BKCMPRHB.RVW 950418 %A Andre Bacard abacard@well.com %C 2414 6th St., Berkeley, CA 94710 %D 1995 %G 1-56609-171-3 %I Peachpit Press %O U$24.95/C$31.95 510-548-4393 fax: 510-548-5991 800-283-9444 %O trish@peachpit.com gary@peachpit.com %P 274 %T "Computer Privacy Handbook" "Computer Privacy Handbook", Andre Bacard, 1995, 1-56609-171-3, U$24.95/C$31.95 After the three prior works on PGP and related issues, Bacard's book reads like a popular magazine article. Unfortunately, this is not necessarily an advantage. Part (chapter?) one is a general overview of privacy as related to computers. The examples and arguments used, though, are chosen from such a broad spectrum that they actually weaken the position in favour of privacy and confidentiality. Most of the anecdotes relayed in the book have little to do with computers. The majority have to do with governmental or corporate activities over which the individual has no say. None bear on the function of PGP (Pretty Good Privacy) -- to encrypt local files and, in particular, those sent over public email channels. Chapter two discusses encryption in general terms. *Very* general terms. There is no attempt to grasp or present any technical material here. This prevents Bacard from noting the silliness of statements that "high-quality crypto" is "impossible" to break, or that methods of attack have not been publicly identified. First, this sounds suspiciously like "security by obscurity". Second, an awful lot of people *do* know how to break PGP -- and they know exactly how long it will take. (By the way, it was Ken Follett, not the Germans, who used "Rebecca" as a code key.) The discussion of ITAR (the International Traffic in Arms Regulation of the US government) does not provide enough detail to explain the difficulties Phil Zimmermann faces, nor the problems in getting PGP overseas. The coverage of Clipper, however, is excellent. The overview of PGP given in chapter three is a fair enough description, but completely avoids touching on Zimmermann's difficulties with the US federal government or RSA Data Security. The pointers on how to get PGP are useless unless you want to buy ViaCrypt's version. The US sites all have limitations, and usually some form of authentication before you can access the files. The international versions are illegal in the US because of patent issues. Chapter four is documentation for the commercial version of PGP. While the Stallings (cf. BKPRTPRV.RVW), Garfinkel (cf. BKPGPGAR.RVW) and Schneier (cf. BKEMLSEC.RVW) works are written by technical experts and contain technical background, they are not impossible for the layman to understand. This work, therefore, fails in a number of respects, and brings little to the subject which has not been said before. copyright Robert M. Slade, 1995 BKCMPRHB.RVW 950418 ====================== ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 RSlade@cyberstore.ca The Internet interprets censorship as damage and routes around it - J. Gilmore Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0