On Sat, 2 Dec 1995 20:16:08 -0500 (EST), Black Unicorn <unicorn@schloss.li> wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case.
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
If you read what they had to say about this, you know that they are hoping others will create non-escrowed crypto hardware using the same interface. I see no reason for them to not include support for any available hardware system (even if it includes GAK), as long as they continue to support non-escrowed encryption internally. This allows the customer to decide that they have no problem with GAK and use the external system, or use the internal system and not have GAK.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
We have recently hired a government liason person to manage our policy discussions with the government. He is one of the people that will be talking to congressional and white house representatives next week. I don't know if we have made use of any outside lobbying firms.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
Until the current policy is clearly defined it is like a moving target. Once the government has been pinned down to a single policy, it will be much easier to dispute their policies. Currently the government can say anything they want about their enforcement of ITAR, because they have not stated a clear set of rules with regard to it. Once they have set clear rules, those rules can be shown to be overly restrictive or even unenforceable. Also, lawyers usually advise clients based on a worst case scenario, thus when the government is unclear on its rules, the lawyers advise their clients based upon the worst possible interpretation of the law. This is done to protect their client. By not stating a policy, the government is making that worst case happen, without having to be the bad guy by actually attempting to enforce such a policy.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?"
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
I think you are being too critical, they have done more than any company I know of to make easy to use crypto widely available. They may be willing to obey the laws if they require GAK, but I do not feel that they are just rolling over either. I strongly oppose GAK, but I do not believe that no crypto is better than GAK crypto. I would rather keep some people out than nobody out. Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche