I recently sent a version of this message to Stanton McCandlish in response to EFF's call for support on the Cantwell bill; he said you people would probably be most interested in the idea. I was planning to sit quietly for a few weeks, watch the list, and make sure it's not just old news here before opening my big mouth. But seeing the volume of the list I may not last that long, so I'll post now. :-) --- It seems like the most effective way to fight Clipper would be to ensure that by the time the government has a chance to impose any effective controls, strong public encryption is in wide enough use to make such controls completely unenforceable. While encouraging people to always encrypt their E-mail might seem the most straightforward way to do this, most people just aren't interested enough and don't see a threat in leaving their mail open, and encryption is still inconvenient. An approach introducing encryption into some other aspect of information transfer, where it is more immediately and obviously useful, might be more successful in the short term. One of the most popular uses of the Internet is for distribution of free software, both in binary and source form. It would make the lives of many people much easier if the downloading and installation process could be made more automatic. Right now if I want to always have the latest version of GCC on my Linux box at home, I have to watch the right newsgroup for announcements, FTP to the right site, download the new version, unzip, untar, and install it (not to mention compiling it if I get a source code distribution). This is not too bad by itself, but it gets inconvenient on a "real" system containing hundreds of packages to be kept up-to-date, a new version of one coming out every day or two. It shouldn't be too difficult to automate this monitoring, downloading, and installation process, especially for binary distributions that require no complicated configuration or build sequence. But suggest this to most anyone, and they'll immediately get jittery with fear about trojan horses, viruses, and every other attach known. This is where encryption technology (specifically, public-key-based signatures) could come in. Unlike with E-mail privacy, where most people don't get a really tangible benefit, in this case encryption could be a real enabling technology: it would allow people to do what they couldn't (or wouldn't dare) do before. If it was done right, in a way that people can trust, people _would_ use it because it would make their lives easier, not more complicated. Before I get into any more detail, I want to hear what you all think about the general idea, so I'll leave it at that for now. Thanks! Bryan Ford --- Bryan Ford baford@cs.utah.edu University of Utah, CSS `finger baford@schirf.cs.utah.edu' for PGP key and other info.