations
- Most corporations will avoid anonymous communications,
fearing the repercussions, the illegality (vis-a-vis
antitrust law), and the "unwholesomeness" of it
+ Some may use it to access competitor intelligence, offshore
data havens, etc.
- Even here, probably through "arm's length" relationships
with outside consultants, analogous to the cutouts used
by the CIA and whatnot to insulate themselves from
charges
- Boldest of all will be the "crypto-zaibatsu" that use
strong crypto of the crypto anarchy flavor to arrange
collusive deals, to remove competitors via force, and to
generally pursue the "darker side of the force," to coin a
phrase.
By Tim May, see README
HTML by Jonathan Rochkind