On Sun, 3 Dec 1995, Anonymous wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Jim Clark was quoted as having written:
I made some pragmatic comments.
I said that if we are to use this encryption technology in business, we must have a better solution than to limit keylength or put keys in escrow. All governments of the world have a valid concern about terrorism and other activities of concern to the security of their nations.
So what? If their position were (as it has long been in some countries) that their "concern" is best addressed by wholesale eavesdropping and informant networks, would you cave to that, too? This is an absurd foundation.
Worked great in France, right? No terrorist problems there or anything.
All of them will continue to restrict our ability to provide products to their markets unless we build in some mechanism that allows them to legally access information that is in the interest of their national security.
Whoa! You're giving away the store without a fight! You've been able to capture what, 60-70% of the browser activity "market" and get a huge amount of capitalization from the public market, and you're whining that the world's going to end if government "restrictions" continue, just because those restrictions might slow down your commercial world conquest? Give me a break!
Mr. or Ms. Anonymous here has hit on the nose what irritates me about Netscape's attitude. For them opposing GAK is not voluntarily installing it into their software, sending a lackey (who may or may not know squat about how to schmooze washington and beltway fever types) to babble at a conference, and generally snowjobbing the educated portions of the marketplace by claiming to be on their side in opposition to GAK. I am reminded of a certain dictator of a certain canaled nation who's anti-drug rhetoric was the strongest voice in Central and South America for a time.
LET THEM CONTINUE to restrict! That will take care of itself quite handily. You're just afraid you'd miss some opportunities, or be one of the commercial casualties, isn't that right? Isn't that what this is really all about?
I think it's more about laziness actually. Netscape would (should) see quite quickly that key escrow is going to hurt them in the foreign market, and to some extent in the United States. One would expect them to discover this and be screaming bloody murder. As I have said before, as I will repeat, I'm sure the list is tired of my babbling, Netscape has a voice. If Netscape were to scream and yell that GAK is unacceptable, people would take notice. What does Netscape have to lose exactly? If they still make GAK the law of the land, Netscape is, of course, probably going to comply. _What does that have to do with trying to prevent it from ever being made the law of the land?_ I am saddened that the company which has so much power today to further the technology, the freedom and velocity of information, and privacy, is such a bowl of pudding.
And a valid concern, too, but not at the expense of my freedom! It seems clear from the way you put this that world standardization at ANY level of security would satisfy your commercial objectives.
Which is a silly objective considering the inviability of a NSA designed escrow system in any foreign market.
(We obviously cannot be involved in determining what is legal by the laws of that country.)
Determining the falsehood of this statement is left as an exercise for the reader.
This is not just a US government problem. Until recently, France did not even allow us to sell products with 40-bit keys, much less 128-bit keys.
And some of us think that such idiocy, like celibacy, is a self-correcting phenomenon in this information age.
Why any company would model their efforts after the French government is a complete mystery to me.
A lot of ordinary citizens are rightly concerned about their own privacy.
Here comes the snow job.
I am one of them.
It's going to be a white christmas honey.
I do not want the government to snoop on me,
Did you buy road salt?
but in fact the government, through the FBI, can now tap my phone without my knowing it by simply getting sufficient evidence that I am conducting illegal activities, then presenting this evidence to a court to get permission. I have no say in the matter.
Gee, let's make sure they can do it for Netscape too!
If we as a company were to take the position that in no case will we allow a government to get access to our encrypted messages, or refuse to allow key escrow with our products, the governments of the world will quickly put us out of business by outlawing the sale of our products in their countries.
Wow. Where did you learn your economics? In the alternative, where did you learn your propaganda skills? This sounds like School of the America's Stuff.
I believe you have underestimated the power of a leading-edge 21st-century information product that is "Not available where regulated." I think you're copping out and looking for the easier, "Now with the best encryption available! (because no one is allowed to offer better)"
In fact, if Netscape really wanted to do well, they should be promoting their product, which I might add has a strong showing in the 18-24/5 bracket- precisely that bracket likely to fret over government involvement, as "Crypto so strong, it is banned in (x) countries!"
The fundamental issue is how do we accommodate the requirements of governments, while protecting our rights as citizens.
WOAH! Now I'm REALLY pleased I sold my stock. They bloody well SOUND like the NSA.
None of this represents the position of Netscape with respect to what we will do.
Perhaps, perhaps not. It sure seems to represent the attitude we can expect even from the 'pro crypto' types in Netscape. If this is the limit of your potential....
But if we do not come up with a solution to this problem that is acceptable to each government,
There it is: Supine, prostrate, submissive.
Jim, and Netscape in general, simply has no idea what-so-ever what kind of sword they are carrying. Someone needs to give them a shot of something.
In fact, we could even be ordered by our own government to establish a key escrow system for its use inside the US.
The way you are going, you will. Why, as you sound so upset about this, aren't you DOING something? Why aren't you out behind a podium pounding your shoe with: "We will not accept GAK, it is wrong, we will bury you." The time for submission and kissupping, for which there will be MUCH time, as AFTER GAK is mandatory. (Some might argue that this is the time for work to have it repealed, but they don't know much about institutions in the U.S.)
Ironically, anyone in the US may import unbreakable encryption technology from another country -- we just cannot sell it back to them. No one ever accused the government of being rational.
This is the clearest thing you've written in the whole piece
He is confused. He knows the issue, he just doesn't know what to do. Like a child with a firearm.
I chair an industry group called the "Global Internet Project", with members from almost twenty companies, including companies from Asia and Europe. This was the central issue we all agreed upon this morning, and we are putting together a policy statement whose purpose is to educate lawmakers on the importance of quick resolution of this matter.
Wow. You have done more damage than you know. A quick resolution is going to be in your detrement. "Diamond, oh Diamond, you know not the mischief done." --- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information