Dr. Zaphod writes, commenting on Jim Bidzos' e-mail to Stanton M.,
For a guy who claims to want to help us Cypherpunks in the way of personal encryption, scare tactics seem a little out of place. I'm sure we'd all like to use legal encryption methods [maybe]... but we ARE Cypherpunks.. giving us the responsibility to use what's best and defend our rights for privacy. Using a package that hasn't been updated in 5 years [MailSafe], we have diminished to politically correct yippies. I;m not sure quite what to do.. but I saw Jim Bidzos on a magazine once.. and he looks like a fed. By playing the game we are becoming part of it. TTFN.
* The scare tactics may have been somewhat too harsh, or at least phrased in typical "cease and desist" lawyer terms, but Stanton _did_ post his announcement very prominently and widely in sci.crypt, where everyone could see it. RSADSI was pretty much forced to react, lest they later find their patents/copyrights/whatever ruled invalid by their failure to protect them. Most PGP sites are less well-advertised :-}. * I agree that PGP has a feature set (especially its distributed trust model) that is more interesting than the creaky old MailSafe program. There may be several solutions brewing here, as several postings in this thread have noted. * As George Gleason has also noted, dividing our community may play into the government's hands. (Some may think I'm trying to fragment the PGP community with these comments. Not at all. PGP has done a valuable service in educating hackers, users, etc., and in energizing the community. But keeping crypto "underground," as by nature PGP must be, is not what we want, is it?) * I once thought RSA Data Security Inc. was NSA-controlled. This was in 1988 or so, when I tried to buy a crypto package from them and got the run-around ("Don't call us, we'll call you."). It seemed natural, to me at that time, that the Agency would control such a crucial technology. This opinion didn't last too long, as I got more familiar with the crypto community. Now I'm convinced otherwise, and that Clipper/Capstone is in fact the government's way of gaining control of a technology they failed to classify and control the first time around. (To be sure, the export controls and other legal restrictions are a way the Agency and others control the spread of strong crypto, but so far there has been no basic challenge to the "right to encrypt." Many of us see Clipper as a probable move in this direction. Time will tell.) After meeting many of the principals, including some early investors (like Alan Alcorn, of Atari fame, at the Hackers Conference), I came to a different conclusion: RSA Data Security was just concentrating on the "big deals" which are only now coming to fruition--the zillion-copy deals with large companies like Apple, Microsoft, Lotus, etc.. This market is vastly larger than the PGP community, which may be as "small" as several thousand copies (does anybody have any better guesses?). And it turns out anyone _can_ buy a personal encryption package from RSADSI...it's called MailSafe. In 1991, I stopped off at the offices of RSA in Redwood City, while on my way to Lake Tahoe to the Hackers Conference, to pick up my copy of MailSafe and ran into Jim Bidzos. We talked about PGP (1.0 in those days) and about the upcoming Hackers Conference. Jim made an interesting offer: Anyone at the Hackers Conference could buy MailSafe for $50, just by saying they were there. This fee barely covered the manufacturing/packaging costs, as I'm sure you all know. So far as I know, a handful of people followed up. (And I agree there's a perceived problem that no one, especially in our community, uses it. That's why I have both a MailSafe and a PGP key...I figure I'm pretty safe against any legal charges, as I can always wave my MailSafe license in the air!) Several other conversations have convinced me that Bidzos is not a Fed. Also, his company has sponsored two excellent (and *free*, by the way!) conferences on crypto, featuring speakers from outside his company (such as Mark Riordan of RIPEM fame) and talks highly critical of the "Digital Signature Standard" (DSS), which the real Feds were pushing as a weak alternative to RSA digital signatures. (By the way, DSS is part of the new Capstone system, unsurprisingly.) * I'm not a lawyer (which is why I'll cc Mike Godwin and Lee Tien on this response), but my understanding is that the RSA patents cannot just be licensed on a "per person" basis...that's just not the way patents work. That is, we can't just pay RSA a quite reasonable $50 apiece for a perpetual license to the patents and be done with it. Instead, each product that uses the patents must be separately licensed, as per patent laws. (This doesn't mean the fee is anywhere _near_ the $125 for MailSafe, the $50 fee I suggested here, etc. I suspect the deals with Apple, Lotus, etc., resulted in _much_ lower fees, perhaps just a couple of bucks per user. Just a guess.) * A "personal encryption" product, for users who don't use commercial e-mail products such as Lotus Notes (which contains RSA), is sorely needed. The PGP distributed trust model and other features, combined with a fully legal "crypto core," could be a real success. (Personally, I'd like to see a commercial version of "Eudora," the Macintosh off-line mail reader I now use, with easier (push-button, automatic) support for PGP, RIPEM, etc.). * The upcoming battle for strong crypto is as important a battle for civil liberties as our generation will ever face, in my opinion. The precendents set in the next several years will shape this country (and other countries, by extension) for many years to come. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime