(Cyphergang, this is going to have to be my last post for a while on this
thread. The points have been made. Some agree with me, some call me
treasonous. I say what I think. -TCM)
Hal Finney writes:
.....stuff elided....
>First, I don't see that the interests of RSADSI are fully aligned with
>ours regarding Clipper. Despite PKP's success in accumulating patents,
>Clipper per se does not appear to infringe, being based on a new symmetric
>cryptosystem. So they don't have any direct leverage over the use of
>Clipper.
That's right, they don't. Clipper/Skipjack/Capstone looks to be
well-planned move to reassert government control over crypto, with various
government modules replacing existing modules (as with the DSS signature
standard, which uses the El Gamal algorithm).
Whether RSADSI is upset, I don't know. I suspect so. Bidzos was quoted as
saying "Clipper is an arrow aimed at the heart of my company." (source:
Eric, who saw it in a newspaper)
...
>In fact, Clipper in some ways represents a major market opportunity for PKP.
>To the extent that the publicity leads to increased sales of encrypting
>phones, PKP may benefit from the success of the Clipper.
This could be. I don't think enough is known to answer this. I suspect the
"end run" theory mentioned above. If Bidzos thought Clipper was a great
thing for his company, he wouldn't be busily lobbying to help kill it, nor
would he have shown up at ur emergency meeting to tell us what he knew.
>(The follow-on Capstone project does appear to pose a greater threat to
>PKP, since it will use DSS (for key exchange???).)
Capstone is not really a "follow-on," in the sense that it is due to be
announced *this month*, if I recall correctly. It's very far along, I
believe. More like a "one-two punch." And, yes, it appears to be a major
threat to us all. But we'll have to wait and see, I suppose.
>
>Furthermore, in any future government prohibition on non-Clipper cryptography,
>our greatest nightmare, it is plausible that the government would "take care"
>of PKP by making sure that they get a nice piece of the pie. I could easily
>imagine a situation in which non-Clipper crypto is banned, Clipper is
>widely distributed, and PKP is doing very well financially with a slice
>of the profits from every sale.
I think I mentioned somewhere that I put Bidzos on the spot with what I
called "The 64-bit Question": Are you going to cut a deal and sell us out?
Bidzos was very sober when he answered this, and said, roughly: "If you
mean will I conspire with the government to deny strong crypto to users,
no. But if Clipper and Capstone are destined for deployment and they come
to us and offer royalties, what choice will we have? We have a duty to our
shareholders." And as he was leaving for the day, he leaned in the door to
our meeting and said, as if to reiterate the point, "Tim, I won't sell you
out."
(Please don't use this recollection of what he said for a dissection of
what he really meant, what RSA is really doing, etc. I have already said
that Bidzos said he knew nothing about the Clipper program until we all
did. And so on.)
>Even if Jim Bidzos were personally committed to widespread, strong, public
>cryptography, and opposed Clipper for fundamental philosophical reasons
>(just like us), he would be faced with a conflict of interest. As several
This is not clear. Deploying strong crypto could be more lucrative to
RSADSI than having the government deploy its own Capstone "CA"
(Cryptographic Algorithm, the new acronym du jour) and paying RSADSI some
token amount for some small piece of the package.
>people have pointed out here, Bidzos has a fiduciary responsibility to
>his shareholders to maximize profits for his twin companies. If it comes
>down to a choice between opposing Clipper on principle and accepting it
>along with guaranteed profits, he may be forced (in the same sense in which
>he is forced to send threats to Stanton McCandlish) to back Clipper.
>
>So, even if Bidzos is personally a nice guy I think we need to remember
>that his company may not be a natural ally of ours.
I completely agree and nothing I have ever said suggests we place all our
faith in his company or any other institution. What I have said--several
times, now--is that a frontal attack on the RSA patents, via highly public
postings of PGP and a "Fuck you!" approach to talking with patent owners,
is not the best strategy at this time.
>I like Tim's .sig and all it represents. But frankly, it is hard for me
>to square a commitment to radical change with the proposed alliance with
>PKP. Part of the trouble is that I still don't understand exactly what
>our relationship with RSADSI is proposed to become. But at a minimum it
>sounds like we would avoid supporting activities which would infringe
>on their patents.
There's no proposed alliance being talked about. See previous paragraph. I
don't expect anyone to necessarily agree with my politics.
>
>That means that when we want to start working on some of those things in
>Tim's .sig, we are in many cases going to have to get Jim Bidzos's
>permission. Can you imagine asking something like this:
>
>"Dear Jim: We request permission to use the RSA algorithm for an
>implementation of digital cash which we will distribute in an underground
>way among BBS's all over the world, with the goal being the support of
>"information markets, black markets, [and] smashing of governments"
>(to quote Tim's excellent .sig). "Please sign on the dotted line
>below. Yours truly, an anonymous Cypherpunk."
Of course not! Nobody has suggested this. This is a straw man. Being
nonconfrontational in some areas (aka "living to fight another day," aka
"choosing your battles carefully") doesn't mean any kind of mutual approval
pact has been signed.
I want strong crypto first and foremost. Then the other stuff can perhaps
follow. If crypto privacy is outlawed now, if the War on Drugs and "What
have you got to hide?" approaches win out, then all is lost.
>How, exactly, are we supposed to progress towards Crypto Anarchy if we
>have to be sure not to step on PKP's toes? Do we just not ask him for
>permission (in which case we are in PGP's boat)? Do we ask for permission
>without revealing the full scope of the project (in which case it may be
>rescinded later)? I am not being facetious here. I honestly don't see
>how you can carry out Cypherpunk activities with a corporate sponsor.
Asked and answered.
Let me phrase the issue in slightly different terms. Which of the following
strategies do you folks think will best improve the chances that strong
crypto remains legal?
1. CONFRONTATION: We fight RSADSI at every step. We engage them in legal
battles, we distribute infringing code whenever possible. We get PGP spread
to thousands of users, perhaps tens of thousands of users at bootleg,
underground sites. (Remember that businesses cannot use PGP without fear of
prosecution, fines, whatever...unless the Cypherpunks win their lawsuit
against RSADSI, sometime around 1997 or so, at the rate these cases move
through the courts.)
2. REALPOLITIK: We concentrate instead on spreading strong crypto into as
many ecological niches as possible: individuals, corporations, e-mail
packages, attorney-client transactions, and so on. We emphasize the legal,
constitutional right to communicate messages in the language of our choice
(that is, we have no obligation to speak in languages eavesdroppers can
more easily understand). To head off government moves to act against PGP
and similar systems, the parts of PGP that conflict with RSA's patents are
modified, thus becoming legal to use (and Phil even has a chance to make
some money, which he sure as hell can't do now).
I'll take #2 and worry about digital money and anonymous systems later.
Strong crypto is logically prior to everything else.
All I've argued is that the "in your face" approach has its limits. Most of
the PGP users are, I think we'll all agree, hobbyists and hackers who
downloaded it, played with it, learned some crypto from it, exchanged keys,
etc. Probably not too many critical uses, YET. But the popularity suggests
a hunger for strong crypto.
The Clipper/Capstone move indicates the government wants to head this off
at the pass. The question is whether the bootleg and infringing PGP (and
Phil admits to all this in his docs, obviously) has a better chance of
succeeding than a fully legal and already spreading RSA solution?
(The issue of PGP's feature set versus that of MailSafe's is secondary to
the main issues...between RSAREF, RIPEM, OCE, and other RSA-based systems,
the features can be found. I expect a compromise along these lines, mixing
parts of PGP with parts of RSAREF, is going to happen.)
As for Stanton McLandish's removal of PGP from his site, Eric Hughes and
others have explained the legal issues in great detail.
Of course, anyone who really wishes to take on the RSA patents in a big way
is perfectly free to place PGP on his U.S. site, advertise it heavily in
sci.crypt so that RSADSI cannot possibly claim to have missed it, tell
Bidzos to get lost when the inevitable "cease and desist" warning arrives,
and then follow through with the several-year legal battle that will
result.
Strong crypto is far more important that this petty issue of patents.
-Tim May
--
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: by arrangement