:) David Sternlight <david@sternlight.com> opines:
I am not on the Cypherpunks list. Given the tone of some posters I don't' see that as a useful list.
I wonder who won the pool on how long you would last before departing in a tiff. :) But I digress.
You already made this argument. It could have been (and perhaps was) made in court. Despite that the patent was upheld. That is "I am right and the court is wrong."
I think that regulations which permit applied math to be patented are counterproductive, as do many other countries. Given that such regulations are in place in the United States, one would expect them to be upheld by the courts. Whether any of this is "wrong" in some abstract sense is a religious debate, in which I am uninterested. Let us examine the two statements: I. Certainly, given what was known at the time widespread data communications created a commercial demand for secure communication over insecure lines, a person setting out to create a software solution to the problem, knowing what was then known about cryptography, trapdoor functions, and other techniques, would almost certainly have employed modular exponentiation or discrete logs to solve the problem. If RSA hadn't been patented at the time it was, it most certainly would have been independently discovered by multiple individuals and widely employed, without the present licensing restrictions. Prior published works on cryptographic trapdoor functions involving the factoring of composites and possibly even encryption by modular exponentiation existed long before the RSA patent. II. Obvious prior art sufficient [in the current regulatory environment surrounding patents in the US] to invalidate the RSA patent in court has never been published. Now, given that these two statements are not opposites of each other, one is not going to refute the first by stating the second, no matter how big a bullhorn one employs.
There is a huge difference between "prior art" and "invalidating prior art" under patent law. Indeed, to invalidate the patent, it would have been necessary not only to find a description of the mathematical methods used in the construction of the RSA algorithm, but also a claim for the specific use for secure communication over insecure data links.
It seems to me you are agreeing with my comment here.
I have only argued that obvious prior art exists. I have also stated that I would favor a regulatory climate in which such obvious prior art would preclude a patent being granted. I have never stated that we currently live in such a regulatory climate. In fact, we do not.
Pretty far-fetched response. They tried to overturn the patent on grounds of prior art. They failed. End of story.
Many words, like "prior art," have specific legal meanings which differ from their common English usage. Kind of like economists arguing that there is no "demand" for food by poor people, because they have no money with which to purchase it. I use the term "obvious prior art" to mean prior publication of the essential methods and techniques with which a technically skilled person, given the same problem to solve, would arrive at the same or a similar solution. Put two graduate students at opposite ends of a wire, with the world's prior-to-1977 writings on cryptography, trapdoor functions, the intractablity of factoring the product of primes, and the modular exponentiation problem. I suspect the RSA Public Key Cryptosystem would not be long in emerging, even if one employed particularly dense graduate students. That is what I mean when I use the term "obvious prior art."
Again, it seems you've conceded my point here. What part of "nobody" don't you understand?
I was proceeding upon the assumption that the enumerated "points" you claimed I was making were ones with which you disagreed. If that is not the case, I am prepared to declare early victory. "Nobody could afford to litigate [against RSADSI]" is misleading, as even the wealthy don't employ the expensive option, when a cheap one is available. Besides, I have never contested that the current regulatory climate supports the patenting of things like RSA even in the presence of prior publication of the essential mathematical elements.
6. Anyone can patent anything and nobody could afford to oppose them (N.B. Presumably not IBM, not DEC, not DuPont, ..oh well, you get the idea)
Yes, David. Practically anything can be patented. The power of patents is in defending them, not in applying for them, or in receiving them.
Again you concede my point by ignoring the operative clause. What part of "nobody" don't you understand?
There were plenty of companies who had the financial power to squash RSADSI like a grape, and probably change the regulatory climate as well. There was no incentive for them to do so, and they probably have applied mathematical patents of their own which they are fond of. Had RSADSI sat on the patent, and refused to license it to others, both they and their patent would probably have had a very short life span.
7. Rich, smart companies with big legal departments license bogus patents rather than litigating.
Well, that depends on how you define bogus. I consider patenting applied math to be bogus. Your mileage may vary.
RSA didn't patent applied math. They patented processes which may use, or be described in part with applied math.
Yes, the "method and apparatus" transformation.
The facts are that rich, smart companies litigate patents all the time so your contention is false on its face.
They rarely litigate patents where the cost to litigate is enormous, the technology may be cheaply licensed, and the chances of success, or of even trying to explain the topic to the average layman, are minimal.
Someone who responds to a one line comment about the mathematical underpinnings of RSA being previously known, with several multipage essays whose central thesis is that such a claim cannot possible be true, because the patent would have been invalidated by the courts, is a troll who either understands nothing about how patents work, or is blowing a foghorn on behalf of the patent holder.
Another guilty plea.
Well, I suppose Vin could just be a bored essayist in need of something to practice on. (Snicker)
9. If someone takes the time to oppose me, someone must be funding him.
Vin has already outed himself as someone who has done work for RSADSI. He has vociferously defended various key recovery schemes implemented in their products against critics. This, combined with his rabid insistance that the RSA patent is something novel and unique, does equate to what some of us might describe as a "vested interest" in the matter, directly funded or not.
Another failed refutation. Your words were unequivocal.
I think you are having some difficulty separating out the sarcasm here. Besides, the suggestion that Vin has a vested interest in defending the RSA patent hardly translates into an assertion that everyone who disagrees with me on some subject is someone's paid agent. Abstraction from the specific to the general is not an accepted tool of inference. You, for instance, are probably quibbling for entirely different reasons.
I think the problem with most of your post is that you have taken the odd exception or the odd passing issue and tried to make them out to be the general case; in short your post was highly overblown as well as redolent of personal attack. Had you discussed the issue more temperately in terms of your factual claims it might have been more useful.
That sometimes happens when one party "summarizes" a flame war, and posts it elsewhere. Deal.
10. The patent office never refuses patents on "method and apparatus" except in the case of perpetual motion machines.
Patent examiners generally rely only upon the material presented with the patent application when reviewing it, and expect people to do their own searches, and correctly cite related patents. Litigation is generally the means by which patents are challenged, not by the patent office refusing them, except in extrordinary circumstances, perpetual motion machines being one well-known example.
See above. You were unequivocal.
"Practically anything" is not unequivocal, and is a correct description of the current patent review climate.
There may be cases of the sort you refer to, but it is not a general argument which can then be applied to the case of the RSA patent. You have repeatedly make the logical error of claiming that a specific proved a general, and then applying the claimed general to a different specific.
Vin alleged that RSA being granted a patent proffered compelling evidence of the unique worth of the thing being patented. It is correct to apply general comments about the patent-granting climate to this specific case. For a better example of confusing generals and specifics, you may re-read your own comments on "if someone opposes me, someone must be funding them" above, incorrectly abstracting my comments about Vin to the general population. :)
11. Security Dynamics is paying for those who oppose me.
I merely asked if Vin intended to bill them for the time he spent writing his rants. A rhetorical question.
GIven the rest of your post, the inference was direct. If you did not intend to imply that, you should not have used that languaging.
Bzzzzzzzz. Wrong Answer. And we will have to deduct additional points for abstracting again from Vin to the general population vis a vis "Security Dynamics is paying for those who opppose me." The best you can get on this mid-term is now a C. :)
12. Such opposition is "a tirade".
Suggesting that I would have to retire my nym after criticizing the RSA patent and taking several pages to say a paragraph of material certainly qualifies as a tirade in my book, especially when combined with a lot of irrelevent innuendo unrelated to the topic being discussed.
Since most of his post was factual, it was not a tirade.
Most of the factual material refuted nothing I was claiming, and refuted things I wasn't claiming, such as Jevon's book containing a complete description of PKC, as opposed to being the earliest known work which contained something related to the topic. Again, an attempt to impress people with the volume of the evidence, rather than with its quality, which when combined with the occasional snide remark, meets my definition of "tirade."
You are trying to discredit the bulk of his post with a characterization of a small portion that doesn't apply to the whole, and may not even apply to the portion.
His post is discredited because it fails to address any of my points about the RSA patent, and instead argues forcibly for a collection of self-evident surrogate issues, carefully selected for their ability to be easily confused with the real ones.
13. No corporations are buying products with GAK, key recovery, etc. (N.B. in That is what "no corporate demand" means).
To an economist, perhaps. It would be more accurate to say that demand as a function of whether such features are included is a pretty flat function.
You didn't say that. You said "no corporate demand". I understand the word "no" because English is my mother tongue.
"Demand" in common English usage means that something is being clamored for. In Economic terms, it means half of the phrase "supply and demand" which is something entirely different, said economic demand existing for anything which is purchased.
that the demand curve has a particular (flat) shape, did you make that up or did you rely on empirical evidence?
I believe that surveys by privacy groups long ago showed that GAK/Key Escrow/Key Recovery was not being clamored for by corporate America, although attempts were being made to incentivize it by the intelligence and law enforcement communities.
Your statement that "demand as a function of" X is a pretty flat function is also nonsense economics. Perhaps you meant to say that the _quantity demanded_ is invariant over whether these features are included or not.
I was using "demand" in its ordinary English usage. You were using it as an economic term, in an attempt to call the mere fact that GAK/Key Escrow/Key Recovery-enabled software was purchased at all "demand" for it. Which, to use one of Clinton's favorite phrases, was "technically accurate, although misleading." :)
Or perhaps you meant to say that the demand curve as a function of X was 'one-to-one onto' itself.
Uh, no. That was definitely not what I was saying. I don't think it is what you are trying to say either, but thanks for using "1-1" and "onto" in a sentence about functions.
To test your hypothesis, you'd have to show that if two versions were offered simultaneously, one with and one without X, no corporate buyer would prefer the version with X.
That would kind of depend on how "X" was priced, would it not? If you give things away for free, people will probably take one in case they need it someday, as it costs them nothing. This does not equate to "demand," or "clamoring."
I leave the reason that would the the dispositive experiment as an exercise. Hint: It's utility economics.
Hint: It's not quite English.
14. Someone who opposes stronger escrow/GAK/key recovery than RSA is offering must be suspect.
Your point here eludes me.
You said that he opposed escrow/GAK/key recovery except up to the point offered by RSA. That translates as he opposes such things if they were stronger than those offered by RSA. Nothing suspect about that--he simply agrees with the decision point RSA chose as to how strong to make such things.
That's one possible explanation. To test your hypothesis, we should see how well Vin's agreement tracks RSA's inclusion of additional encrow/GAK/recovery features in the future. He may have to change the name of "The Privacy Guild" to something less impressive.
I could go on ...
And you usually do, and on, and on, and on...
And now you're diverging from the facts and logic of the matter to personal attack. It reveals the same flaw that invalidated your original post.
I'm sure you've been attacked before, by people a lot less nice than myself. :)
I simply believe that patents on applied math are inappropriate. Given that they are allowed, it seems silly to cite the fact that the courts uphold them as evidence for anything, particularly claims that they are new, novel, and non-obvious.
Had you said that we could have had a rational discussion. Points in the discussion would have included:
1. Even patent law agrees with you; the RSA patent is a process patent and not a patent on applied math.
Hmmm. Well, patents on pure math are not allowed, ergo, math must be suitably transformed in order to be patented.
2. Patents purely on applied math, are, as far as anyone here knows not allowed. You may exponentiate to your heart's content as long as you don't practice the RSA algorithm as part of a crypto system.
There is a fundamental difference between telling me I cannot practice modular exponentiation to communicate with people without licensing it, and telling me I cannot make RDRAMs without licensing that. I am unlikely to replicate the RDRAM design by accident. I am quite likely to derive a given bit of mathematics given the application for it. If RSA can be patented, why not something like Householder transforms, or cluster analysis, or the quadratic formula? Sounds like the slippery slope to me.
3. The court didn't uphold a patent on applied math; it upheld a process patent on a crypto system that, among other things, uses applied math. So does almost any engineering design.
There is a fundamental difference between a physical machine whose design required the use of mathematics, and an abstract mathematical transformation, which may exist only in an instance of some computer program performing a certain task.
4. The particular process patent was found to be new, novel, and non-obvious. There was ample opportunity for Cylink to try to refute that. They failed. End of story.
Again, returning to the top of our discussion, the existence of "obvious prior art" for RSA in the common English sense meaning of "obvious prior art" has little to do with whether patents are upheld in the current regulatory climate in the United States. It would be simple to test your hypothesis, by simply giving trapdoor functions replete with useful identities to two people, and telling they have to construct a common secret unknown to a third party monitoring their communication. I cannot imagine a technically skilled person taking very long to make the transition from some "one-way" functions, to a practical implementation of D-H, RSA, or whatever. That would be my definition of "obvious."
Now we've discussed all the above substance before, and my purpose in reciting the four points isn't to re-open the topic, but to show that your definition of what the topic is is simply incorrect.
My posts. My topic. Your posts. Your topic. Works for me. :)
Given that, I don't propose to discuss the above four points yet again. They aren't there to reopen the discussion, but to show that your statement of the issue is inaccurate.
My statement is point "I" at the beginning of this message. Please re-read it and tell me whether or not you agree with it. -- Sponsor the DES Analytic Crack Project http://www.cyberspace.org/~enoch/crakfaq.html