The company I work for forbids its employees to discuss crypto issues in public forums like this one. That's why I only post anonymously. They have several concerns. One is the still-existent crypto export regulations which could be construed to forbid technical discussions of cryptography in public forums accessible to foreigners. Another is the danger that the employee might say something which could embarrass the company, such as admitting problems in the company's products. Employees may also find themselves talking to customers of the company and say things different from what the sales representatives are telling them, which leads to huge problems. There are actually many valid reasons to keep employees from talking publicly about technical issues in any field related to their employment. Add to this the many political and legal issues that are specific to cryptography and it is unsurprising that so many companies restrict what their employees can say, as a condition of employment. One thing I haven't heard in the Geer case is whether his employment contract did have such limitations. If not, he might conceivably have grounds for a wrongful termination suit, although even then the company could make a pretty good case that bad-mouthing one of the company's biggest customers is valid grounds for dismissal. It's also interesting that Geer claims in an interview [1] that he approached nine differrent academic researchers who refused to sign on to the report even though they agreed with its recommendations, because they were afraid of losing funding. I find this somewhat hard to believe, first because I don't agree with the conclusions of the report (although my analysis has been censored), and second because I don't think that Microsoft controls that much academic research funding. It's possible that Geer is exaggerating or that the researchers were not completely honest about the reasons for their lack of interest. [1] http://www.eweek.com/article2/0,4149,1304620,00.asp