To: cypherpunks@toad.com A Legal Way To Use RSA ---------------------- There is a LEGAL way to establish the free use of PGP and the RSA algorithm by anyone who wishes to preserve their constitutional right to privacy. No licensing or fees are involved. The RSA algorithm is not copyrighted software, it's a patented technique (presumably in the form of a mathematical algorithm). Under patent law, it is legal to manufacture anything that someone has patented for your own use. If the item is an improved can opener, for example, then you can make one for yourself directly from the patent office drawings if you like. You cannot offer them for sale. So anyone is free to create a computer program which utilizes the RSA algorithm so long as it's just for them. All mathematical equations, no matter how large and complex, consist of smaller terms or sub calculations. In the instant case of the RSA algorithm, these smaller terms consist of prime numbers, Euler's quotient function, and operations like calculating the greatest common divisor and modular arithmetic. It's all about as patentable as long division. No one could be prevented from using such ordinary mathematics. PGP performs other tasks besides RSA related calculations. It supports IDEA and XXENCODE which are in the public domain. So it's only necessary to rewrite the RSA section to avoid conflict with the patent. This could be accomplished by arranging the section into a few mathematical modules or "building blocks." These could then be rearranged by the user into several different configurations for encryption ------ with only one supporting the actual RSA algorithm. After all, large prime numbers can legitimately be used as keys for almost any encryption technique and the arithmetic operations may be called as subroutines for a variety purposes. By stacking the un patentable "building blocks" into the particular sequence which implements the RSA algorithm, the users would, in essence, be employing their own tools (the computer and it's software) to create a copy of the RSA algorithm for their individual use. Programming skills would not be required since the inexpert user could simply employ a setup program and select from a menu of different encryption modes. Alternatively, a DEBUG script could be circulated separately to appropriately reshuffle the object code. Legal action to prevent such a program from being distributed could be very difficult. What reasonable argument could be set forth against someone using the mathematical functions? Arguing that someone -might- use the program to create RSA would make no more sense than arguing that a drill press -might- be used to make a patented can opener. Besides, if it's legal for someone to make their own can opener, how can it be illegal to sell them the tools and materials to do it with? Providing instructions on how to do it can hardly be attacked because the U.S. Patent Office, itself, publishes the plans (technically, they appear to violate the law whenever they send copies outside U.S. borders). By now, you get the point. There's a well anchored legal loophole in the patent law big enough to sail a ship through. It may render patents of formulae used in computer software worthless (as they ought to be). I sympathize with Public Key Partners. The venture must have looked awfully good on paper, but their position is fundamentally untenable. Sooner or later the subject of their exclusive rights over RSA will reach the courtroom. There is legal precedent for allowing private corporations to market products developed with public funds. However, a case might very well be made that MIT erred in granting an exclusive license. It would be to the greater public good (the underlying principal) to release RSA into the public domain so a range of competing businesses could provide it to the public. Because the right to privacy is involved, rather than valves for a rocket engine, a federal court could take licensing entirely out of Massachusetts' and MIT's hands if any federal funds could be traced to RSA's development. Once in court, it will make the newspapers. A private company profiteering from something the taxpayers paid for ----- denying privacy to the average American with heavy handed tactics. The simple fact is, I don't like it and I have a feeling most people won't like the sound of it. The press, a major user of electronic mail and a jealous guardian of sources, is not likely to take a sympathetic stance. There is a large organized body of opposed computer users poised to launch letter writing campaigns and many congressional "waste slayers" are apt to show real interest in the matter. Foundations which fund lawsuits on freedom issues abound. As courtroom and legislative arguments are raised against the license or patent, what foolish company is going to risk paying the license fee? The RSA license quivers on a bowl of Jello. I know financial misadventure when I see it. I'm glad none of my money is invested in Public Key Partners. Bon Voyage!