-----BEGIN PGP SIGNED MESSAGE----- Tim May, 12/3/95, 2:22 PM :
My thesis is that both Netscape and Microsoft are in positions at this time to either do the right thing (tm) or to help build in the tools for a police state, an Orwellian surveillance state.
Gee, Tim, this is *your* thesis?
Netscape, being the dominant browser company, and Microsoft, being the dominant OS company, are in special positions to "build in Big Brother." I'm not claiming they are, just that they are clearly in a position to make it technologically more feasible to make non-GAK illegal. They both need to carefully think about the role that's been "given" to them (whether by fortune, hard work, or being in the right place at the right time) and do what's right.
And?
Strong words, perhaps, but the implications of mandatory key escrow are
Not strong at all, actually.
quite clear. We debated these points for a long time during the Clipper debate, and later when "Software Key Escrow" began to rear its head. I won't repeat these arguments against GAK here, but will take this opportunity to quote from a new book that actually quotes my words:
[self-congratulations deleted]
It is important that such companies as Netscape and Microsoft fully understand that crypto policy will largely determine civil liberties in this country and other countries for a long time to come. And they must understand that they can influence the direction. Bill Gates, after some early waffling, seems to now fully understand the implications of GAK and has written persuasively against it. Jim Clark does not seem to me have thought about it as deeply, or perhaps has views of civil liberties which are not at odds with mandatory key escrow, the "open door policy" mentioned above.
Like many entrepreneurs, he is an opportunist in every sense, good and bad. He has yet to advance -- "graduate" maybe -- beyond that point. NS's stance re GAK is a golden opportunity for Mr. Bubble either to graduate or to get popped: either patted on the back by Papa State or popped in the noggin. When "opportunity" is at stake, he's a shrewd maneuverer; but when pitting his integrity against federal charges is at stake, he's still a kid -- he doesn't see the opportunity in it.
And time is of the essence. Things move very fast. It is no longer the case that a law is passed, then companies respond to the new legal regime with their own policies and products. Companies, especially in high tech, are "partners" from the start, as we saw with the Clipper development (where AT&T had known about Clipper for years prior to the first public announcement, and was cooperating in the development of it, not to mention the other companies such as Mykotronx, VLSI Technology, etc., which were involved in secret for years).
Partner, schmartner: "partners" can be adversarial, and adversarial relations can become *very* adversarial. Here's the question: is the dog gonna wag the tail or vice versa? The USG has, as we all know, demonstrated its infinite capacity to knuckle under in the face of hardened opposition, whether announced or de facto. NS is in a privileged position to drag the LEA establishment onto the mat, with the whole of the American public watching. And it stands to gain from doing so, as do we all. But Mr. Bubble wants to be friends, wants to receive genteel toasts. With the kind of money Mr. Bubble stands to make -- whether from NS or from subsequent ventures -- he should be maybe just a bit tougher. If he's looking for models, names like Carnegie and and Bismarck come to mind. (Note that their progeny *still* have money, not 2 years later but *generations* later.)
It is only sheer speculation on our part (some of us, at least) that negotiations about GAK have been going on with the major software companies. Jim Clark, for example, learned what he knows about key escrow _someplace_, and it probably wasn't from our list or from articles he'd read. I'm betting, but could of course be wrong, that he and other folks at Netscape (and I mustn't leave out Microsoft, Sun, SGI, Apple, etc.) have been briefed on key escrow and that various negotiations are already underway. This would match how things were done with Clipper, and would explain Clark's voiced support for the need for GAK.
On the contrary, it is sheer speculation that negotiations about GAK *haven't* been going on. This shit doesn't happen by magic.
I hope Jeff W. and Jim C. can have some _long_ chats. The stakes are too high for product decisions to be made without full awareness of the implications. The statements from Jim Clark do tend to imply a kind of defeatism, and even Jeff's comments seemed laden with qualifications about "only if the government requires us to." As Hal Finney noted in his post, it's as if the Netscape people are preparing for the inevitable. Maybe it's not an indication that GAK is being considered within Netscape, but maybe it is. After all, one rarely hears "only if we have to" qualifications on things that are truly from out in left field.
Yes.
And what Netscape agrees to put in future releases of its browsers or its servers could have dramatic effects on the whole climate.
Yes. [social darwinism deleated]
Should Netscape play ball with the NSA or refuse to cooperate? I'm not suggesting that Netscape "break the law." Actually, there are *no* laws at present about GAK or about the use of strong crypto within the U.S., and most of us want to keep it that way. Thus, Jim Clark and Netscape could strongly lobby for keeping things the way they are, and could even say "If foreign governments demand GAK, let them build it in themselves--we will not produce the software to run a police state."
NS should implement strong crypto, make it publicly available by FTP and in a box, and see how the USG responds. The public is on its side.
And if export laws demand GAK in exported products, Netscape should "do the right thing" and have two versions. It may add to their costs a little, but it's better than building in the machinery for a GAK law to later be passed.
Yes.
(Explain something to me. I have never, ever understood why it is a concern of the U.S. government that we help build in GAK for foreign governments, that we make sure that products intended for export to France or Syria have GAK that allows those governments to read the traffic of their citizens. And if the concern is that exported versions of software must be readable to the _United States_, then this is a non-starter in terms of sales in many or even most foreign countries! I'm sure France will welcome with open arms a version of Netscape that allows the NSA to read the traffic of French citizens. Oh, by the way, what legal jurisdictions will be involved in obtaining the escrowed keys of foreigners? The answers are both clear and murky, if you catch my drift.)
Because it isn't interested in freedom, here or anywhere else. It is interested in a "controlled burn" distribution of stability and instability. Its willingness to do business with its "enemies" has been amply demonstrated. But your drift is clear, and it is right.
If the U.S. insists on GAK _within the U.S._, as many of us fear is the long-term danger, then all bets are off anyway. But I would hope that Netscape does nothing to make it _easier_ to make this the case!
On the contrary: That's when bets are on. That's when *you* -- and all of us -- might have to start putting our money and our homes in Corralitos on the line. That's when Black Unicorn will upload the papers he claims to have, when I will start wrapping PGP-encrypted mail in pretty-looking wrappers. That's when we'll have no one but ourselves to blame. Not even Netscape.
A viable thing for Netscape to do is to announce forthrightly that it will separate the issue of export from what it sells in the U.S., that there will be NO GAK included in any U.S.-sold packages. The quest for an "all world" version, freely exportable, should not take precedence over the civil liberties issues. And I predict that any slight losses in market share or slight increases in product cost will be _less_ than the effects Netscape will see if their product comes to be associated with "Big Brother Inside."
Yes. But NS should act first, explain second. If NS wants money, that's how to get it.
Enough for now.
Yes. Hieronymous. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMMIHhr3g0mNE55u1AQFI3QH/Y32u8ASp61MPjkaeQJJly7qwQ5BuGNYx XndZMAPBVXJjOr4Mx5BieouM5GG5WgBc1fMTTRrnAJtSHQO3dgwwBQ== =WCJS -----END PGP SIGNATURE-----