Let's not get carried away here. Netscape's done a lot for privacy, and every indication we have is that they'll continue to do so. They've introduced strong crypto to the consumer software market for the first time. Giving users control over CAs says a lot about where Netscape is coming from -- it's an obscure thing for which there was no public demand, and which might hurt Netscape's position by opening up the market to competitors. But it destroys the choke point which would have made it possible to impose GAK. Our interests and Netscape's interests coincide. Netscape needs to export strong crypto to be competitive in the global marketplace. As a consequence, Netscape has been making public statements pushing for unrestricted exports of strong crypto. I have no doubt that they're pushing hard for the same thing in private discussions with government officials. Where do people think things like the recent statements from Ron Brown come from? Big companies -- like Netscape -- have ongoing dialogues with the Commerce Department, and apparently they've been pushing for exports. In and of itself that statement wasn't much -- nothing has changed. But it's a sign that the tide is turning. Parts of the government are starting to admit that we're right, and that giving people free access to strong crypto is in everyone's best interest. That's important. But at the same time, it's important for companies like Netscape and Lotus to know that we'll do everything we can to make it painful to back down on these issues. What Lotus is doing is wrong, and we have to do whatever we can to make their decision painful to them. It's absolutely essential that we do whatever we can to make the right decision less painful than the wrong one. We don't have a lot of options in terms of strategy. An immediate, strong, and strident negative reaction may not be the best weapon imaginable, but it's one of the only ones we've got. To those of you who work for these companies, and who are pushing for what's right -- don't take it personally. We have to do it. The Lotus approach is totally unacceptable. A 64 bit key is only a 40 bit key when your opponent already has 24 bits, and a 40 bit key just isn't good enough. But Lotus' plan is much worse than another plan which only provides 40 bits of security. Anything that involves government storehouses of keys is extremely dangerous. Lotus is doing everyone a big disservice when they pretend that this is a step forward. It's gak, and it's not just a proposal anymore -- it's real this time. This is the first wave of guys hitting the beach. Netscape is never going to convince everyone that they're on the right side. Some people will never trust a large company, no matter who works there or what the company does. But by widening the scope of its public efforts on behalf of privacy, Netscape could generate a lot of good will and do a lot of good for its own interests (and its bottom line) as well. It would be good for everyone if Netscape took a more aggressive political stand for free access to strong crypto. How? Expand the crypto coverage on Netscape's web server. Hire a full time person to write about crypto technology and issues. Put a link to the site on the Netscape home page. Netscape's home page links are the most visible on the net -- use them. Get together with companies like Sun and Microsoft to form a lobbying and publicity organization similar to the Tobacco Institute. (I know that's a bad example -- many people think the Tobacco Institute is an evil organization. But it's a good tactic.) I'm personally a little frustrated by the timidity of industry's response. I don't understand it. Netscape's interests are clear, their voice is loud, and their resources are vast. Where's John D. Rockefeller when you need him?