Reader Comments on Aardvark Daily 5 Dec 2000
From: Tony Reeves For : The Editor (for publication) Subj: Encryption Keys The issues raised by you and the Herald article are of concern to us all. I believe that the only way that PKI or any other form of certificate management is for Private Keys to be held and owned (in all senses of the word) by the person or entity that they are bound to. Under no circumstances should private keys be lawfully passed to any other person as that would significantly compromise the infrastructure. As you and others point out, there is no way that Police, or any other Goverment agency, access to information can be considered highly secure. If the current legislative changes really intend to benefit the citizens of New Zealand they should absolutely prohibit access to private keys by anyone other than the person that they are bound to and the same legislation should provide for very harsh penalties if breached. Such legislation could significantly increase the attactiveness of NZ as a base for E-Commerce, but I will not hold my breath waiting for it to happen. Bernhard Pfahringer For : The Editor (for publication) Subj: Forced encryption key disclosure Absolutely ridiculous. Any reasonable democracy grants its citizens the right to stay silent if a response would be self-incriminating. And as always, it will just hit the not so smart. The smart crooks will use multiple keys and messages hidden in large files for the really important stuff, hand over the key to some fake message and go undetected. Besides, this law is perfect to setup somebody: just put some encrypted stuff onto their computer (easy for I suppose 90% of all net-connected machines), anonymously tip off the authorities that that person possesses "objectionable" material on their computer, and then see how they try to explain that they cannot hand over the key, because they don't even know it. Perfect to get rid of all aspiring politicians that you don't like (i.e. the opposition if you are in government). From: Richard Stevenson For : The Editor (for publication) Subj: BCC "bug" Oh, please! While no Microsoft apologist (most people consider me a rabid Microsoft-basher), I have to correct the notion that this behaviour is a bug. RFC 822 explicitly states that the behaviour of the BCC: header is implementation-dependent. This is frequently misrepresented in the mainstream press, so I was surprised to see the same misunderstanding in Aardvark. Quoting from the RFC: 4.5.3. BCC / RESENT-BCC This field contains the identity of additional recipients of the message. The contents of this field are not included in copies of the message sent to the primary and secondary recipients. Some systems may choose to include the text of the "Bcc" field only in the author(s)'s copy, while others may also include it in the text sent to all those indicated in the "Bcc" list. From: Michael For : The Editor (for publication) Subj: New Zealand Bill of Rights Act 1990 I can see one problem our polititions are going to have is the New Zealand Bill of Rights Act 1990 in which it states that we have the right not to incriminate ourselves. We also have the right to be deemed innocent until proven guilty. Thus the powers that be must prove beyond a reasonable doubt that we are guilty before they can get to anything. I also have a nice letter from Minister of Justice, Hon Phil Goff confirming that there is no law that the government can force you to sign any document. But all in all I wouldn't expect the government to listen to us. I'd actually expect them to pass any laws right around the time most of the politicians and likely oponents are on Christmas holiday. Just like a previous governments have done. I'd also expect them to use this snooping legislation to be used to divert attention away from other changes, as the LTSA did with the drivers licence. The LTSA changed some very significant provisions at exactly the same time that it introduced new licences. It's quite interesting that the LTSA has the same rights and powers as a natural person, according to the act. But it seems in New Zealand natural people don't really have any rights, or powers. We are just pawns of the system. From: Rob K For : The Editor (for publication) Subj: My reasonable may not equal Your reasonable What is reasonable? If I'm paranoid, my reasonable may not equal your reasonable. If I'm a politician, then my reasonable definitely will not equal your reasonable. What is a reasonable intrusion or loss of privacey in the name of the greater good? Is this the former Soviet Union? Is this Nazi Germany? Do we have a secret police in the Internet that no one knows about? I don't know about you, but I've got enough of these problems at work! Our computers are monitored 100% of the time. All email, all web surfing, all work, etc. 100% of the time. It's all record commumnication. Also, secure email with Outlook?! ABSOLUTELY! All you have to do is have a completely physically separate network with no interconnectivity with the internet. You do this with either a point to point topography or a closed intranet. There is no other way. Oh... and email is record communication. That means there's a record of it for the world to see! Rob K Baton Rouge, LA From: David Buckingham For : The Editor (for publication) Subj: Encyption Giving free access to the government to protected information does two things: 1. It allows the government to abuse the use of the information obtained 2. Uses up resources which should be used running after real criminals who are not going to give access to their protected communications anyway!Now Have Your Say
Home | Today's Headlines | Contact | New Sites | Job Centre | Investment Centre