[ISN] Zero-Knowledge pulls the mask off

From: InfoSec News (isnat_private)
Date: Fri Oct 05 2001 - 00:50:40 PDT

  • Next message: InfoSec News: "Re: [ISN] E-BOMB"

    http://www.zdnet.com/zdnn/stories/news/0,4586,5097854,00.html?chkpt=zdhpnews01
    
    By Robert Lemos
    ZDNet News 
    October 4, 2001 2:43 PM PT
     
    The company that pushed encryption and networking technology to the
    limits to enhance people's privacy said Thursday that it has decided
    to close its flagship anonymity network and focus on security software
    for home users.
    
    Security software maker Zero-Knowledge Systems announced that it would
    shut down the premium service component of its Freedom Network, which
    let people surf the Internet and send e-mail with almost complete
    privacy by using pseudonyms.
    
    Although more than 70,000 people signed on to the free test of the
    service two years ago, the swell of interest didn't wash up more than
    a small number of paying subscribers, said Austin Hill, co-founder and
    vice president of the company.
    
    "Scaling the network, the price of bandwidth--there's a significant
    cost with running an overlay network, and we didn't get enough
    interest to be able to offer the service with that price tag," he
    said.
    
    After announcing the service in 1998 at the Def Con hacking
    convention, it took the company almost 18 months to release the first
    version of the product.
    
    Encryption experts designed the service so that the identity of the
    Internet surfer could be hidden by hopping through several computers,
    each jump increasing the difficulty of matching up a Web user's online
    identity with that person's real one.
    
    The network was designed so that even a court order could not reveal a
    Web user's identity because even the company did not know who used
    which identities and the information was not stored on the system.
    
    The Montreal-based company will now focus on its Freedom 3.0 suite of
    security software. The package includes a personal firewall, a
    password manager, an ad manager and a cookie manager, placing the
    software in direct competition with Symantec's Norton Internet
    Security and Network Associates' McAfee Internet Security products.
    The company plans to also add an antivirus component to its consumer
    offering to better compete with Symantec and Network Associates
    products.
    
    Shifting direction
    
    The move marks a large step for Zero-Knowledge and Hill--who once said
    his company "was out to change the world"--from a hotbed of
    pro-privacy advocacy to a pure software business.
    
    "I think the company has matured," Hill said. "Some of the roles that
    we were going to play before, we are not going to be in."
    
    Chris Christiansen, senior analyst for market researcher IDC, agrees.
    
    "The new privacy model is not so much concerned with consumer privacy
    but protecting corporations from privacy violations," he said. "I
    think this is an affirmation that they are going in a new direction
    and they are cutting themselves loose from a losing prospect."
    
    Zero-Knowledge is moving along those lines, with a new application in
    development--dubbed privacy rights management software--that aims to
    help companies audit their use of customer information to prevent
    misuse.
    
    However, the decision to drop the Freedom Network is another chip off
    the movement to strengthen privacy on the Internet, which has suffered
    several setbacks in recent days.
    
    On Thursday, the Federal Trade Commission--the agency spearheading the
    attack on businesses for inadequate privacy safeguards--did an
    about-face. In a speech, FTC Chairman Timothy Muris, a Bush
    administration appointee, said that no new legislation is needed to
    regulate privacy.
    
    The decision came as the Bush administration and Republican lawmakers
    fought to aid law enforcers' ability to search for terrorists in the
    wake of the Sept. 11 attacks with several new pieces of legislation
    that significantly weaken citizens' privacy.
    
    Even the ability to use strong encryption, the granting of which has
    been considered a great win for privacy advocates, is again under
    renewed attack. Sen. Judd Gregg, R-N.H. has suggested that all
    encryption software should contain a backdoor to allow easy access to
    the scrambled contents by law enforcement.
    
    Not a reaction 
    
    Zero-Knowledge's Hill stressed that the decision to pull the service
    was made before the Sept. 11 terrorist attacks on the World Trade
    Center and the Pentagon.
    
    However, sticking by a service that could be used to hide wrongdoers
    would have been an unpopular decision, said William Malik, security
    research director for market analyst Gartner.
    
    "An amazing number of their customers are probably people you wouldn't
    want in your neighborhood," he said.
    
    Although Zero-Knowledge executives have repeatedly denied such
    accusations, Hill admits that the customers of the service have always
    been part of the hacker fringe or cyberrights advocates.
    
    "When we released the tool, we had strong interest, but we were
    dealing with early adopters--the civil libertarians, the cypherpunk
    crowd," he said. "But when you deal with the home consumer, the issues
    are different."
    
    IDC's Christiansen agrees that the home consumer is a different beast.
    
    "For the most part, consumers are interested in privacy, but for a 10
    percent coupon they are willing to give away most of their
    information," he said. "It's a hard model to make work."
    
    The fate of the network is still undecided, Hill said. The company has
    received queries from research labs and universities about the Freedom
    Network technology, and the service could find itself in some future
    incarnation of academic or open-source projects.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 03:14:04 PDT