August 1993 - cypherpunks-legacy

No Subject
by Peter Wayner 06 Aug '93

06 Aug '93

The Rule of Law and the Clipper Escrow Project Last Thursday, I attended the first day of the Computer System Ssecurity and Privacy Advisory Board in Washington. This is a group of industry experts who discuss topics in computer security that should affect the public and industry. Some of the members are from users like banks and others are from service providing companies like Trusted Information Services. Lately, their discussion has centered on the NSA/NIST's Clipper/Capstone/Skipjack project and the effects it will have on society. At the last meeting, the public was invited to make comments and they were almost unanimously skeptical and critical. They ranged from political objections to the purely practical impediments. Some argued that this process of requiring the government to have the key to all conversations was a violation of the fourth amendment of the constitution prohibiting warrentless searches. Others noted that a software solution was much simpler and cheaper even if the chips were going to cost a moderate $25. There were many different objections, but practically everyone felt that a standard security system was preferable. This meeting was largely devoted to the rebutals from the government. The National Security Association, the Department of Justice, the FBI, the national association of District Attorneys and Sheriffs and several others were all testifying today. The board itself runs with a quasi-legal style they make a point of making both video and audio tapes of the presentations. The entire discussion is conducted with almost as much gravity as Congressional hearings. The entire meeting was suffused with an air of ernest lawfullness that came these speakers. All of them came from the upper ranks of the military or legal system and a person doesn't rise to such a position without adopting the careful air of the very diligent bureaucrat. People were fond of saying things like, "Oh, it's in the Federal Register. You can look it up." This is standard operating procedure in Washington agencies and second nature to many of the day's speakers. Dorothy Denning was one of the first speakers and she reported on the findings of the committee of five noted public cryptologists who agreed to give the Clipper standard a once-over. Eleven people were asked, but six declined for a variety of reasons. The review was to be classified "Secret" and some balked at this condition because they felt it would compromise their position in public. The talk made clear that the government intended to keep the standard secret for the sole purpose of preventing people from making unauthorized implementations without the law enforcement back door. Dr. Denning said that everyone at the NSA believes that the algorithm could withstand public knowledge with no trouble. The review by the panel revealed no reason why they shouldn't trust this assessment. Although lack of time lead the panel to largely rubberstamp the more extensive review by the NSA, they did conduct a few tests of their own. They programmed the algorithm on a Cray YMP, which incidentally could process 89,000 encryptions per second in single processor mode. This implementation was used for a cycling test which they found seemed to imply that there was good randomness. The test is done by repeatedly encrypting one value of data until a cycle occurs. The results agreed with what a random process should generate. They also tested the system for strength against a differential cryptanalysis attack and found it worthy. There was really very little other technical details in the talk. Saying more would have divulged something about the algorithm. My general impression is that the system is secure. Many people have played paranoid and expressed concerns that the classified algorithm might be hiding a trapdoor. It became clear to me that these concerns were really silly. There is a built-in trapdoor to be used by the government when it is "legal authorized" to intercept messages. The NSA has rarely had trouble in the past exercising either its explicitly granted legal authority or its implied authority. The phrase "national security" is a powerful pass phrase around Washington and there is no reason for me to believe that the NSA wouldn't get all of the access to the escrow database that it needs to do its job. Building in a backdoor would only leave a weakness for an opponent to exploit and that is something that is almost as sacrilidgeous at the NSA as just putting the classified secrets in a Fed Ex package to Saddam Hussein. Next there was a report from Geoff Greiveldinger , the man from the Department of Justice with the responsibility of implementing the the Key Escrow plan. After the Clipper/Capstone/SkipJack chips are manufactured, they will be programmed with an individual id number and a secret, unique key. A list is made of the id, key pairs and this list is split into two halves by taking each unique key, k, and finding two numbers a and b such that a+b=k. (+ represents XOR). One new list will go to one of the escrow agencies and one will go to the other. It will be impossible to recover the secret key without getting the list entry from both agencies. At this point, they include an additional precaution. Each list will be encrypted so even the escrow agency won't be able to know what is in its list. The key for decoding this list will be locked away in the evesdropping box. When a wiretap is authorized, each escrow agency will lookup the halves of the key that correspond to the phone being tapped and send these to evesdropping box where they will be decrypted and combined. That means that two clerks from the escrow agencies could not combine their knowledge. They would need access to a third key or an evesdropping box. It became clear that the system was not fully designed. It wasn't obvious how spontenaeous and fully automated the system would be. Mr. Greiveldinger says that he is trying to balance the tradeoffs between security and efficiency. Officers are bound to be annoyed and hampered if they can't start a tap instanteneously. The kidnapping of a child is the prototypical example of when this would be necessary. The courts also grant authority for "roving" wiretaps that allow the police to intercept calls from any number of phones. A tap like this begs out for a highly automated system for delivering the keys. I imagine that the system as it's designed will consist of escrow computers with a few clerks who have nothing to do all day. When a tap is authorized, the evesdropping box will be programmed with a private key and shipped to the agents via overnight express. When they figure out the id number of the phone being tapped, the evesdropping box will probably phone the two escrow computers, perform a bit of zero-knowledge authorization and then receive the two halves of the key. This would allow them to switch lines and conduct roving taps effectively. The NSA would presumably have a box that would allow them to decrypt messages from foreign suspects. At this point, I had just listened to an entirely logical presentation from a perfect gentleman. We had just run though a system that had many nice technological checks and balances in it. Subverting it seemed very difficult. You would need access to the two escrow agencies and an evesdropping box. Mr. Greiveldinger said that there would be many different "auditting" records that would be kept of the taps. It was very easy to feel rather secure about the whole system in a nice, air-conditioned auditorium where clean, nice legally precise people were speaking in measured tones. It was very easy to believe in the Rule of Law. To counteract this, I tried to figure out the easiest way for me to subvert the system. The simplest way is to be a police officer engaged in a stakeout of someone for whom you've already received a warrant. You request the Clipper evesdropping box on the off chance that the suspect will buy a Clipper phone and then you "lend" it to a friend who needs it. I think that the automation will allow the person who possesses the box to listen in to whatever lines that they want. The escrow agency doesn't maintain a list of people and id numbers-- they only know the list matching the id number to the secret key. There is no way that they would know that a request from the field was unreasonable. Yes, the audit trails could be used later to reconstruct what the box was used for, but that would only be necessary if someone got caught. The bribe value of this box would probably be hard to determine, but it could be very valuable. We know that the government of France is widely suspected of using its key escrow system to evesdrop on US manufacturers in France. Would they be willing to buy evesdropping time here in America? It is not uncommon to see reports of industrial espionage where the spies get millions of dollars. On the other hand, cops on the beat in NYC have been influenced for much less. The supply and demand theory of economics virtually guarantees that some deals are going to be done. It is not really clear what real effect the key escrow system is going to have on security. Yes, theives would need to raid two different buildings and steal two different copies of the tapes. This is good. But it is still impossible to figure out if the requests from the field are legitimate-- at least within the time constraints posed by urgent cases involving terrorism and kidnapping. The net effect of implementing the system is that the phone system would be substantially strengthened against nieve intruders, but the police (and those that bribe them) would still be able to evesdrop with impunity. Everyone needs to begin to do a bit of calculus between the costs and benefits of this approach. On one hand, not letting the police intercept signals will let the crooks run free but on the other hand, the crooks are not about to use Clipper phones for their secrets if they know that they can be tapped. The most interesting speaker was the assistant director of the National Security Agency, Dr. Clint Brooks. He immediately admitted that the entire Clipper project was quite unusual because the Agency was not used to dealing with the open world. Speaking before a wide audience was strange for him and he admitted that producing a very low cost commercial competitive chip was also a new challenge for them. Never-the-less, I found him to be the deepest thinker at the conference. He readily admitted that the Clipper system isn't intended to catch any crooks. They'll just avoid the phones. It is just going to deny them access to the telecommunications system. They just won't be able to go into Radio Shack and buy a secure phone that comes off the line. It was apparent that he was somewhat skeptical of the Clipper's potential for success. He said at one point the possibilities in the system made it worth taking the chance that it would succeed. If it could capture a large fraction of the market then it could help many efforts of the law enforcement and intelligence community. When I listened, though, I began to worry about what is going to happen as we begin to see the eventual blurring of data and voice communications systems. Right now, people go to Radio Shack to buy a phone. It's the only way you can use the phone system. In the future, computers, networks and telephones are going to be linked in much more sophisticated ways. I think that Intel and Microsoft are already working on such a technology. WHen this happens, programmable phones are going to emerge. People will be able to pop a new ROM in their cellular digital phone or install new software in their computer/video game/telephone. This could easily be a proprietary encryption system that scrambles everything. The traditional way of controlling technology by controlling the capital intensive manufacturing sites will be gone. Sure, the NSA and the police will go to Radio Shack and say "We want your cooperation" and they'll get it. But it's the little, slippery ones that will be trouble in the new, software world. The end of the day was dominated by a panel of Law Enforcement specialists from around the country. These were sheriffs, district attorneys, FBI agents and other officers from different parts of the system. Their message was direct and they didn't hesitate to compare encryption with assault rifles. One even said, "I don't want to see the officers outgunned in a technical arena." They repeatedly stressed the incredible safe guards placed upon the wiretapping process and described the hurdles that the officers must go through to use the system. One DA from New Jersey said that in his office, they process about 10,000 cases a year, but they only do one to two wiretaps on average. It just seems like a big hassle and expense for them. It is common for the judges to require that the officers have very good circumstantial evidence from informers before giving them the warrant. This constraint coupled with the crooks natural hesitation to use the phone meant that wiretaps weren't the world's greatest evidence producers. One moment of levity came when a board member asked what the criminals favorite type of encryption was. The police refused to answer this one and I'm not that sure if they've encountered enough cases to build a profile. At the end of all of the earnestness and "support-the-cop-on-the-beat", I still began to wonder if there was much value to wiretaps at all. The police tried to use the low numbers of wiretaps as evidence that they're not out there abusing the system, but I kept thinking that this was mainly caused by the high cost and relatively low utility of the technique. It turns out that there is an easy way to check the utility of these devices. Only 37 states allow their state and local police to use wiretaps in investigations. One member of the panel repeated the rumor that this is supposedly because major politicians were caught with wiretaps. The state legislatures in these states supposedly realized that receipients of graft and influence peddlers were the main target of wiretaps. Evesdropping just wasn't a tool against muggers. So they decided to protect themselves. It would be possible to check the crime statistics from each of these states and compare them against the evesdropping states to discover which has a better record against crime. I would like to do this if I can dig up the list of states that allow the technique. I'm sure that this would prove little, but it could possibly clarify something about this technique. It is interesting to note that the House of Representative committee on the Judiciary was holding hearings on abuses of the National Crime Information Center. They came in the same week as the latest round of Clipper hearings before the CSAB. The NCIC is a large computer system run by the FBI to provide all the police departments with a way to track down the past records of people. The widespread access to the system makes it quite vulnerable to abuse. In the hearings, the Congress heard many examples of unauthorized access. Some were as benign as people checking out employees. The worst was an ex-police officer who used the system to track down his ex-girlfriend and kill her. They also heard of a woman who looked up clients for her drug-dealing boyfriend so he could avoid the undercover cops. These hearings made it obvious that there were going to be problems determining the balance of grief. For every prototypical example of a child kidnapped to make child pornography, there is a rengade police officer out to knock off his ex-girlfriend. On the whole, the police may be much more trustworthy than the criminals, but we need to ask how often a system like Clipper will aid the bad guys. In the end, I reduced the calculus of the decision about Clipper to be a simple tradeoff. If we allow widespread, secure encryption, will the criminals take great advantage of this system? The secure phones won't be useful in rapes and random street crime, but they'll be a big aid to organized endeavors. It would empower people to protect their own information unconditionally, but at the cost of letting the criminals do the same. Built-in back doors for the law enforcement community, on the other hand, will deny the power of off-the-shelf technology to crooks, but it would also leave everyone vulnerable to organized attacks on people. I began to wonder if the choice between Clipper and totally secure encryption was moot. In either case, there would be new opportunities for both the law-abiding and the law-ignoring. The amount of crime in the country would be limited only by the number of people who devote their life to the game-- not by any new fangled technology that would shift the balance. I did not attend the Friday meeting so someone else will need to summarize the details.

2 1

Cliphack?
by gnu 06 Aug '93

06 Aug '93

Tim was calling it Clipjack, but I think Cliphack is better. John PS: Would you trust your momma to escrow your private key? The government is not your momma!

2 1

Our Rights are Dropping like Flies
by demon＠aql.gatech.edu 06 Aug '93

06 Aug '93

[ I just saw this posted. I think it might be of some interest. Though I hesitate to say "enjoy it". --demon ] ------------ Feel free to copy this article far and wide, but please keep my name and this sentence on it. The Bill of Rights, a Status Report by Eric Postpischil 4 September 1990 6 Hamlett Drive, Apt. 17 Nashua, NH 03062 edp(a)jareth.enet.dec.com How many rights do you have? You should check, because it might not be as many today as it was a few years ago, or even a few months ago. Some people I talk to are not concerned that police will execute a search warrant without knocking or that they set up roadblocks and stop and interrogate innocent citizens. They do not regard these as great infringements on their rights. But when you put current events together, there is information that may be surprising to people who have not yet been concerned: The amount of the Bill of Rights that is under attack is alarming. Let's take a look at the Bill of Rights and see which aspects are being pushed on or threatened. The point here is not the degree of each attack or its rightness or wrongness, but the sheer number of rights that are under attack. Amendment I Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances. ESTABLISHING RELIGION: While campaigning for his first term, George Bush said "I don't know that atheists should be considered as citizens, nor should they be considered patriots." Bush has not retracted, commented on, or clarified this statement, in spite of requests to do so. According to Bush, this is one nation under God. And apparently if you are not within Bush's religious beliefs, you are not a citizen. Federal, state, and local governments also promote a particular religion (or, occasionally, religions) by spending public money on religious displays. FREE EXERCISE OF RELIGION: Robert Newmeyer and Glenn Braunstein were jailed in 1988 for refusing to stand in respect for a judge. Braunstein says the tradition of rising in court started decades ago when judges entered carrying Bibles. Since judges no longer carry Bibles, Braunstein says there is no reason to stand -- and his Bible tells him to honor no other God. For this religious practice, Newmeyer and Braunstein were jailed and are now suing. FREE SPEECH: We find that technology has given the government an excuse to interfere with free speech. Claiming that radio frequencies are a limited resource, the government tells broadcasters what to say (such as news and public and local service programming) and what not to say (obscenity, as defined by the Federal Communications Commission [FCC]). The FCC is investigating Boston PBS station WGBH-TV for broadcasting photographs from the Mapplethorpe exhibit. FREE SPEECH: There are also laws to limit political statements and contributions to political activities. In 1985, the Michigan Chamber of Commerce wanted to take out an advertisement supporting a candidate in the state house of representatives. But a 1976 Michigan law prohibits a corporation from using its general treasury funds to make independent expenditures in a political campaign. In March, the Supreme Court upheld that law. According to dissenting Justice Kennedy, it is now a felony in Michigan for the Sierra Club, the American Civil Liberties Union, or the Chamber of Commerce to advise the public how a candidate voted on issues of urgent concern to their members. FREE PRESS: As in speech, technology has provided another excuse for government intrusion in the press. If you distribute a magazine electronically and do not print copies, the government doesn't consider you a press and does not give you the same protections courts have extended to printed news. The equipment used to publish Phrack, a worldwide electronic magazine about phones and hacking, was confiscated after publishing a document copied from a Bell South computer entitled "A Bell South Standard Practice (BSP) 660-225-104SV Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers, March, 1988." All of the information in this document was publicly available from Bell South in other documents. The government has not alleged that the publisher of Phrack, Craig Neidorf, was involved with or participated in the copying of the document. Also, the person who copied this document from telephone company computers placed a copy on a bulletin board run by Rich Andrews. Andrews forwarded a copy to AT&T officials and cooperated with authorities fully. In return, the Secret Service (SS) confiscated Andrews' computer along with all the mail and data that were on it. Andrews was not charged with any crime. FREE PRESS: In another incident that would be comical if it were not true, on March 1 the SS ransacked the offices of Steve Jackson Games (SJG); irreparably damaged property; and confiscated three computers, two laser printers, several hard disks, and many boxes of paper and floppy disks. The target of the SS operation was to seize all copies of a game of fiction called GURPS Cyberpunk. The Cyberpunk game contains fictitious break-ins in a futuristic world, with no technical information of actual use with real computers, nor is it played on computers. The SS never filed any charges against SJG but still refused to return confiscated property. PEACEABLE ASSEMBLY: The right to assemble peaceably is no longer free -- you have to get a permit. Even that is not enough; some officials have to be sued before they realize their reasons for denying a permit are not Constitutional. PEACEABLE ASSEMBLY: In Alexandria, Virginia, there is a law that prohibits people from loitering for more than seven minutes and exchanging small objects. Punishment is two years in jail. Consider the scene in jail: "What'd you do?" "I was waiting at a bus stop and gave a guy a cigarette." This is not an impossible occurrence: In Pittsburgh, Eugene Tyler, 15, has been ordered away from bus stops by police officers. Sherman Jones, also 15, was accosted with a police officer's hands around his neck after putting the last bit of pizza crust into his mouth. The police suspected him of hiding drugs. PETITION FOR REDRESS OF GRIEVANCES: Rounding out the attacks on the first amendment, there is a sword hanging over the right to petition for redress of grievances. House Resolution 4079, the National Drug and Crime Emergency Act, tries to "modify" the right to habeas corpus. It sets time limits on the right of people in custody to petition for redress and also limits the courts in which such an appeal may be heard. Amendment II A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. RIGHT TO BEAR ARMS: This amendment is so commonly challenged that the movement has its own name: gun control. Legislation banning various types of weapons is supported with the claim that the weapons are not for "legitimate" sporting purposes. This is a perversion of the right to bear arms for two reasons. First, the basis of freedom is not that permission to do legitimate things is granted to the people, but rather that the government is empowered to do a limited number of legitimate things -- everything else people are free to do; they do not need to justify their choices. Second, should the need for defense arise, it will not be hordes of deer that the security of a free state needs to be defended from. Defense would be needed against humans, whether external invaders or internal oppressors. It is an unfortunate fact of life that the guns that would be needed to defend the security of a state are guns to attack people, not guns for sporting purposes. Firearms regulations also empower local officials, such as police chiefs, to grant or deny permits. This results in towns where only friends of people in the right places are granted permits, or towns where women are generally denied the right to carry a weapon for self-defense. Amendment III No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law. QUARTERING SOLDIERS: This amendment is fairly clean so far, but it is not entirely safe. Recently, 200 troops in camouflage dress with M-16s and helicopters swept through Kings Ridge National Forest in Humboldt County, California. In the process of searching for marijuana plants for four days, soldiers assaulted people on private land with M-16s and barred them from their own property. This might not be a direct hit on the third amendment, but the disregard for private property is uncomfortably close. Amendment IV The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. RIGHT TO BE SECURE IN PERSONS, HOUSES, PAPERS AND EFFECTS AGAINST UNREASONABLE SEARCHES AND SEIZURES: The RICO law is making a mockery of the right to be secure from seizure. Entire stores of books or videotapes have been confiscated based upon the presence of some sexually explicit items. Bars, restaurants, or houses are taken from the owners because employees or tenants sold drugs. In Volusia County, Florida, Sheriff Robert Vogel and his officers stop automobiles for contrived violations. If large amounts of cash are found, the police confiscate it on the PRESUMPTION that it is drug money -- even if there is no other evidence and no charges are filed against the car's occupants. The victims can get their money back only if they prove the money was obtained legally. One couple got their money back by proving it was an insurance settlement. Two other men who tried to get their two thousand dollars back were denied by the Florida courts. RIGHT TO BE SECURE IN PERSONS, HOUSES, PAPERS AND EFFECTS AGAINST UNREASONABLE SEARCHES AND SEIZURES: A new law goes into effect in Oklahoma on January 1, 1991. All property, real and personal, is taxable, and citizens are required to list all their personal property for tax assessors, including household furniture, gold and silver plate, musical instruments, watches, jewelry, and personal, private, or professional libraries. If a citizen refuses to list their property or is suspected of not listing something, the law directs the assessor to visit and enter the premises, getting a search warrant if necessary. Being required to tell the state everything you own is not being secure in one's home and effects. NO WARRANTS SHALL ISSUE, BUT UPON PROBABLE CAUSE, SUPPORTED BY OATH OR AFFIRMATION: As a supporting oath or affirmation, reports of anonymous informants are accepted. This practice has been condoned by the Supreme Court. PARTICULARLY DESCRIBING THE PLACE TO BE SEARCHED AND PERSONS OR THINGS TO BE SEIZED: Today's warrants do not particularly describe the things to be seized -- they list things that might be present. For example, if police are making a drug raid, they will list weapons as things to be searched for and seized. This is done not because the police know of any weapons and can particularly describe them, but because they allege people with drugs often have weapons. Both of the above apply to the warrant the Hudson, New Hampshire, police used when they broke down Bruce Lavoie's door at 5 a.m. with guns drawn and shot and killed him. The warrant claimed information from an anonymous informant, and it said, among other things, that guns were to be seized. The mention of guns in the warrant was used as reason to enter with guns drawn. Bruce Lavoie had no guns. Bruce Lavoie was not secure from unreasonable search and seizure -- nor is anybody else. Other infringements on the fourth amendment include roadblocks and the Boston Police detention of people based on colors they are wearing (supposedly indicating gang membership). And in Pittsburgh again, Eugene Tyler was once searched because he was wearing sweat pants and a plaid shirt -- police told him they heard many drug dealers at that time were wearing sweat pants and plaid shirts. Amendment V No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject to the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use without just compensation. INDICTMENT OF A GRAND JURY: Kevin Bjornson has been proprietor of Hydro-Tech for nearly a decade and is a leading authority on hydroponic technology and cultivation. On October 26, 1989, both locations of Hydro-Tech were raided by the Drug Enforcement Administration. National Drug Control Policy Director William Bennett has declared that some indoor lighting and hydroponic equipment is purchased by marijuana growers, so retailers and wholesalers of such equipment are drug profiteers and co-conspirators. Bjornson was not charged with any crime, nor subpoenaed, issued a warrant, or arrested. No illegal substances were found on his premises. Federal officials were unable to convince grand juries to indict Bjornson. By February, they had called scores of witnesses and recalled many two or three times, but none of the grand juries they convened decided there was reason to criminally prosecute Bjornson. In spite of that, as of March, his bank accounts were still frozen and none of the inventories or records had been returned. Grand juries refused to indict Bjornson, but the government is still penalizing him. TWICE PUT IN JEOPARDY OF LIFE OR LIMB: Members of the McMartin family in California have been tried two or three times for child abuse. Anthony Barnaby was tried for murder (without evidence linking him to the crime) three times before New Hampshire let him go. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Oliver North was forced to testify against himself. Congress granted him immunity from having anything he said to them being used as evidence against him, and then they required him to talk. After he did so, what he said was used to find other evidence which was used against him. The courts also play games where you can be required to testify against yourself if you testify at all. COMPELLED TO BE A WITNESS AGAINST HIMSELF: In the New York Central Park assault case, three people were found guilty of assault. But there was no physical evidence linking them to the crime; semen did not match any of the defendants. The only evidence the state had was confessions. To obtain these confessions, the police questioned a 15-year old without a parent present -- which is illegal under New York state law. Police also refused to let the subject's Big Brother, an attorney for the Federal government, see him during questioning. Police screamed "You better tell us what we want to hear and cooperate or you are going to jail," at 14-year-old Antron McCray, according to Bobby McCray, his father. Antron McCray "confessed" after his father told him to, so that police would release him. These people were coerced into bearing witness against themselves, and those confessions were used to convict them. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Your answers to Census questions are required by law, with a $100 penalty for each question not answered. But people have been evicted for giving honest Census answers. According to the General Accounting Office, one of the most frequent ways city governments use census information is to detect illegal two-family dwellings. This has happened in Montgomery County, Maryland; Pullman, Washington; and Long Island, New York. The August 8, 1989, Wall Street Journal reports this and other ways Census answers have been used against the answerers. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Drug tests are being required from more and more people, even when there is no probable cause, no accident, and no suspicion of drug use. Requiring people to take drug tests compels them to provide evidence against themselves. DEPRIVED OF LIFE, LIBERTY, OR PROPERTY WITHOUT DUE PROCESS OF LAW: This clause is violated on each of the items life, liberty, and property. Incidents including such violations are described elsewhere in this article. Here are two more: On March 26, 1987, in Jeffersontown, Kentucky, Jeffrey Miles was killed by police officer John Rucker, who was looking for a suspected drug dealer. Rucker had been sent to the wrong house; Miles was not wanted by police. He received no due process. In Detroit, $4,834 was seized from a grocery store after dogs detected traces of cocaine on three one-dollar bills in a cash register. PRIVATE PROPERTY TAKEN FOR PUBLIC USE WITHOUT JUST COMPENSATION: RICO is shredding this aspect of the Bill of Rights. The money confiscated by Sheriff Vogel goes directly into Vogel's budget; it is not regulated by the legislature. Federal and local governments seize and auction boats, buildings, and other property. Under RICO, the government is seizing property without due process. The victims are required to prove not only that they are not guilty of a crime, but that they are entitled to their property. Otherwise, the government auctions off the property and keeps the proceeds. Amendment VI In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining Witnesses in his favor, and to have the assistance of counsel for his defence. THE RIGHT TO A SPEEDY AND PUBLIC TRIAL: Surprisingly, the right to a public trial is under attack. When Marion Barry was being tried, the prosecution attempted to bar Louis Farrakhan and George Stallings from the gallery. This request was based on an allegation that they would send silent and "impermissible messages" to the jurors. The judge initially granted this request. One might argue that the whole point of a public trial is to send a message to all the participants: The message is that the public is watching; the trial had better be fair. BY AN IMPARTIAL JURY: The government does not even honor the right to trial by an impartial jury. US District Judge Edward Rafeedie is investigating improper influence on jurors by US marshals in the Enrique Camarena case. US marshals apparently illegally communicated with jurors during deliberations. OF THE STATE AND DISTRICT WHEREIN THE CRIME SHALL HAVE BEEN COMMITTED: This is incredible, but Manuel Noriega is being tried so far away from the place where he is alleged to have committed crimes that the United States had to invade another country and overturn a government to get him. Nor is this a unique occurrence; in a matter separate from the Camarena case, Judge Rafeedie was asked to dismiss charges against Mexican gynecologist Dr. Humberto Alvarez Machain on the grounds that the doctor was illegally abducted from his Guadalajara office in April and turned over to US authorities. TO BE INFORMED OF THE NATURE AND CAUSE OF THE ACCUSATION: Steve Jackson Games, nearly put out of business by the raid described previously, has been stonewalled by the SS. "For the past month or so these guys have been insisting the book wasn't the target of the raid, but they don't say what the target was, or why they were critical of the book, or why they won't give it back," Steve Jackson says. "They have repeatedly denied we're targets but don't explain why we've been made victims." Attorneys for SJG tried to find out the basis for the search warrant that led to the raid on SJG. But the application for that warrant was sealed by order of the court and remained sealed at last report, in July. Not only has the SS taken property and nearly destroyed a publisher, it will not even explain the nature and cause of the accusations that led to the raid. TO BE CONFRONTED WITH THE WITNESSES AGAINST HIM: The courts are beginning to play fast and loose with the right to confront witnesses. Watch out for anonymous witnesses and videotaped testimony. TO HAVE COMPULSORY PROCESS FOR OBTAINING WITNESSES: Ronald Reagan resisted submitting to subpoena and answering questions about Irangate, claiming matters of national security and executive privilege. A judge had to dismiss some charges against Irangate participants because the government refused to provide information subpoenaed by the defendants. And one wonders if the government would go to the same lengths to obtain witnesses for Manuel Noriega as it did to capture him. TO HAVE THE ASSISTANCE OF COUNSEL: The right to assistance of counsel took a hit recently. Connecticut Judge Joseph Sylvester is refusing to assign public defenders to people ACCUSED of drug-related crimes, including drunk driving. TO HAVE THE ASSISTANCE OF COUNSEL: RICO is also affecting the right to have the assistance of counsel. The government confiscates the money of an accused person, which leaves them unable to hire attorneys. The IRS has served summonses nationwide to defense attorneys, demanding the names of clients who paid cash for fees exceeding $10,000. Amendment VII In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any Court of the United States, than according to the rules of common law. RIGHT OF TRIAL BY JURY IN SUITS AT COMMON LAW: This is a simple right; so far the government has not felt threatened by it and has not made attacks on it that I am aware of. This is our only remaining safe haven in the Bill of Rights. Amendment VIII Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted. EXCESSIVE BAIL AND FINES: Tallahatchie County in Mississippi charges ten dollars a day to each person who spends time in the jail, regardless of the length of stay or the outcome of their trial. This means innocent people are forced to pay. Marvin Willis was stuck in jail for 90 days trying to raise $2,500 bail on an assault charge. But after he made that bail, he was kept imprisoned because he could not pay the $900 rent Tallahatchie demanded. Nine former inmates are suing the county for this practice. CRUEL AND UNUSUAL PUNISHMENTS: House Resolution 4079 sticks its nose in here too: "... a Federal court shall not hold prison or jail crowding unconstitutional under the eighth amendment except to the extent that an individual plaintiff inmate proves that the crowding causes the infliction of cruel and unusual punishment of that inmate." CRUEL AND UNUSUAL PUNISHMENTS: A life sentence for selling a quarter of a gram of cocaine for $20 -- that is what Ricky Isom was sentenced to in February in Cobb County, Georgia. It was Isom's second conviction in two years, and state law imposes a mandatory sentence. Even the judge pronouncing the sentence thinks it is cruel; Judge Tom Cauthorn expressed grave reservations before sentencing Isom and Douglas Rucks (convicted of selling 3.5 grams of cocaine in a separate but similar case). Judge Cauthorn called the sentences "Draconian." Amendment IX The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people. OTHER RIGHTS RETAINED BY THE PEOPLE: This amendment is so weak today that I will ask not what infringements there are on it but rather what exercise of it exists at all? What law can you appeal to a court to find you not guilty of violating because the law denies a right retained by you? Amendment X The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people. POWERS RESERVED TO THE STATES OR THE PEOPLE: This amendment is also weak, although it is not so nonexistent as the ninth amendment. But few states set their own speed limits or drinking age limits. Today, we mostly think of this country as the -- singular -- United States, rather than a collection of states. This concentration of power detaches laws from the desires of people -- and even of states. House Resolution 4079 crops up again here -- it uses financial incentives to get states to set specific penalties for certain crimes. Making their own laws certainly must be considered a right of the states, and this right is being infringed upon. Out of ten amendments, nine are under attack, most of them under multiple attacks of different natures, and some of them under a barrage. If this much of the Bill of Rights is threatened, how can you be sure your rights are safe? A right has to be there when you need it. Like insurance, you cannot afford to wait until you need it and then set about procuring it or ensuring it is available. Assurance must be made in advance. The bottom line here is that your rights are not safe. You do not know when one of your rights will be violated. A number of rights protect accused persons, and you may think it is not important to protect the rights of criminals. But if a right is not there for people accused of crimes, it will not be there when you need it. With the Bill of Rights in the sad condition described above, nobody can be confident they will be able to exercise the rights to which they are justly entitled. To preserve our rights for ourselves in the future, we must defend them for everybody today.

1 0

My personal objection to NIST's DSS exclusive licensing proposal
by gnu 06 Aug '93

06 Aug '93

[I encourage you to file objections too. They don't have to be eight pages long! One page will do.] John Gilmore PO Box 170608 San Francisco, California, USA 94117 August 5, 1993 Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 Phone: +1(301) 975-2803. Fax: +1(301) 926-2569. Dear Sir: I am writing to provide written evidence and argument that the grant of your prospective license for the Digital Signature Algorithm (DSA) to Public Key Partners (PKP) would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. I am also applying for a personal, non-exclusive, sublicensable, and transferable license for the DSA. I propose that instead of granting a license to PKP, the Government: Put its DSA technology into the public domain, and Standardize RSA as a digital signature algorithm. In particular, the NIST proposal must meet the following criteria from 35 U.S.C. 209 (c)(1): (A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public; I argue that interests of the Federal Government and the public will best be served by my proposed approach to the problem. The RSA cryptosystem was strongly considered as a digital signature standard by NIST, and was reportedly rejected for two reasons: (1) RSA is patented, while NIST wanted a royalty-free algorithm. (2) The National Security Agency objected to the standardization of RSA, for reasons it did not specify. The first objection is interesting; both DSA and RSA are now controlled by patents, and both would require royalty payments by users in the United States. However, the RSA patents only apply in the United States, so that the public (which includes all people on the Earth) will be better served by standardizing on the algorithm that is available for royalty-free use in other countries. Also, the RSA patent is royalty-free to the government, because it was invented with government grants. The patents which control the DSA are in force worldwide, and the government does not have free use of the algorithm. This gives a clear edge to the RSA algorithm. Also, the patents controlling RSA will expire at least ten years earlier than the DSA patent (if issued) and more than seven years before the Schnorr patent which controls use of DSA. In particular, the RSA patent will expire on September 20, 2000, and all other patents which control the use of RSA expire in 1997. The Schnorr patent expires on February 19, 2008, and the DSA patent would expire seventeen years after it is issued, which has not occurred yet. The traditional model of market acceptance of technology begins with a long slow climb, requiring years, and only peaks after this momentum has built up the proper infrastructure to support the technology. At the peak, many millions of people use the technology (in some cases, almost everyone in society). Digital signature technology has followed this model, and is widely expected to reach millions of people within the next five to ten years. This is important for two reasons: (a) RSA's patent will expire before or near the point when this technology enters the "mass market" of millions of users. This will benefit the public by reducing the cost of deploying the technology to these users. The size of the market clearly provides an economic incentive sufficient to cause its deployment even in the absence of exclusive licensing. (b) RSA digital signature technology has already been climbing the curve for many years. Standardizing on it will produce quicker deployment of digital signature technology. PKP is already licensing the RSA technology on terms similar to the proposed DSA terms, and has promised non-discriminatory licensing if RSA is standardized by NIST. As for the second problem with standardizing on RSA, the objection of the National Security Agency, there are two possible reasons: (a) NSA does not want to see a digital signature technology standardized if it would also allow data encryption, because that could make interception of intelligence data harder. This objection is completely specious. NSA does not have a valid role in setting domestic policy. It is a secret agency, not accountable to the public, and explicitly prohibited by statute from operating in the United States or against United States citizens. Its advice to NIST under the Computer Security Act is restricted to be of a technical nature, not straying onto questions of policy. NIST is required to give full weight to the interests of the public when deliberating on standards. Secret agencies whose policies oppose the public interest have no weight in NIST's standardization process. In fact, the standardization of identical technology for digital signatures and for key exchange and other data encryption uses would be a *good* decision. This technology has already been implemented in Lotus Notes and Privacy Enhanced Mail, and is well proven to be acceptable to users, implementable by manufacturers, and without fault as regards domestic encryption policy. Tens of thousands of copies of these products are in daily use without any impact on domestic tranquility. (b) NSA knows of a technical reason why RSA is not suitable. In this scenario, NSA has learned how to "break" RSA, either by factoring large composites, or by some other method. The proper response of the Government, in that case, is to publicize this fact, in order to protect domestic communications. Because if NSA knows it, it's likely that opposing intelligence agencies also know how to break RSA. The United States is the most computerized society, the most networked, the most communicative. We have the most to lose by having unsecured communications that we believe are secure. In addition, it's likely that the revelation of the NSA method of breaking RSA would result in substantial progress in mathematics in other areas besides cryptography, providing further benefit to the public. Further reasons to standardize RSA rather than DSA: The strengths and weaknesses of the RSA algorithm are better understood by the technical community. More than ten years of research has gone into understanding and implementing it. The DSA has had much less research and thought brought to bear on it. A prominent cryptographer, Gustavus Simmons, alleges that the DSA contains flaws which permit small amounts of secret information to be conveyed in its digital signatures. These flaws, which appear to have been deliberately designed in, would permit the signing party to send information to recipients of the signature, without the affected party having any way to determine this. For example, if a Government agency provided a digital signature on a passport, it could secretly communicate messages such as "this person should be searched at every border crossing" or "this person is suspected of anti-American leanings". Such unproved `information' would not be tolerated by the public if communicated on the face of the passport, but using the DSA, an unscrupulous agency could use such suspicions to harass citizens in the free exercise of their rights. All of the above information should convince NIST that standardizing the RSA technology and freeing the DSA technology would best serve the interest of the Federal Government and the public, rather than granting an exclusive license for the DSA technology to PKP. The NIST proposal must also meet the following criterion from 35 U.S.C. 209 (c)(1): (B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention; NIST's own experience with the Data Encryption Standard (DES) makes it clear that releasing an encryption system for public use, without assignment of exclusive rights to any organization, produces widespread use within a short period of time. The DES is clearly the premier private-key encryption system in the country and in the world today. It is used in every Automatic Teller Machine, in every bank, as well as on the Fedwire interbank network. A derivative algorithm is used in the Unix password security system, which runs on more than a million computers in daily use. It is used in electronic mail privacy systems, including Lotus Notes and the Privacy Enhanced Mail system for the Internet. It was used in secure telephones built by AT&T -- and in fact the deployment there was too rapid for government comfort (the FBI, NIST and NSA ended up rushing the Clipper/Skipjack program into the public eye to prevent further deployment of telephones using this algorithm.) Whenever private-key encryption is used, DES is likely to be there. DES products are available worldwide from a large number of chip, board, peripheral, system, and software vendors, providing data rates ranging from very slow to a gigabit per second. It is clear that the non-exclusive licensing of DES, as well as its technical capability, was directly responsible for its widespread adoption and use. Had it been exclusively licensed, say to IBM, its originator, it would not have enjoyed the wide use it has received. IBM has built DES into products, but they did not sell well and capture the market. It was the innovative uses pioneered by others, who were free to build on IBM's and NIST's standard without negotiations or royalties, who produced the machines and software which has since served large numbers of government users and the public. The United States has a collection of programmers and cryptographers, numbering in the hundreds, who have made significant contributions to the development and deployment of cryptographic algorithms throughout society. I have seen at least ten different software implementations of DES, freely available to everyone who wants them, including full source code and commentary. Each of these implementers was able to study and build upon the work of the others, resulting in gradual improvement of the speed and robustness of the implementations. The algorithm has been embedded into freely available software for electronic mail (TIS-PEM and early PGP versions), computer network security (Kerberos), clock synchronization (NTP), and networked voice communications (VAT), just to name a few. (Most of the work involved in building these products was the software and infrastructure that was built up AROUND the DES, by the way.) If and when the DSA technology is released for free use by the public, the same community will produce widely available programs that employ it. PKP may argue that the same development would occur, under its grant of free noncommercial DSA licenses, but the point is that this developement would occur WITHOUT granting an exclusive license to PKP. And if this is true, then by statute, NIST cannot grant an exclusive license. PKP may also argue that its ownership of the Schnorr patent would prevent the development of noncommercial DSA products, unless it was granted an exclusive license in return for allowing noncommercial use of the Schnorr and DSA patents. However, the record clearly shows that even when a technology is patented (RSA, or Lempel-Ziv compression) and when the patent owner does not have a policy of permitting noncommercial use, the free software community will still produce widely used programs (PGP and Compress) which produce great benefit for the public and for the government. These programs can be used immediately by those willing to challenge the patent, or to whom the patent does not apply, and can be used by everyone after the patent expires, or if the patent owner's policy changes. Furthermore, Public Key Partners is in the position of having paid a lot of money for the Schnorr patent. If the government doesn't standardize DSA, and doesn't give PKP an exclusive DSA patent, then PKP will have to CONVINCE people to use their expensive patent. The traditional way to do so is by licensing it cheaply and widely. If people end up wanting to use DSA even though it has not been standardized, it's likely that a license for the Schnorr patent that controls it will be available at a similar price to what PKP proposed under the exclusive licensing scheme. PKP has already granted no-cost noncommercial licenses to other patents that it holds, including the RSA patent, so it is certainly conceivable that it would come to grant similar licenses for the Schnorr patent, for the same reasons. 35 USC 209 (c)(1)(C) requires that exclusive or partially exclusive licensing is "reasonable and necessary" to call forth capital to deploy the invention. The above discussion, particularly the DES evidence, has shown that this condition does not hold. 35 USC 209 (c)(1)(D) requires that the proposed terms and scope of exclusivity are not greater than reasonably necessary to bring the invention to practical application. The scope proposed by NIST is exclusive to a single company for seventeen years. My proposal is partially exclusive to the same company for seven years, then would eliminate the exclusivity completely. The company has promised similar terms for the licensing of the RSA patent, for that seven year period, so the terms of the NIST proposal and my proposal are similar, though the scope of exclusivity in mine is shorter. My proposal continues to provide the incentive for bringing the invention to practical application, so condition (D) does not hold either. The conditions in 35 USC 209 (c)(1) are joined with "and" and prefaced with "only if"; failure to meet any one of the conditions denies the agency the ability to issue an exclusive or partially exclusive license. All four conditions have failed to be met in this case, so for NIST to grant an exclusive license to PKP would be unlawful. The public interest in this technology is substantial, and it is unlikely that NIST would escape without being sued if it attempted to grant the exclusive license anyway. I myself contract for the full time of a lawyer, who is currently engaged in suing the Federal Government for its unlawful acts. I believe that two such suits are currently in process, against NSA and the Department of Justice. I would not be averse to adding NIST to the list. In the event that NIST fails to follow my recommendation that the DSA technology be made freely available to the public, I hereby request a personal, non-exclusive license to practice it. The information required under 37 CFR 404.8 for such an applicant is: Invention: Digital Signature Algorithm Patent application number: 07/738.431 Type of license: Personal, non-exclusive, sublicensable, and transferable. My name, address, email address, and phone number: John Gilmore PO Box 170608 San Francisco, California, USA 94117 gnu(a)toad.com +1 415 903 1418 My citizenship: USA My representative to correspond with: myself. Nature and type of my business: I am a privacy advocate, a programmer, an entrepreneur. Personally, I have no employees at this time, though I am co-founder and part owner of a business which employs 40 people. I am also co-founder and on the Board of Directors of a foundation which employs about ten people. I contract with a lawyer for his full-time services, though he is not an employee. Products and services which I have successfully commercialized: I was employee #5 at Sun Microsystems, and contributed significantly to the success of the company, which is now one of the world's largest computer companies. I have co-founded several businesses. I have written several substantial pieces of software which enjoy wide use, including PD Tar, a tape archive program, GNUUCP, which provides low-cost data communications, and GDB, which is a very widely used debugger. All of these programs were developed under an intellectual property technology that involves giving away the program itself, and selling services related to the program. The 40-person business mentioned above supports itself solely by this method, and provides commercial support for GDB among many other products. I am also a co-founder of the Electronic Frontier Foundation, which, as a non-profit educational foundation, has commercialized the services of advocating privacy and the public interest in electronic media, and the service of defending the public against unconstitutional or unlawful searches, seizures, and restrictions on rights in electronic media. I have successfully organized several volunteer teams of programmers and writers to produce products which were made available to the public, without requiring significant investment, by leveraging the goodwill of the people involved, and the availability of low cost computers and communications media. Source of information concerning the availability of the license: Internet electronic mail, including copies of the Federal Register. Statement indicating whether I am a small business: As an individual, I am probably not considered a small business. I do not seek use of the patent for business purposes, but for my activities in advocating privacy and anonymity in electronic media. Detailed description of plans for developing or marketing the invention: If granted this license, I would immediately sublicense all persons who wished to use the patent, at no charge. I challenge any other proposed licensee to provide a greater benefit at a lower cost. I would market the invention via online and printed communications, making the public and the software development community aware of their ability to freely use the invention without restraint from me or from the Government. I would negotiate with Public Key Partners to come to an agreement on terms by which noncommercial use of the Schnorr patent could proceed. Such availability would lead the way to commercial applications, as has happened with the RSA algorithm. I believe that minimal time and investment capital would be required in this endeavour: less than a month of my personal time, spread across several months of elapsed time, and less than $20,000 in investment, which I have available from personal funds. My capability and intention to fulfill the plan is shown by my record of achievements listed above. I and my sublicensees intend to practice the invention in all fields of use. I and my sublicensees intend to practice the invention in all geographical areas, limited only by Government- imposed export restrictions. I have not applied for nor been granted previous licenses for federally owned inventions. I believe that the DSA is being practiced by a small number of companies in private industry, and is being practiced by the Government and its contractors in conjunction with the Capstone program of the NSA. Further information which I believe will support a determination to grant me the license: If NIST truly wishes that the public be granted the maximum capability to use this invention, then granting me this license, or in the alternative, granting a royalty-free license to everyone, would best achieve that goal. Sincerely, John Gilmore

1 0

Wayner's Wonderland
by an12070＠anon.penet.fi 06 Aug '93

06 Aug '93

Mr. Wayner posts thoughtful descriptions and reflections on the CSSPAB proceedings. While I want to express my appreciation for this interesting and revealing glimpse and encourage future postings in the same vein, there are some deeply upsetting views and grating, gratuitous benedictions expressed therein that would sound worse than fingernails on a chalkboard for any hard core cypherpunk. Following is mostly vitriolic and sarcastic flame; feel free to ignore it; you've been warned. * * * Peter Wayner <pcw(a)access.digex.net> >The board itself runs with a quasi-legal style quasi-legal? and the NSA was there? how apropos! >All of them came from the upper >ranks of the military or legal system and a person doesn't rise to >such a position without adopting the careful air of the very diligent >bureaucrat. This is precisely the fluffery and facade we are *not* impressed with. The very Cream of the NSA, the brilliant minds who brought you Clipper and DSA. >The NSA has rarely had trouble in the past >exercising either its explicitly granted legal authority or >its implied authority. The phrase "national security" is a >powerful pass phrase around Washington and there is no reason >for me to believe that the NSA wouldn't get all of the access >to the escrow database that it needs [...] but you see, that is the problem. As P. Ferguson wrote, ` `National security': the root password to the Constitution.' >Building in >a backdoor would only leave a weakness for an opponent to exploit >and that is something that is almost as sacrilidgeous at the NSA >as just putting the classified secrets in a Fed Ex package to >Saddam Hussein. Hm, do you think they felt the same about DES? DSA? decreasing key size makes me wonder at night... >Next there was a report from Geoff Greiveldinger , the man from the >Department of Justice with the responsibility of implementing the the >Key Escrow plan. >[...] >It became clear that the system was not fully designed. Reminds me of the trembling, pale kid at the front of the classroom giving a book report, reading aloud from a blank page. He didn't do his homework. Not only that, but it's the wrong assignment. No matter, he's about to be expelled anyway. This key escrow system is as solid as oozing phlegm. In the Official Announcement we hear of a new Key Escrow System. Hm, what's it about? Apparently not a Key Escrow System, from what I can figure out. Denning scrambles out with some bizarre circumlocution soon after the announcement that is supposedly now Null and Void, and we have this grand new system with the Magic Eavesdropping Box. How are we to be sure that this Box is secure? Why, it utilizes a Secure Chip inside. What about the Chip? Why, there are Secure Atoms and Electrons, assuredly in the Proper Places with Correct Clearance, as designated by The Grand Holiness. >At this point, I had just listened to an entirely logical presentation >from a perfect gentleman. We had just run though a system that had many >nice technological checks and balances in it. Subverting it seemed >very difficult. Gee, I missed something there somewhere. `Not fully designed' but `difficult to subvert' because of all the `nice technological checks'. Yes, I would bet my life on that. >The most interesting speaker was the assistant director of the National >Security Agency, Dr. Clint Brooks. He immediately admitted that the >entire Clipper project was quite unusual because the Agency was not >used to dealing with the open world. Speaking before a wide audience >was strange for him and he admitted that producing a very low cost >commercial competitive chip was also a new challenge for them. their amateurism is frightening and pathetic. The lesson is not that it is `a new challenge' but a outrageous violation of their authority. I'm quite nauseated that someone here would succumb to their transparent and shifty rhetoric. They have no legal authority whatsoever in proposing this. They still fail to grasp this simple fact, despite a bludgeoning CPSR lawsuit slaps and FOIA jabs. It is a wonder they have stopped hiding behind the legs of the President. >He readily admitted that the Clipper system isn't intended to catch >any crooks. Ah, but we have the Official Announcement from Mr. Clinton explaining how it would be used to catch `criminals, drug dealers, and terrorists'! How are we to reconcile this bizarre twist? This is all so grotesque, so Orwellian, so wretched, so horribly nightmarish... we have the Key Escrow Initiative with everything but the Key Escrow read, to catch all the Criminals who aren't Criminals. >When I listened, though, I began to worry about what is going to happen >as we begin to see the eventual blurring of data and voice communications >systems. what a fantastic revelation! when did you come to this epiphany? >WHen this happens, programmable phones are going to emerge. what a ... >This >could easily be a proprietary encryption system that scrambles >everything. what a ... gosh, it would make sense for the NSA to propose Clipper for a scenario like that! what a coincidence! >The traditional way of controlling technology by >controlling the capital intensive manufacturing sites will be gone. what a ... `traditional way of controlling'? more like the `past method of manipulation'! >Sure, >the NSA and the police will go to Radio Shack and say "We want your >cooperation" and they'll get it. But it's the little, slippery ones >that will be trouble in the new, software world. what a ... It is the big, lumbering one called NSA that is already in *deep* trouble. [ sheriffs, district attorneys, FBI agents] >Their message was direct and they didn't hesitate to compare encryption >with assault rifles. One even said, "I don't want to see the officers >outgunned in a technical arena." sorry, they don't have a choice in the matter. >One DA from New Jersey said that >in his office, they process about 10,000 cases a year, but they only >do one to two wiretaps on average. It just seems like a big hassle >and expense for them. oh, perhaps you are proposing it shouldn't be a `hassle' or a `expensive'. Let me tell you, infringing on rights better DAMN WELL be more than a `hassle'! >The >police tried to use the low numbers of wiretaps as evidence that they're not >out there abusing the system, but I kept thinking that this was mainly >caused by the high cost and relatively low utility of the technique. bless you. Now I only feel 95% like strangling you. >In the end, I reduced the calculus of the decision about Clipper to be >a simple tradeoff. If we allow widespread, secure encryption, will the >criminals take great advantage of this system? who is `we'? what do you mean by `allow'? this terminology presupposes the fact that you, the NSA, or anyone else has the capability to control it. >It would empower people to protect their own >information unconditionally, but at the cost of letting the criminals >do the same. ultimately a net gain, IMHO. There is far more to gain from protection of businesses and private mail than any increased evasive power given to criminals. The point is, we can catch criminals without illegitimate crutches like wiretapping. In fact, I think wiretapping ultimately encourages laziness and inefficiency in law enforcement and investigative/detective work. We stand to gain a more efficient law enforcement system when it is ultimately rendered impossible. >I began to wonder if the choice between Clipper and totally secure >encryption was moot. for any true cypherpunk, it is not. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help(a)anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin(a)anon.penet.fi.

1 0

IRS flunkies browsing your tax records (Surprise!)
by fergp＠sytex.com 06 Aug '93

06 Aug '93

excerpted from: The Washington Post 5 August 1993 page A6 Accused of Failing to Protect Data, IRS Says It Will Buttress Safeguards by Stephen Barr Washington Post Staff Writer The Internal revenue Service, assailed by senators yesterday over a breakdown in computer security that allowed IRS workers to browse through tax records and monitor fraudulent tax refunds, pledged to strengthen safeguards set up to ensure taxpayer records are kept confidential. "it's not easy. it's painful to admit mistakes you make," Internal revenue Commissioner Margaret Milner Richardson said after listening to members of the Senate Governmental Affairs Committee express outrage that IRS workers abused their public trust. Addressing committee Chairman John Glenn (D-Ohio), Richardson said,"I feel very strongly about protecting the integrity of the tax system, and I told you we will not tolerate anything that will impinge on that integrity or the credibility of the American people." But Richardson rebuffed a suggestion by Sen. David Pryor (D-Ark.) that the IRS notify the taxpayers whose files were improperly reviewed. "I'm not sure there would be a serious value to that in terms of tax administration or in the connection with what I see as protecting the taxpayer's rights," she said. Pryor said he would continue to press for taxpayer notification, saying, "I'm going to really come down hard.... I think anyone that we can identify whose files have been browsed for no official reason, I think that taxpayer needs to know." Richardson's testimony followed the release of a report this week that showed almost 370 IRS employees in the agency's Southeast Region have been investigated or disciplined for creating fraudulent tax returns or browsing through tax returns of friends, relatives, neighbors and celebrities. In 154 cases, employees were disciplined. Deputy Commissioner Michael P. Dolan said three employees were forced to resign, three were fired, 38 received suspensions, 67 were given reprimands, 24 were admonished, 17 underwent counseling and two received "caution letters." Sen. Byron L. Dorgan (D-N.D.), noting that few employees were dismissed, questioned Richardson and Dolan on whether "we are dealing appropriately enough" with violators. They said the IRS would provide the committee with detailed information on how disciplinary judgements were made. Few details emerged at the hearing on how IRS regional employees created bogus refunds. An IRS investigative report released by the committee said that four employees are facing criminal prosecution. "In one case," the IRS report said, "an employee prepared over 200 fraudulent tax returns and monitored the refunds" on IRS computers. The report suggested that the fake refunds cost the government more than $300,000. In another case, "the employee used her position to input fraudulent adjustments and monitor the accounts of local taxpayers. She also prepared fraudulent returns, including returns for herself and her parents," the IRS report said. Dolan noted that the violations ranged from the serious to the benign, such as employees who were asked by neighbors for a favor: determine the status of their income tax refund. In answering questions, Richardson pointed out that IRS's internal audit staff had uncovered the information with the General Accounting Office. The IRS audit examined the Integrated Data Retrieval System, a database of taxpayer accounts used by 56,000 IRS workers nationwide. Richardson said the IRS is developing a "comprehensive review" of computer security issues that will improve the agency's ability to detect "inappropriate use." The IRS also is reviewing its high-risk operations, such as credit transfers amd taxpayer adjustments, in a renewed effort tp avert employee misconduct. Dolan said a review of the agency's most sensitive computer commands would be completed within the next six weeks. Richardson was a washington tax attorney before being selected earlier this year by President Clinton to run the IRS. Dolan, a career civil servant, was named deputy commissioner last year. 8<--------- End article ------------------- A old friend of mine sent me an e-mail this afternoon; it appears we see eye-to-eye on this entire fiasco -- and the dangerous role the government wants to play in the Information Age: 8<--------- forwarded message -------------- Subject: Clipper, escrows, and honesty. . . To: "fergp" <sytex.com!fergp> Saw your recent posting on SCI.CRYPT. I generally shun public postings in such an arena. . . . However, it occurred to me, with only a little bit of thought, that after the recent articles in the Washington Post regarding the employee's of the IRS browsing through friends, enemies, and famous folk's 1040's -- simply for kicks -- how would this be any different than an escrow key arrangment. Isn't it simply a given truth that if one man can view a personal secret of another, that he will be tempted? And let's face it, history proves that, more often than not, the "apple is bitten," ---- or at least "nibbled." No matter how you work it, there will always be a small group, perhaps even one, that will have access to your key. Just like that little girl that sits behind the faceless terminal can pull up my 1040 and run through the schedules to see what I won on and what I lost ---- and I'll never know that it even happened. Of course, until someone who shouldn't know does know, and perhaps at a cocktail party makes mention. . . . . Small potatoes. . . . but not if you're encrypting.. 8<---------- end forwarded mail ----------- Once again -- "Be afraid; be very afraid." Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp(a)sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government.

1 0

(fwd) Re: Will SKIPJACK's algorithm get out? (Non-technical)
by tcmay＠netcom.com 06 Aug '93

06 Aug '93

Here's a posting I did on how Skipjack (which I deliberately called "Clipjack") can be likely broken by groups like ours. The anonymous remailers, and the alt.whistleblowing group, can be used to publish details of the whole Skipjack/Capstone/Mykotronx/MYK-78/etc. ball of wax as they become available. Whether we can actually be the ones to analyze the chips or not is immaterial: spreading reports that Clipjack is vulnerable will be useful disinformation (reduced confidence, fewer commercial sales, more acceptance of more provably strong software-based alternatives, etc.) -Tim Newsgroups: sci.crypt,alt.privacy.clipper From: tcmay(a)netcom.com (Timothy C. May) Subject: Re: Will SKIPJACK's algorithm get out? (Non-technical) Message-ID: <tcmayCBBJCr.BsK(a)netcom.com> Date: Fri, 6 Aug 1993 03:36:27 GMT Larry Loen (lwloen(a)rchland.vnet.ibm.com) wrote: : Myself, I confidently expect to see Skipjack published in some Eurocrypt : proceedings or other in the next 4 or 5 years, especially if the darn thing : is actually produced in any volumes. There is a decidely : different attitude in W. Europe towards this sort of thing. : It's mostly a question of economics. Will someone, somewhere put out the : bucks to do a "tear down" of the chip and figure out how it works. I could : imagine some crypto company in Europe doing just that and being also motivated : to publish what they find for competitive reasons. . . Some of us plan to do just this: once "Clipjack" phones are finalized and on sale and/or Mykotronx is selling finalized chips, they'll be looked at. I once ran Intel's electron-beam testing lab, so I have some familiarity with looking at chips, including ostensibly tamper-resistant modules. VLSI Technology is fabbing the chips, using a process said to be quite tamper-resistant. We'll see. (While publishing the algorithm may or may not be illegal, there's no reasonable law saying you can't look at something, unless perhaps it's formally classified....will the Clipjack chips have "Top Secret" stamped on them? Somehow I can't quite picture this in phones sold across the country and outside!) (I'm not saying it'll be easy to do this reverse-engineering, mind you. Between mechanical barriers to access (carbide-like particles in the packaging compound to deter grinding), complex-chemistry epoxies to deter plasma- and chemical-decapping, various chip-level countermeasures (storing bits on floating gates, using multiple layers of metal, etc.), the access to the die surface may be very difficult. The "smartcard" chip makers have led the way in devising tamper-resistant chip processes, though their task is quite a bit easier (stopping access to an active chip on an active smartcard, to modify the money amounts) than Clipjack faces (stopping any examination of the chip topology and programming which would reveal the algorithms used) But given enough samples, enough time, and some commitment, the secrets of Clipjack will fall.) As a "Cypherpunk" (cf. cover of "Wired" #2, "Whole Earth Review" Summer '93, and the current (8-2-93) "Village Voice" cover story), I see no reason not to publish the details. This'll let other folks build phones and other comm systems which spoof or defeat the Clipjack system, especially the disgusting and thoroughly un-American "key escrow" system. Naturally, we'll use our "anonymous remailers" (multiple reroutings of messages, with each node decrypting with its key and passing on what's left to the next chosen node....diffusion and confusion, a la Chaum's 1981 "CACM" paper on "digital mixes") to protect ourselves. No sense taking chances that the Feds will view our "liberation" efforts with disfavor and hit us with charges they devise (violations of Munitions Act, RICO, sedition, etc.). This is how some of our members were able to "liberate" secret Mykotoxin documents from the dumpsters of Mykotoxin (something the Supremes have said is OK for law enforcement to do, by the way) and post them anonymously to our mailing list (I believe these docs were then posted to alt.whistleblowers, but they were only _mentioned_ on sci.crypt, not actually posted). I expect at least _three_ separate groups are preparing to break the Clipjack algorithm, at least as embodied in the Clipper/Skipjack chips that come on the market. Breaking the system also allows independent observers to see if it does in fact contain deliberate weaknesses (though the focus on "weaknesses" is secondary to the basic issue of "key escrow" as a concept--it is key escrow, especially mandatory key escrow, that is the real issue. (Mandatory key escrow is not yet part of law, to be fair, but still "in the wind"...we won't really know for a few more years whether the "voluntary" key escrow system will become mandatory) It'll also be interesting to see how Clipjack phone customers react to the revelations of the algorithms. Crypto anarchy means never having to say you're sorry. Yours in the struggle, -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.

1 0

`Web of trust model' matches common business situation too
by gnu 06 Aug '93

06 Aug '93

Date: Thu, 5 Aug 93 14:33 EDT From: TCJones(a)DOCKMASTER.NCSC.MIL ... Interestingly, I am coming to the conclusion that big business operates on a web of trust very much like what is found in PGP. There are Dun&Bradstreet reports of course, but, bye-and-large, when a company wants credit, they give a list of the other companies that they do business with as evidence of their trustworthiness in receiving credit. Peace ..Tom Jones

1 0

Re: help with encryptor
by wet!naga 06 Aug '93

06 Aug '93

In reply to your: >Subject: help with encryptor - please?!?! >To: cypherpunks(a)toad.com > > I've been working on a program for MS-DOS machines that will >encrypt and/or password protect .COM and .EXE files. > I've got it working really well at this point - but my encryption >algorithms are rather simple. I'm fairly new in the encryption biz, >and I was wondering what would be good to use for the file encryption >algorithm to make it as secure as possible? I dunno, but the Aug/Sept 1993 issue of PC Techniques magazine contains a notice on page 100 of the publication of something that might be useful. It's a C library of encryption routines (Microsoft and Borland compatible). "The encryption method is a symmetric key encryption process applicable both to blocks of data in RAM ... and also to data residing in disk files. ... Full source code is included ..." Unfortunately it's not free (though I don't suppose there's any reason why it should be). The notice says further details are available from the publisher at 510-464-3009.

1 0

PKP and DSS -- Licensing and Summation (fwd)
by fergp＠sytex.com 06 Aug '93

06 Aug '93

From: ross(a)wattle.itd.adelaide.edu.au (Ross Williams) Newsgroups: sci.crypt Subject: NIST/PKP scandal: All you need to act. Followup-To: sci.crypt Date: 4 Aug 1993 04:21:12 GMT Organization: Rocksoft Pty Ltd. Lines: 1885 Distribution: world NNTP-Posting-Host: wattle.itd.adelaide.edu.au Summary: NIST/PKP scandal: All you need to act. Keywords: nist pkp dsa dss patent digital signature Why It Is Important That You Read This Document and Address This Issue ---------------------------------------------------------------------- Right now there are some fairly significant political things happening in the area of digital signatures that will determine how they are managed for the next two decades. This matters because digital signatures will be a key technology in the future. It is likely that, in the future, most commercial transactions, and most digital communications (including email) will be sealed with a digital signature. In 1999 when J.Random Citizen goes the supermarket and swipes his credit card to buy a chocolate bar, he will most likely be issuing a digital signature. Digital signatures are going to be an extremely important technology in future society, not just in the US, but throughout the world. Because of the propagation of patents through GATT and other agreements, what happens in the US affects everyone. Unfortunately, as far as I can tell, this is a technology that the general public is not even aware of. As a result, the entire legal and political foundation for the technology is being layed down right now by the US Government and other organizations, without much interaction with the outside world. Now this isn't necessarily a bad thing; governments do a lot of good things. However, recent political developments have alarmed many people. A difficulty with the situation is that the issues are rather complex and the approach one takes to them will depend on one's attitudes towards Government, industry, intellectual property, patents and so on. And even if you have firm convictions on any of these issues, deciding what one's position on the issue is, and what one should do can be difficult. It's easy to be a radical and shoot from the hip, and it's easy to be a cynic and do nothing, but I don't like either of these approaches. The only alternative is to think it through properly and make a measured response (which may well happen to be radical!). The document below is my attempt to enumerate the facts, identify the key constraints and issues and identify a number of possible positions and responses. Rather than attempting to "precompile" all this information and advocate a particular course of action, I have provided information so that you can make up your own mind. To this end, I have added appendices containing reference material that you might otherwise have to look up (as I had to). The deadline for action (by fax) is midnight ending Monday 9 August 1993 Washington D.C. time, but it would be best to act well before then to be on the safe side. I urge you, at the very least, to read this document and make up your own mind about this important issue. Ross Williams (ross(a)guest.adelaide.edu.au.) 4 August 1993. AN ANALYSIS OF THE NIST/PKP DIGITAL SIGNATURE PATENT LICENSING PROPOSAL ======================================================================= Version : 3. Date : 4 August 1993. Author : Ross N. Williams. Net : ross(a)guest.adelaide.edu.au. Snail : 16 Lerwick Avenue, Hazelwood Park 5066, Australia. Fax : +61 8 373-4911. Phone : +61 8 379-5020 (10am to 10pm Adelaide Australia time). Thanks : The following people have provided me with information: Noah Friedman (friedman(a)gnu.ai.mit.edu.) Jack Larsen (jl(a)epsilon.eecs.nwu.edu.) Richard Stallman (rms(a)gnu.ai.mit.edu.) Dan Bernstein (djb(a)silverton.berkeley.edu.) Cleared : Cleared for public release 1:18am 04-Aug-1993: RNW. Status : Copyright (C) Ross Williams 1993. However, permission is granted to make and distribute verbatim copies of this document provided that this copyright notice is included. Disclaimer: Where this document expresses opinions on behalf of the author, those opinions are the author's only and are not representative of any organization associated with the author. Note: A GLOSSARY appears at the end of this document. If you are unsure of an acronym, look it up. Search for the word "glossary". 0. TABLE OF CONTENTS ==================== 1. The Facts of the Case 1.1 Public Key Cryptography 1.2 The Digital Signature Standard 1.3 The Choice 1.4 The Gift 1.5 Objecting and Appealing 2. What People Think (and Feel!) 3. Analysis. 3.1 Enumerating The Objections 3.2 The US Code 3.3 Alternatives for NIST 3.4 A Modern Aesops Fable 4. What You Can Do. 4.1 Many Options 4.2 To Whom To Write 4.3 A Selection of Things To Say -- A. Glossary. B. NIST's Announcement C. United States Code Title 35. D: 37 CFR 404.7 (Checklist for License Application) E: Dan Bernstein's Posting and Form Letter F: The LPF Announcement G. The letters I intend to send. 1. THE FACTS OF THE CASE ======================== As far as I can determine, these are the facts of the case. I have not checked all these facts, and welcome corrections. I regret that I do not have the time to substantiate the stuff in this section with formal references. 1.1 Public Key Cryptography ---------------------------- * In late 1970's and early 1980's there was a revolution in cryptography caused by the invention of public-key cryptography by researchers at MIT and Stanford. Those researchers created patents covering much of the new technology, and these patents were assigned to their respective institutions. * In order to exploit the new technology, MIT and Stanford created a company called Public Key Partners (PKP) to whom they granted exclusive sublicensing rights to the cryptography patents. As a result PKP has controlled the use of public key cryptography for the last decade or so. * PKP claims that its patents are very broad and cover not just specific public key cryptography techniques such as the RSA technique, but also cover the IDEA of public-key cryptography too. Like most issues involved in this whole situation, this issue is not clear and can only be resolved in the courts. This document assumes that the PKP patends are broad. * The PKP patents expire between 1997 and 2008. The most important ones expire between 1997 and 2000. * Public key cryptography is a seminal enabling technology that solves most information integrity problems, including the ability to create unforgeable digital signatures. Digital signatures are just like real handwritten signatures except that they can be applied to digital documents. 1.2 The Digital Signature Standard ---------------------------------- * Digital signatures are extremely powerful, but also rather technologically messy to implement. Keys have to be generated and managed. In particular, the issuing of a digital signature is a social and commercial event most likely requiring network events. In my opinion digital signatures will not enter widespread use until they are standardized. * Several years ago, the US Congress, recognising the need for a standard, instructed NIST (The US National Institute of Standards and Technology) to perform a study and come up with a proposal for a digital signature standard. * NIST evaluated the options and, among other things, commissioned its own signature scheme called DSA (Digital Signature Algorithm). The DSA was prepared with assistance from the NSA (National Security Agency). * When all the dust settled, there were two proposals to choose from: a proposal by PKP based on RSA, and DSA. NIST patented DSA which meant that both proposals were embodied in patents, one owned by PKP and the other by NIST. * There were many pros and cons for each proposal including: - PKP asserted that the NIST proposal was technically more arbitrary than the RSA and was created in a more politically impure environment (with help from the NSA) and so was more likely to have a backdoor in it somewhere. RSA is based on prime numbers and is simpler and more self-evidently backdoor-free. - The PKP proposal was privately owned and so, if it was chosen, everyone would have to pay PKP royalties. * Because the use of digital signatures requires the interaction between random pairs of individuals in society and other organizations and agencies, it would appear that there is no room for two standards. It might be possible for two standards to coexist, but once one catches on, no one will want to know about the other, as "hardly anybody uses it". Furthermore, whatever is chosen as the standard is likely to become mandatory when interacting with various government institutions. Thus, whatever happens, the standard that catches on is likely to dominate and will be hard to supplant even by technologically better rivals. This makes right-now a critical time. 1.3 The Choice -------------- * The decision was up to NIST. In the end it chose its own proposal which was subsequently named in its DSS (Digital Signature Standard) as the standard algorithm. * NIST's problem then was how to cope with PKP. It seems that earlier on, NIST declared the DSA free of coverage from other patents: "[We] believe this technique is patentable and that no other patents would apply to the DSS." -- NIST --US Federal Register, 30 August 1991. However, it seems that since that time, PKP applied pressure to NIST claiming that the DSA was covered by PKP's broader patents. It is still not clear what the practical scope of PKP's patents is and the only way to tell is go to court. What is certain is that the PKP patents THREATEN the DSA patent and can cause trouble for it at any time. Meanwhile, NIST has certainly behaved as if the PKP patents are a problem as it stated in its DSA license proposal announcement (see Appendix B of this document): >The prospective license is a cross-license which would resolve a >patent dispute with Public Key Partners and includes the right to If PKP are right then patent law says that neither party can use the technology without obtaining a license from the other party. However, the coverage of PKP's patents is far from clear. 1.4 The Gift ------------ * In the end, NIST decided to simply GIVE its DSA patent to PKP. Actually, it's not giving, it's an exclusive license, which is effectively the same thing. We will use the word "give" in this document. * This decision has been, to say the least, controversial. At least is has within the subculture that knows about these things. It hasn't hit Donahue yet. * The PKP patents run out between 1997 and 2000. The DSA patent runs out in about 2010. Thus, if PKP's patents have teeth then NIST is GIVING PKP a monopoly of a major national standard for 10 years. If PKP's patents don't have coverage, then NIST is GIVING PKP the monopoly for about 16 years. Either way, it's an unnecessarily generous gift and one that will probably cost the public hundreds of millions of dollars. * Monopolistic control over DSA is a gold mine. I can't put a figure on how much it would be worth, but certainly more than three flat rocks and a piece of string. Just remember that most commercial transactions of the future and probably most electronic communications will be executed using digital signatures and you get an idea of the scope of the monopoly. It's almost like simultaneously owning a patent on the pens with which all people must sign contracts and on sealing wax with which people seal envelopes (or did in more romantic eras). * PKP has stated its INTENT to license DSA free for non-commercial use: >It is PKP's intent to make practice of the DSA royalty free for >personal, noncommercial and U.S. Federal, state and local >government use. As explained below, only those parties who enjoy >commercial benefit from making or selling products, or certifying >digital signatures, will be required to pay royalties to practice >the DSA. However, this apparently does not cover software distribution schemes that operate at cost or which cross-subsidize distribution to yield a non-profit. Note also that this statement of intent does not represent a binding committment. * PKP has issued a statement committing itself to charging a maximum royalty rate of 5% if the deal goes through. However, there are also "minimum fees" which are going to be $10000 per year, plus $10000 for small companies and $25000 for big companies. * An important aspect of the situation is that after PKP's patents run out, there will be nothing stopping anyone from creating and using new digital signature algorithms that are not DSA. The trouble is that by that stage DSA will be so well established that no one will want to use anything else. So, while PKP will eventually lose control over public-key cryptography, they will still have control over the DSA, and by then nobody will be able to supplant it with a free standard. * If the deal does go through then we are likely to see an interesting effect as the PKP patent expiry dates approach. At roughly that time, PKP's RSA patents will expire and we will find that PKP is promoting the DSA (over which it holds a patent) and downplaying (and possibly denigrating) the RSA algorithms upon which the company was founded!!!!!!!!!!!!! 1.5 Objecting and Appealing --------------------------- * The DSA patent has not yet been licensed to PKP. By 37 CFR 404.7, this cannot occur unless NIST first advertises the fact that the licensing is to take place, and solicits objections from the public. NIST made such an advertisement in the US Federal Register on 8 June 1993: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. This noticed was published on about 8 June 1993 so the deadline for responses is 8 August 1993 Washington D.C. time. However, this is a Sunday and we have obtained a verbal commitment from NIST that Monday is OK too. * A lawyer I know who has knowledge of this case has indicated that he thinks that there is no likelihood that NIST will back out of the deal at this stage. However, he feels that this stance is a result of leftovers from the Bush administration. Apparently appeals will be heard by the new Clinton administration and so there is a chance of a change of mind by NIST. * An appeal can be made later to the new administration by anyone who submitted written comments to NIST (as explained above) in opposition to the proposal. Appealants can appeal "de novo" which means that they are not limited to facts and arguments submitted now. * The word "algorithm" appears in the DSA patent, despite the fact that it is officially impossible to register a software patent (it has to be framed in terms of hardware) so it may be that the DSA patent is invalid. 2. WHAT VARIOUS PEOPLE THINK (AND FEEL!) ======================================== * Many people do not believe that algorithmic processes, and in particular, software should be patentable at all. This is an extremely complex issue, but if you do not believe that software patents should exist, you will also believe that the PKP patents should not exist. * Many people are worried that public key cryptography was patented, given its origins. They point out that most of the research leading to it was funded by public (i.e. taxpayer's) money granted by the US Federal Government to Universities. They point out that if the result of such research should be framed as property at all (e.g. patents) then it should be public property. In fact, a database search of the relevant patents reveals that many of them have the following note attached which would seem to indicate that the government may have some direct rights to the patents: >GOVERNMENT INTEREST (GI) The Government has rights in this > invention pursuant to Grant No. ENG-10173 of > the National Science Foundation and IPA No. > 0005. * One of the purposes of the patent system is to cause technology to be exploited. Some people have suggested that PKP has not been effective in allowing the diffusion public key cryptography. I am not in a position to establish the truth or falsehood of this statement. However, there is intuitive evidence in the fact that public key cryptography was invented almost 20 years ago, and yet is not yet in widespread use. A visit to the supermarket checkout counter reveals no digital signatures. Why not? * Some people have suggested that the reason for the lack of diffusion of public key cryptography is that a cosy unspoken understanding exists between PKP and various US Government agencies that are none-too-happy about the prospect of a diffusion of this technology. Evidence for the attitude of government agencies is: 1) the smoking gun of the 56-bit DES key, 2) the fact that much cryptographic technology is currently classified as "munitions" and cannot be exported without a license. Evidence of the lack of diffusion is the supermarket argument above. The rest is speculation. * Many people were worried when NIST patented the DSA. They felt that no good could come from embodying a public standard as a piece of intellectual property. Their fears have been realized as NIST is about to license that property exclusively to PKP. * It is very easy to get hot under the collar at NIST. However, it is also important to realize that their actions MAY be motivated by no more than a desire for the public good - to disseminate digital signature technology as quickly as possible. In this quest they ran up against a problem - PKP - and solved it as quickly and as easily as they could - by giving the DSA patent to PKP. * I do not particularly hold any bad feelings towards PKP or its employees. I have been developing a product recently that has required me to interact with PKP and to license one of their algorithms. They have been nothing but polite and helpful and have provided me with useful information. My concern is not with PKP, but with the future of digital signatures. 3. ANALYSIS =========== 3.1 Enumerating The Objections ------------------------------ I you are at all like me, by this stage your brain will be feeling as if it is full of cotton wool so let's attempt to crystalize it all. First, why should we care at all? The answer to this is that digital signatures are going to be very important in the future. Second, what bad things have happened, or are about to happen? This depends on your stand on various issues in intellectual property. Combing through previous sections, we can assemble at least the following list of potential objections: * Object to software patents in general. * Object to publicly funded universities creating patents at all. * Object to such universities assigning such patents to commercial companies. * Object to PKP allegedly holding up the diffusion of public key technology. * Object to the involvement of the NSA in creating the DSA. * Object to NIST choosing DSA as standard instead of RSA. * Object to NIST embodying DSA in a patent. * Object to government agencies assigning patents to commercial companies. * Object to NIST assigning the patent to just ONE company. * Object to NIST effectively extending PKP's patent powers. * Object to NIST making it more difficult for companies that wish to fight PKP to do so. So there is certainly a lot to grumble about! This is a problem with this issue: there are too many ducks to shoot at and the more idealistic you are the easier it becomes to get angry and confused. However, right now we are right near the end of NIST's 60-day deadline and coherent focussed action is required. >From the legal tactical point of view, there are many many angles of attack. I won't go into them here; the situation touches on constitutional law, administrative law, patent law and I don't understand it all. Just be assured that "teams of lawyers are working around the clock" :-) What we really need of course is a turbo-charged Hillary, but this is not possible at this time. What IS important is that the current situation seems to be largely a result of the leftovers of the Bush administration. The new Clinton administration may take different view on all this. I have heard that soon the top few people in NIST will be replaced by Clinton people. This means that if enough people object now with enough good reasons, the issue might get held up long enough for it to be caught by the new administration. And the "de novo" aspect of the appeals process means that new arguments can be created and presented later, so you are not limited later to what you say now. So say anything, but please say something, now. As we have seen, there are many legitimate objections that could be made. In my mind the key ones are: * That NIST is placing a key international standard in the hands of a single company. * That by handing DSA to PKP, NIST is giving PKP power unnecessarily. It may be that some companies believe that they can beat PKP's broad patents in court. However, if the NIST/PKP deal goes through, such companies will have to break not only the broad PKP patents, but the more specific DSA one as well. If the PKP patents are so strong, why should NIST need to give PKP the DSA patent at all? In addition to these general objections, we can also respond directly and formally to NIST's requests for comments on the deal. The next section discusses this. 3.2 The US Code --------------- NIST has requested objections to its proposal before 8 August 1993. Furthermore, it has specified exactly what its criterion is for evaluating objections: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. I have obtained copies of 35 U.S.C. 209 (see Appendix C) and 37 CFR 404.7 (see Appendix D). The latter is basically the former repeated over a few times with some bits added. Here are the juicy clauses of 35 U.S.C. 209 - the ones that specify the criteria that NIST is supposed to be using to determine whether to license DSA to PKP. NIST is most likely to respond favourably to objections lodged to it that address these criteria and explain why they are not being met. Here we go: >(A) the interests of the Federal Government and the public will >best be served by the proposed license, in view of the applicant's >intentions, plans, and ability to bring the invention to practical >application or otherwise promote the invention's utilization by >the public; I think it's fairly clear from the history of the computer industry in the last two decades that computer companies will need little encouragement in adopting and implementing this standard without the help of PKP! >(B) the desired practical application has not been achieved, or is not >likely expeditiously to be achieved, under any non-exclusive license >which has been granted, or which may be granted, on the invention; DSS has only recently been declared a standard, so it's hard to judge. It depends on how good PKP's is at preventing companies from implementing DSA. >(C) exclusive or partially exclusive licensing is a reasonable and >necessary initiative to call forth the investment of risk capital and >expenditures to bring the invention to practical application or >otherwise promote the invention's utilization by the public; and This condition absolutely is not met. The history of the computer industry and the potential for the DSA clearly indicates that there will be, if anything, a glut of risk capital for implementing DSA. And it's probably not even likely to be "risk" capital! >(D) the proposed terms and scope of exclusivity are not greater than >reasonably necessary to provide the incentive for bringing the invention >to practical application or otherwise promote the invention's >utilization by the public. Even if DSA is a subset of PKP's patents and NIST is assigning DSA to PKP to simplify the situation, this condition is definitely not met as NIST is licensing DSA to PKP for at least 10 years longer than it needs to - more than half the life of the patent. PKP's patents expire before 2000, but NIST is granting DSA until the year 2010. This is FAR greater than is reasonably necessary. Because technology tends to diffuse in accordance with an exponential curve (at least until it saturates), it is likely that the royalties PKP will receive between 2000 and 2010 will be a hundred times greater than those it receives beween 1993 and 2000. Thus, in practice, NIST may be being overgenerous by a factor of one hundred or more. SUMMARY: If we assume that NIST's goal is to get DSA in use as quickly as possible, then their only obstacle is PKP. The clauses above address the issues of technology diffusion and the attraction of risk capital. These issues are not central in this case as it must be blindingly obvious to anyone who knows the computer industry that the DSA standard would go like curry through a senior citizen if all the patents were lifted from it (remember, we are most likely talking about most commercial outlets in the US and nearly all electronic mail in the future). Thus, the only reason why NIST should consider handing over the DSA patent under these clauses is because PKP has the industry by the throat. But this is not certain, and even if it was, under clause (D) above, NIST should attempt to minimize its commitment to PKP. If it is to license DSA to PKP AT ALL, it should license it only until PKP's patents run out, not until the year 2010. And even licensing DSA to PKP until the patents run out is unnecessary because if NIST offered a public license of DSA, companies could simply fight PKP's patents in the courts directly without DSA being involved. 3.3 Alternatives for NIST ------------------------- As we have seen above, NIST's actions are at least inconsistent with the code with respect to section (D). So, we can write to them and complain about that specifically. By now, you should have a pretty good feel for the situation. My personal opinion is that NIST are simply eager to diffuse the technology, but because they feel "blocked" by PKP, have folded to them. Unfortunately, they seem to giving up far more than they need to. So let's help them get their confidence back :-) by coming up with some alternatives: A1: ISSUE A GENERAL PUBLIC LICENSE: This would knock NIST out of it, allowing those wishing to implement DSA to deal with PKP directly, either through the courts, or the banks. :-) At least PKP's power would not be increased. A2: FIND ANOTHER STANDARD OR ENCOURAGE INFRASTRUCTURE FOR ANOTHER STANDARD: Do we want DSA at all? Given that the NSA had a finger in it, it's not clear how secure it is. Is it really desirable for certain U.S. government agencies, perhaps a little out of control, to be able to digitally prove in court that any citizen it particularly feels like targetting has taken out a $200,000 loan which has not been repayed? Well, of course, it's not that simple. Even so, these technologies have a habit of being used for increasingly serious applications and this sort of abuse is not unimaginable. In the new commercial world, a backdoor to the DSA would be a license to print money, without all the hassles of running a printing press. Perhaps it is better to take a completely different approach. Independent of licensing issues, I don't think that NIST are going to back down from their own standard. However, they could assist the free market along by specifying that all implementations of DSA incorporate a general digital signature framework into which a variety of digital signature algorithms could be inserted, including DSA. If all manufacturers implemented this, then, at a later date it would be easy to switch to another standard or choose one or another standard at the supermarket till. Even if NIST gave PKP DSA, by enforcing this "slot" openness in the implementation of DSA, it could pave the way for the standard to be replaced in the future by a better one (perhaps RSA!) when the PKP patents expire. 3.4 A Modern Aesops Fable ------------------------- During times of drought a farmer noticed that his cow was looking a bit thin so he sent his son out with the cow to find some nice green grass to munch on so that the cow would grow fat and yield lots of milk. The son walked the cow for miles and miles (making the cow even thinner in the process), but couldn't find any grass (it's the Australian outback). In the end he found a nice green paddock and set the cow grazing. Later the son returned to the homestead: Farmer : How'd it go son? Do we have a happy cow now? Son : Well sort of; I had trouble finding a grassy paddock. Farmer : But you found one in the end didn't you? Son : Yes, and I put the cow in the paddock. But soon another farmer came running out. He said it was his paddock --- he had rented it for three years --- and that I couldn't graze my cow there without giving him some milk. It was the only green paddock there was. Farmer : So what did you do? Son : I gave him the cow. 4. WHAT YOU CAN DO ================== 4.1 Many Options ---------------- If you've read this far, the extra amount of work required to print out a letter of objection and mail it to NIST will seem trivial by comparison! Furthermore, if you act, you may be able to secure a DSA license for yourself from NIST before DSA is handed over to PKP. It is important to realize that NIST are actually SOLICITING objections. So it's not as if you are writing in cold. Regardless of what NIST's real attitude is, the fact is that they have to receive and collate all the objections they receive and pay some sort of attention to them. As we've seen above, the issues are complicated, and the sort of response you'll want to send NIST will depend on your point of view. I'm not going to tell you what to send to NIST. However, I am going to make it as easy as possible to send SOMETHING to NIST by providing handy information such as the address of the person to send to :-) along with various form letters. One interesting aspect of objecting is stated by NIST in their announcement: >Applications for a license filed in response to this notice will be >treated as objections to the grant of the prospective license. Thus, if you do no more than simply file an application for a DSA license (to NIST before it hands it over to PKP), you will be objecting implicitly. 4.2 To Whom To Write -------------------- NIST states in their announcement that "Inquiries, comments, and other materials relating to the prospective license shall be submitted to: Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 Phone: +1(301) 975-2803. Fax: +1(301) 926-2569. The formal deadling is the end of 08-Aug-1993. However as that is a Sunday, Michael Rubin has stated to others that correspondence received on Monday 09-Aug-1993 will be accepted. Furthermore, in a telephone conversation between Michael Rubin and myself between 1:22am and 1:24am on 04-Aug-1993 Adelaide time, he informed me that faxed correspondence would be accepted until midnight ending Mon 09-Aug-1993 [implicitly Washington DC time]. (Sorry, I forgot to ask him his email address - fax is probably better anyway, as I understand that faxed signatures are accepted in law (no digital signatures in email yet :-)). The LPF has requested that you send a copy of your letter to them at: League for Programming Freedom 1 Kendall Square #143 P.O.Box 9171 Cambridge, Massachusetts 02139 The League for Programming Freedom is an organization which defends the freedom to write software, and opposes monopolies such as patented algorithms and copyrighted languages. It advocates returning to the former legal system under which if you write the program, you are free to use it. Please write to the League if you want more information. Sending copies to the League will enable them to show them to elected officials if that is useful. 4.3 A Selection of Things To Say -------------------------------- Here is a list of actions to give you ideas. * Write to NIST and ask for a personal or implementors license. The personal license will allow you to use the DSA technology in 5,231,668. The implementors license will allow you to create for-private-use or public domain DSA implementations. You can use the Dan Bernstein form letters in Appendix E to do this. NIST may or may not grant the license, but at least you can try. * Write to NIST objecting to the DSA deal on one or more of the following grounds: - Various idealistic reasons such as the creation of the technology using public money, the assignment of the technology to a private company, and the involvement of the NSA in formulating the standard. - Because the deal "is not consistent with requirements of 35 U.S.C. 209 and 37 CFR 404.7." More specifically >(C) exclusive or partially exclusive licensing is a reasonable and >necessary initiative to call forth the investment of risk capital and >expenditures to bring the invention to practical application or >otherwise promote the invention's utilization by the public; and There will be no shortage of risk capital for DSA! >(D) the proposed terms and scope of exclusivity are not greater than >reasonably necessary to provide the incentive for bringing the invention >to practical application or otherwise promote the invention's >utilization by the public. PKP's patents run out by 2000, but NIST is granting them DSA to 2010. * Write to NIST and suggest that they issue a general public license. * Write to NIST objecting, explaining the importance of DSA in future society and urging them to (as the LPF puts it) "pursue all possible means, judicial and legislative, to invalidate or annull the PKP patents", and failing that "take them by eminent domain". This would be cheaper in the long run than the current plan. (Note: I can't help you with the details here: I don't know what eminent domain is. I presume it's what happens when congress finds out that someone has patented the slush fund :-) * Send a copy of the farmer fable :-) That's it! Over to you now! ===================================================================== APPENDIX A: GLOSSARY ==================== DES = Data Encryption Standard. DSA = Digital Signature Algorithm. DSS = Digital Signature Standard. LPF = League for Programming Freedom NIST = National Institute of Standards and Technology. NSA = National Security Agency. PKP = Public Key Partners. RSA = Rivest Shamir Adelman - an important public-key cypher. ===================================================================== APPENDIX B: NIST'S ANNOUNCEMENT =============================== ** The following notice was published in the Federal Register, Vol. 58, No. 108, dated June 8, 1993 under Notices ** National Institute of Standards and Technology Notice of Proposal for Grant of Exclusive Patent License This is to notify the public that the National Institute of Standards and Technology (NIST) intends to grant an exclusive world-wide license to Public Key Partners of Sunnyvale, California to practice the Invention embodied in U.S. Patent Application No. 07/738.431 and entitled "Digital Signature Algorithm." A PCT application has been filed. The rights in the invention have been assigned to the United States of America. The prospective license is a cross-license which would resolve a patent dispute with Public Key Partners and includes the right to sublicense. Notice of availability of this invention for licensing was waived because it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public. Public Key Partners has provided NIST with the materials contained in Appendix A as part of their proposal to NIST. Inquiries, comments, and other materials relating to the prospec- tive license shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, Maryland 20899. His telephone number is (301) 975-2803. Applica- tions for a license filed in response to this notice will be treated as objections to the grant of the prospective license. Only written comments and/or applications for a license which are received by NIST within sixty (60) days for the publication of this notice will be considered. The prospective license will be granted unless, within sixty (60) days of this notice, NIST receives written evidence and argument which established that the grant of the license would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. Dated: June 2, 1993. Raymond G. Kammer Acting Director, National Institute Standards and Technology. Appendix "A" The National Institute for Standards and Technology ("NIST") has announced its intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's pending patent application on the Digital Signature Algorithm ("DSA"). Subject to NIST's grant of this license, PKP is pleased to declare its support for the proposed Federal Information Processing Standard for Digital Signatures (the "DSS") and the pending availability of licenses to practice the DSA. In addition to the DSA, licenses to practice digital signatures will be offered by PKP under the following patents: Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 It is PKP's intent to make practice of the DSA royalty free for personal, noncommercial and U.S. Federal, state and local government use. As explained below, only those parties who enjoy commercial benefit from making or selling products, or certifying digital signatures, will be required to pay royalties to practice the DSA. PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993. Having stated these intentions, PKP now takes this opportunity to publish its guidelines for granting uniform licenses to all parties having a commercial interest in practicing this technology: First, no party will be denied a license for any reason other that the following: (i) Failure to meet its payment obligations, (ii) Outstanding claims of infringement, or (iii) Previous termination due to material breach. Second, licenses will be granted for any embodiment sold by the licensee or made for its use, whether for final products software, or components such as integrated circuits and boards, and regard- less of the licensee's channel of distribution. Provided the requisite royalties have been paid by the seller on the enabling component(s), no further royalties will be owned by the buyer for making or selling the final product which incorporates such components. Third, the practice of digital signatures in accordance with the DSA may be licensed separately from any other technical art covered by PKP's patents. Fourth, PKP's royalty rates for the right to make or sell products, subject to uniform minimum fees, will be no more than 2 1/2% for hardware products and 5% for software, with the royalty rate further declining to 1% on any portion of the product price exceeding $1,000. These royalty rates apply only to noninfringing parties and will be uniform without regard to whether the licensed product creates digital signatures, verifies digital signatures or performs both. Fifth, for the next three (3) years, all commercial services which certify a signature's authenticity for a fee may be operated royalty free. Thereafter, all providers of such commercial certification services shall pay a royalty to PKP of $1.00 per certificate for each year the certificate is valid. Sixth, provided the foregoing royalties are paid on such products or services, all other practice of the DSA shall be royalty free. Seventh, PKP invites all of its existing licensees, at their option, to exchange their current licenses for the standard license offered for DSA. Finally, PKP will mediate the concerns of any party regarding the availability of PKP's licenses for the DSA with designated representatives of NIST and PKP. For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief Counsel for Technolo- gy, NIST, or Public Key Partners. Dated: June 2, 1993. Robert B. Fougner, Esq., Director of Licensing, Public Key Partners, 310 North Mary Avenue, Sunnyvale, CA 94033 [FR Doc. 93-13473 Filed 8-7-93; 8:45 am] ===================================================================== APPENDIX C: UNITED STATES CODE (U.S.C.) TITLE 35 - PATENTS SECTION 209 ====================================================================== Note: 37 CFR 404.7. is basically the following repeated over a few times with some irrelevant bits added. S 209. Restrictions on licensing of federally owned inventions -------------------------------------------------------------- (a) No Federal agency shall grant any license under a patent or patent application on a federally owned invention unless the person requesting the license has supplied the agency with a plan for development and/or marketing of the invention, except that any such plan may be treated by the Federal agency as a commercial and financial information obtained from a person and privileded and confidential and not subject to disclosure under section 552 of title 5 of the United States Code. (b) A Federal agency shall normally grant the right to use or sell any federally owned invention in the United States only to a licensee that agrees that any products embodying the invention and produced through the use of the invention will be manufactured substantially in the United States. (c) (1) Each Federal agency may grant exclusive or partially exclusive licenses in any invention covered by a federally owned domestic patent or patent application only if, after public notice and opportunity for filing written objections, it is determined that --- (A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public; (B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention; (C) exclusive or partially exclusive licensing is a reasonable and necessary initiative to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public; and (D) the proposed terms and scope of exclusivity are not greater than reasonably necessary to provide the incentive for bringing the invention to practical application or otherwise promote the invention's utilization by the public. (2) A Federal agency shall not grant such exclusive or partially exclusive license under paragraph (1) of this subsection if it determines that the grant of such license will tend substantially to lessen competition or result in undue concentration in any section of the country in any line of commerce to which the technology to be licensed relates, or to create or maintain other situations inconsistent with the antitrust laws. (3) First preference in the exclusive or partially exclusive licensing of federally owned inventions shall go to small business firms submitting plans that are determined by the agency to be within the capabilities of the firm and equally likely, if executed, to bring the invention to practical application as any plans submitted by applicants that are not small business firms. <<<<Note: The rest of the clauses are mainly administrative dealing with foreign patents and record keeping. There are clauses that enable the government to terminate the license if the licensees misbehave. In particular, the final clause (given below) is rather interesting.>>>> (f)...(4) the right of the Federal agency to terminate the license in whole or in part if the agency determines that such action is necessary to meet requirements for public use specified by Federal regulations issued after the date of the license and such requirements are not reasonably satisfied by the licensee. ===================================================================== APPENDIX D: 37 CFR 404.8 (Checklist for License Application) ============================================================ 37 CFR 404.8 gives a checklist of the things you have to do to apply for a license. S 404.8 Application for a License --------------------------------- An application for a license should be addressed to the Federal agency having custody of the invention and should normally include: (a) Identification of the invention for which the license is desired including the patent application, serial number or patent number, title, and date, if known; (b) Identification of the type of license for which the application is submitted. (c) Name and address of the person, company, or organization applying for the license and the citizenship or place of incorporation of the applicant; (d) Name, address, and telephone number of the representative of the applicant to whom correspondence should be sent; (e) Nature and type of the applicant's business, identifying products and services which the applicant has successfully commercialized; and approximate number of the applicant's employees; (f) Source of information concerning the availability of a license on the invention. (g) A statement indicating whether the applicant is a small business firm as defined in S404.3(c) [S404.3 (c) SMALL BUSINESS FIRM means a small business concern as defined in section 2 of Pub. L. 85-536 (U.S.C.632) and implementing regulations of the Administrator of the Small Business Administration.] (h) A detailed description of applicant's plans for developing or marketing the invention, or both, which should include: (1) A statement of the time, nature and amount of anticiapted investment capital and other resources which applicant believes will be required to bring the invention to practical application; (2) A statement as to the applicant's capability and intention to fulfill the plan, including information refarding manufacturing, marketing, financial and technical resources; (3) A statement of the fields of use for which applicant intends to practice the invention; and (4) A statement of the geographic areas in which applicant intents to manufacture any products embodying the invention and geographic areas where applicant intents to use or sell the invention, or both; (i) Identification of licenses previously granted to applicant under federally owned inventions; (j) A statement containing applicant's best knowledge of the extent to which the invention is being practiced by private industry or Government, or both, or is otherwise available commercially; and (k) Any other information which applicant believes will support a determination to grant the license to the applicant. ===================================================================== APPENDIX E: DAN BERNSTEIN'S POSTING AND FORM LETTER =================================================== The following is a recent posting to sci.crypt by Dan Bernstein. It provides two form letter that can be used to apply for a DSA license. The first letter requests a personal license. The second requests an implementer's license. Dan's letters seems to provide all the information required by some sort of US code. I don't know which one though. Certainly the information provided seems very similar to that specified in 37 CFR 404.8 (see Appendix D). Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb(a)silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to use DSA? Apply for a personal license from NIST! Message-ID: <13176.Jul2706.22.0393(a)silverton.berkeley.edu> Date: 27 Jul 93 06:22:03 GMT Organization: IR Lines: 103 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you want to guarantee your own rights to this technology? You can! It's free, if you can spare a stamp. Attached is a form letter you can send to NIST to apply for a personal license. Put in your own name, address, country, and the right date; print it out; read through to check it over; sign it; and drop it in the mail. You don't have to get everything right the first time---NIST will contact you if they need more information to make a decision. And, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for a personal license to use the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a personal license allowing me to implement and use DSA. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to use DSA to attach digital signatures to a variety of electronic documents, primarily for authentication. I plan to use DSA implementations, initially in software but perhaps later in hardware, from a variety of potential future sources. Investments: I may spend many hours programming a DSA implementation. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement and use DSA only in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Please note that PKP has stated its intent to make DSA free for personal use. Therefore, if NIST grants PKP a license and PKP acts according to its stated intent, there is no harm to anyone if I am granted this personal license. However, I do not trust PKP to act according to its stated intent, and I do not want to have to apply for a license from PKP even if it is royalty-free. So I ask that you grant me a license directly. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb(a)silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to publish your dsa.c? Apply for a license from NIST! Message-ID: <13238.Jul2706.22.3993(a)silverton.berkeley.edu> Date: 27 Jul 93 06:22:39 GMT Organization: IR Lines: 101 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you have a free DSA implementation, or have you been thinking of writing one for the benefit of the net community? Do you want to guarantee your users the rights to this technology? You can! It's free, if you can spare a stamp. This is another form letter---just like the personal license application exhibited in my previous message. You should make sure to apply for a personal license. Once you've done that, follow the same instructions for the implementor's license. Once again, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for an implementor's license permitting me to sublicense the use of the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a license allowing me to let others freely use my implementation of DSA, i.e., allowing me to sublicense the use of DSA at no cost. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to create a source-code implementation of DSA in software, using computer resources which are already available to me. I plan to give this implementation to anyone who asks, and perhaps to publish this implementation via electronic or non-electronic means, for study and use by the academic and non-academic communities. I hope to have people hear about this implementation by a variety of means, including word of mouth. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement DSA in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Let me emphasize that this is not a commercial license application. I do not intend to collect any fees for the use of this implementation. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] ===================================================================== APPENDIX F: THE LPF ANNOUNCEMENT ================================

1 0