Zero-Knowledge pulls the mask off

[InfoSec News <isn () c4i org>]

http://www.zdnet.com/zdnn/stories/news/0,4586,5097854,00.html?chkpt=zdhpnews01

By Robert Lemos
ZDNet News 
October 4, 2001 2:43 PM PT
 
The company that pushed encryption and networking technology to the
limits to enhance people's privacy said Thursday that it has decided
to close its flagship anonymity network and focus on security software
for home users.

Security software maker Zero-Knowledge Systems announced that it would
shut down the premium service component of its Freedom Network, which
let people surf the Internet and send e-mail with almost complete
privacy by using pseudonyms.

Although more than 70,000 people signed on to the free test of the
service two years ago, the swell of interest didn't wash up more than
a small number of paying subscribers, said Austin Hill, co-founder and
vice president of the company.

"Scaling the network, the price of bandwidth--there's a significant
cost with running an overlay network, and we didn't get enough
interest to be able to offer the service with that price tag," he
said.

After announcing the service in 1998 at the Def Con hacking
convention, it took the company almost 18 months to release the first
version of the product.

Encryption experts designed the service so that the identity of the
Internet surfer could be hidden by hopping through several computers,
each jump increasing the difficulty of matching up a Web user's online
identity with that person's real one.

The network was designed so that even a court order could not reveal a
Web user's identity because even the company did not know who used
which identities and the information was not stored on the system.

The Montreal-based company will now focus on its Freedom 3.0 suite of
security software. The package includes a personal firewall, a
password manager, an ad manager and a cookie manager, placing the
software in direct competition with Symantec's Norton Internet
Security and Network Associates' McAfee Internet Security products.
The company plans to also add an antivirus component to its consumer
offering to better compete with Symantec and Network Associates
products.

Shifting direction

The move marks a large step for Zero-Knowledge and Hill--who once said
his company "was out to change the world"--from a hotbed of
pro-privacy advocacy to a pure software business.

"I think the company has matured," Hill said. "Some of the roles that
we were going to play before, we are not going to be in."

Chris Christiansen, senior analyst for market researcher IDC, agrees.

"The new privacy model is not so much concerned with consumer privacy
but protecting corporations from privacy violations," he said. "I
think this is an affirmation that they are going in a new direction
and they are cutting themselves loose from a losing prospect."

Zero-Knowledge is moving along those lines, with a new application in
development--dubbed privacy rights management software--that aims to
help companies audit their use of customer information to prevent
misuse.

However, the decision to drop the Freedom Network is another chip off
the movement to strengthen privacy on the Internet, which has suffered
several setbacks in recent days.

On Thursday, the Federal Trade Commission--the agency spearheading the
attack on businesses for inadequate privacy safeguards--did an
about-face. In a speech, FTC Chairman Timothy Muris, a Bush
administration appointee, said that no new legislation is needed to
regulate privacy.

The decision came as the Bush administration and Republican lawmakers
fought to aid law enforcers' ability to search for terrorists in the
wake of the Sept. 11 attacks with several new pieces of legislation
that significantly weaken citizens' privacy.

Even the ability to use strong encryption, the granting of which has
been considered a great win for privacy advocates, is again under
renewed attack. Sen. Judd Gregg, R-N.H. has suggested that all
encryption software should contain a backdoor to allow easy access to
the scrambled contents by law enforcement.

Not a reaction 

Zero-Knowledge's Hill stressed that the decision to pull the service
was made before the Sept. 11 terrorist attacks on the World Trade
Center and the Pentagon.

However, sticking by a service that could be used to hide wrongdoers
would have been an unpopular decision, said William Malik, security
research director for market analyst Gartner.

"An amazing number of their customers are probably people you wouldn't
want in your neighborhood," he said.

Although Zero-Knowledge executives have repeatedly denied such
accusations, Hill admits that the customers of the service have always
been part of the hacker fringe or cyberrights advocates.

"When we released the tool, we had strong interest, but we were
dealing with early adopters--the civil libertarians, the cypherpunk
crowd," he said. "But when you deal with the home consumer, the issues
are different."

IDC's Christiansen agrees that the home consumer is a different beast.

"For the most part, consumers are interested in privacy, but for a 10
percent coupon they are willing to give away most of their
information," he said. "It's a hard model to make work."

The fate of the network is still undecided, Hill said. The company has
received queries from research labs and universities about the Freedom
Network technology, and the service could find itself in some future
incarnation of academic or open-source projects.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.