From: ross@wattle.itd.adelaide.edu.au (Ross Williams) Newsgroups: sci.crypt Subject: NIST/PKP scandal: All you need to act. Followup-To: sci.crypt Date: 4 Aug 1993 04:21:12 GMT Organization: Rocksoft Pty Ltd. Lines: 1885 Distribution: world NNTP-Posting-Host: wattle.itd.adelaide.edu.au Summary: NIST/PKP scandal: All you need to act. Keywords: nist pkp dsa dss patent digital signature Why It Is Important That You Read This Document and Address This Issue ---------------------------------------------------------------------- Right now there are some fairly significant political things happening in the area of digital signatures that will determine how they are managed for the next two decades. This matters because digital signatures will be a key technology in the future. It is likely that, in the future, most commercial transactions, and most digital communications (including email) will be sealed with a digital signature. In 1999 when J.Random Citizen goes the supermarket and swipes his credit card to buy a chocolate bar, he will most likely be issuing a digital signature. Digital signatures are going to be an extremely important technology in future society, not just in the US, but throughout the world. Because of the propagation of patents through GATT and other agreements, what happens in the US affects everyone. Unfortunately, as far as I can tell, this is a technology that the general public is not even aware of. As a result, the entire legal and political foundation for the technology is being layed down right now by the US Government and other organizations, without much interaction with the outside world. Now this isn't necessarily a bad thing; governments do a lot of good things. However, recent political developments have alarmed many people. A difficulty with the situation is that the issues are rather complex and the approach one takes to them will depend on one's attitudes towards Government, industry, intellectual property, patents and so on. And even if you have firm convictions on any of these issues, deciding what one's position on the issue is, and what one should do can be difficult. It's easy to be a radical and shoot from the hip, and it's easy to be a cynic and do nothing, but I don't like either of these approaches. The only alternative is to think it through properly and make a measured response (which may well happen to be radical!). The document below is my attempt to enumerate the facts, identify the key constraints and issues and identify a number of possible positions and responses. Rather than attempting to "precompile" all this information and advocate a particular course of action, I have provided information so that you can make up your own mind. To this end, I have added appendices containing reference material that you might otherwise have to look up (as I had to). The deadline for action (by fax) is midnight ending Monday 9 August 1993 Washington D.C. time, but it would be best to act well before then to be on the safe side. I urge you, at the very least, to read this document and make up your own mind about this important issue. Ross Williams (ross@guest.adelaide.edu.au.) 4 August 1993. AN ANALYSIS OF THE NIST/PKP DIGITAL SIGNATURE PATENT LICENSING PROPOSAL ======================================================================= Version : 3. Date : 4 August 1993. Author : Ross N. Williams. Net : ross@guest.adelaide.edu.au. Snail : 16 Lerwick Avenue, Hazelwood Park 5066, Australia. Fax : +61 8 373-4911. Phone : +61 8 379-5020 (10am to 10pm Adelaide Australia time). Thanks : The following people have provided me with information: Noah Friedman (friedman@gnu.ai.mit.edu.). Jack Larsen (jl@epsilon.eecs.nwu.edu.). Richard Stallman (rms@gnu.ai.mit.edu.). Dan Bernstein (djb@silverton.berkeley.edu.) Cleared : Cleared for public release 1:18am 04-Aug-1993: RNW. Status : Copyright (C) Ross Williams 1993. However, permission is granted to make and distribute verbatim copies of this document provided that this copyright notice is included. Disclaimer: Where this document expresses opinions on behalf of the author, those opinions are the author's only and are not representative of any organization associated with the author. Note: A GLOSSARY appears at the end of this document. If you are unsure of an acronym, look it up. Search for the word "glossary". 0. TABLE OF CONTENTS ==================== 1. The Facts of the Case 1.1 Public Key Cryptography 1.2 The Digital Signature Standard 1.3 The Choice 1.4 The Gift 1.5 Objecting and Appealing 2. What People Think (and Feel!) 3. Analysis. 3.1 Enumerating The Objections 3.2 The US Code 3.3 Alternatives for NIST 3.4 A Modern Aesops Fable 4. What You Can Do. 4.1 Many Options 4.2 To Whom To Write 4.3 A Selection of Things To Say -- A. Glossary. B. NIST's Announcement C. United States Code Title 35. D: 37 CFR 404.7 (Checklist for License Application) E: Dan Bernstein's Posting and Form Letter F: The LPF Announcement G. The letters I intend to send. 1. THE FACTS OF THE CASE ======================== As far as I can determine, these are the facts of the case. I have not checked all these facts, and welcome corrections. I regret that I do not have the time to substantiate the stuff in this section with formal references. 1.1 Public Key Cryptography ---------------------------- * In late 1970's and early 1980's there was a revolution in cryptography caused by the invention of public-key cryptography by researchers at MIT and Stanford. Those researchers created patents covering much of the new technology, and these patents were assigned to their respective institutions. * In order to exploit the new technology, MIT and Stanford created a company called Public Key Partners (PKP) to whom they granted exclusive sublicensing rights to the cryptography patents. As a result PKP has controlled the use of public key cryptography for the last decade or so. * PKP claims that its patents are very broad and cover not just specific public key cryptography techniques such as the RSA technique, but also cover the IDEA of public-key cryptography too. Like most issues involved in this whole situation, this issue is not clear and can only be resolved in the courts. This document assumes that the PKP patends are broad. * The PKP patents expire between 1997 and 2008. The most important ones expire between 1997 and 2000. * Public key cryptography is a seminal enabling technology that solves most information integrity problems, including the ability to create unforgeable digital signatures. Digital signatures are just like real handwritten signatures except that they can be applied to digital documents. 1.2 The Digital Signature Standard ---------------------------------- * Digital signatures are extremely powerful, but also rather technologically messy to implement. Keys have to be generated and managed. In particular, the issuing of a digital signature is a social and commercial event most likely requiring network events. In my opinion digital signatures will not enter widespread use until they are standardized. * Several years ago, the US Congress, recognising the need for a standard, instructed NIST (The US National Institute of Standards and Technology) to perform a study and come up with a proposal for a digital signature standard. * NIST evaluated the options and, among other things, commissioned its own signature scheme called DSA (Digital Signature Algorithm). The DSA was prepared with assistance from the NSA (National Security Agency). * When all the dust settled, there were two proposals to choose from: a proposal by PKP based on RSA, and DSA. NIST patented DSA which meant that both proposals were embodied in patents, one owned by PKP and the other by NIST. * There were many pros and cons for each proposal including: - PKP asserted that the NIST proposal was technically more arbitrary than the RSA and was created in a more politically impure environment (with help from the NSA) and so was more likely to have a backdoor in it somewhere. RSA is based on prime numbers and is simpler and more self-evidently backdoor-free. - The PKP proposal was privately owned and so, if it was chosen, everyone would have to pay PKP royalties. * Because the use of digital signatures requires the interaction between random pairs of individuals in society and other organizations and agencies, it would appear that there is no room for two standards. It might be possible for two standards to coexist, but once one catches on, no one will want to know about the other, as "hardly anybody uses it". Furthermore, whatever is chosen as the standard is likely to become mandatory when interacting with various government institutions. Thus, whatever happens, the standard that catches on is likely to dominate and will be hard to supplant even by technologically better rivals. This makes right-now a critical time. 1.3 The Choice -------------- * The decision was up to NIST. In the end it chose its own proposal which was subsequently named in its DSS (Digital Signature Standard) as the standard algorithm. * NIST's problem then was how to cope with PKP. It seems that earlier on, NIST declared the DSA free of coverage from other patents: "[We] believe this technique is patentable and that no other patents would apply to the DSS." -- NIST --US Federal Register, 30 August 1991. However, it seems that since that time, PKP applied pressure to NIST claiming that the DSA was covered by PKP's broader patents. It is still not clear what the practical scope of PKP's patents is and the only way to tell is go to court. What is certain is that the PKP patents THREATEN the DSA patent and can cause trouble for it at any time. Meanwhile, NIST has certainly behaved as if the PKP patents are a problem as it stated in its DSA license proposal announcement (see Appendix B of this document): >The prospective license is a cross-license which would resolve a >patent dispute with Public Key Partners and includes the right to If PKP are right then patent law says that neither party can use the technology without obtaining a license from the other party. However, the coverage of PKP's patents is far from clear. 1.4 The Gift ------------ * In the end, NIST decided to simply GIVE its DSA patent to PKP. Actually, it's not giving, it's an exclusive license, which is effectively the same thing. We will use the word "give" in this document. * This decision has been, to say the least, controversial. At least is has within the subculture that knows about these things. It hasn't hit Donahue yet. * The PKP patents run out between 1997 and 2000. The DSA patent runs out in about 2010. Thus, if PKP's patents have teeth then NIST is GIVING PKP a monopoly of a major national standard for 10 years. If PKP's patents don't have coverage, then NIST is GIVING PKP the monopoly for about 16 years. Either way, it's an unnecessarily generous gift and one that will probably cost the public hundreds of millions of dollars. * Monopolistic control over DSA is a gold mine. I can't put a figure on how much it would be worth, but certainly more than three flat rocks and a piece of string. Just remember that most commercial transactions of the future and probably most electronic communications will be executed using digital signatures and you get an idea of the scope of the monopoly. It's almost like simultaneously owning a patent on the pens with which all people must sign contracts and on sealing wax with which people seal envelopes (or did in more romantic eras). * PKP has stated its INTENT to license DSA free for non-commercial use: >It is PKP's intent to make practice of the DSA royalty free for >personal, noncommercial and U.S. Federal, state and local >government use. As explained below, only those parties who enjoy >commercial benefit from making or selling products, or certifying >digital signatures, will be required to pay royalties to practice >the DSA. However, this apparently does not cover software distribution schemes that operate at cost or which cross-subsidize distribution to yield a non-profit. Note also that this statement of intent does not represent a binding committment. * PKP has issued a statement committing itself to charging a maximum royalty rate of 5% if the deal goes through. However, there are also "minimum fees" which are going to be $10000 per year, plus $10000 for small companies and $25000 for big companies. * An important aspect of the situation is that after PKP's patents run out, there will be nothing stopping anyone from creating and using new digital signature algorithms that are not DSA. The trouble is that by that stage DSA will be so well established that no one will want to use anything else. So, while PKP will eventually lose control over public-key cryptography, they will still have control over the DSA, and by then nobody will be able to supplant it with a free standard. * If the deal does go through then we are likely to see an interesting effect as the PKP patent expiry dates approach. At roughly that time, PKP's RSA patents will expire and we will find that PKP is promoting the DSA (over which it holds a patent) and downplaying (and possibly denigrating) the RSA algorithms upon which the company was founded!!!!!!!!!!!!! 1.5 Objecting and Appealing --------------------------- * The DSA patent has not yet been licensed to PKP. By 37 CFR 404.7, this cannot occur unless NIST first advertises the fact that the licensing is to take place, and solicits objections from the public. NIST made such an advertisement in the US Federal Register on 8 June 1993: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. This noticed was published on about 8 June 1993 so the deadline for responses is 8 August 1993 Washington D.C. time. However, this is a Sunday and we have obtained a verbal commitment from NIST that Monday is OK too. * A lawyer I know who has knowledge of this case has indicated that he thinks that there is no likelihood that NIST will back out of the deal at this stage. However, he feels that this stance is a result of leftovers from the Bush administration. Apparently appeals will be heard by the new Clinton administration and so there is a chance of a change of mind by NIST. * An appeal can be made later to the new administration by anyone who submitted written comments to NIST (as explained above) in opposition to the proposal. Appealants can appeal "de novo" which means that they are not limited to facts and arguments submitted now. * The word "algorithm" appears in the DSA patent, despite the fact that it is officially impossible to register a software patent (it has to be framed in terms of hardware) so it may be that the DSA patent is invalid. 2. WHAT VARIOUS PEOPLE THINK (AND FEEL!) ======================================== * Many people do not believe that algorithmic processes, and in particular, software should be patentable at all. This is an extremely complex issue, but if you do not believe that software patents should exist, you will also believe that the PKP patents should not exist. * Many people are worried that public key cryptography was patented, given its origins. They point out that most of the research leading to it was funded by public (i.e. taxpayer's) money granted by the US Federal Government to Universities. They point out that if the result of such research should be framed as property at all (e.g. patents) then it should be public property. In fact, a database search of the relevant patents reveals that many of them have the following note attached which would seem to indicate that the government may have some direct rights to the patents:
GOVERNMENT INTEREST (GI) The Government has rights in this invention pursuant to Grant No. ENG-10173 of the National Science Foundation and IPA No. 0005.
* One of the purposes of the patent system is to cause technology to be exploited. Some people have suggested that PKP has not been effective in allowing the diffusion public key cryptography. I am not in a position to establish the truth or falsehood of this statement. However, there is intuitive evidence in the fact that public key cryptography was invented almost 20 years ago, and yet is not yet in widespread use. A visit to the supermarket checkout counter reveals no digital signatures. Why not? * Some people have suggested that the reason for the lack of diffusion of public key cryptography is that a cosy unspoken understanding exists between PKP and various US Government agencies that are none-too-happy about the prospect of a diffusion of this technology. Evidence for the attitude of government agencies is: 1) the smoking gun of the 56-bit DES key, 2) the fact that much cryptographic technology is currently classified as "munitions" and cannot be exported without a license. Evidence of the lack of diffusion is the supermarket argument above. The rest is speculation. * Many people were worried when NIST patented the DSA. They felt that no good could come from embodying a public standard as a piece of intellectual property. Their fears have been realized as NIST is about to license that property exclusively to PKP. * It is very easy to get hot under the collar at NIST. However, it is also important to realize that their actions MAY be motivated by no more than a desire for the public good - to disseminate digital signature technology as quickly as possible. In this quest they ran up against a problem - PKP - and solved it as quickly and as easily as they could - by giving the DSA patent to PKP. * I do not particularly hold any bad feelings towards PKP or its employees. I have been developing a product recently that has required me to interact with PKP and to license one of their algorithms. They have been nothing but polite and helpful and have provided me with useful information. My concern is not with PKP, but with the future of digital signatures. 3. ANALYSIS =========== 3.1 Enumerating The Objections ------------------------------ I you are at all like me, by this stage your brain will be feeling as if it is full of cotton wool so let's attempt to crystalize it all. First, why should we care at all? The answer to this is that digital signatures are going to be very important in the future. Second, what bad things have happened, or are about to happen? This depends on your stand on various issues in intellectual property. Combing through previous sections, we can assemble at least the following list of potential objections: * Object to software patents in general. * Object to publicly funded universities creating patents at all. * Object to such universities assigning such patents to commercial companies. * Object to PKP allegedly holding up the diffusion of public key technology. * Object to the involvement of the NSA in creating the DSA. * Object to NIST choosing DSA as standard instead of RSA. * Object to NIST embodying DSA in a patent. * Object to government agencies assigning patents to commercial companies. * Object to NIST assigning the patent to just ONE company. * Object to NIST effectively extending PKP's patent powers. * Object to NIST making it more difficult for companies that wish to fight PKP to do so. So there is certainly a lot to grumble about! This is a problem with this issue: there are too many ducks to shoot at and the more idealistic you are the easier it becomes to get angry and confused. However, right now we are right near the end of NIST's 60-day deadline and coherent focussed action is required.
From the legal tactical point of view, there are many many angles of attack. I won't go into them here; the situation touches on constitutional law, administrative law, patent law and I don't understand it all. Just be assured that "teams of lawyers are working around the clock" :-) What we really need of course is a turbo-charged Hillary, but this is not possible at this time.
What IS important is that the current situation seems to be largely a result of the leftovers of the Bush administration. The new Clinton administration may take different view on all this. I have heard that soon the top few people in NIST will be replaced by Clinton people. This means that if enough people object now with enough good reasons, the issue might get held up long enough for it to be caught by the new administration. And the "de novo" aspect of the appeals process means that new arguments can be created and presented later, so you are not limited later to what you say now. So say anything, but please say something, now. As we have seen, there are many legitimate objections that could be made. In my mind the key ones are: * That NIST is placing a key international standard in the hands of a single company. * That by handing DSA to PKP, NIST is giving PKP power unnecessarily. It may be that some companies believe that they can beat PKP's broad patents in court. However, if the NIST/PKP deal goes through, such companies will have to break not only the broad PKP patents, but the more specific DSA one as well. If the PKP patents are so strong, why should NIST need to give PKP the DSA patent at all? In addition to these general objections, we can also respond directly and formally to NIST's requests for comments on the deal. The next section discusses this. 3.2 The US Code --------------- NIST has requested objections to its proposal before 8 August 1993. Furthermore, it has specified exactly what its criterion is for evaluating objections: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. I have obtained copies of 35 U.S.C. 209 (see Appendix C) and 37 CFR 404.7 (see Appendix D). The latter is basically the former repeated over a few times with some bits added. Here are the juicy clauses of 35 U.S.C. 209 - the ones that specify the criteria that NIST is supposed to be using to determine whether to license DSA to PKP. NIST is most likely to respond favourably to objections lodged to it that address these criteria and explain why they are not being met. Here we go:
(A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public;
I think it's fairly clear from the history of the computer industry in the last two decades that computer companies will need little encouragement in adopting and implementing this standard without the help of PKP!
(B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention;
DSS has only recently been declared a standard, so it's hard to judge. It depends on how good PKP's is at preventing companies from implementing DSA.
(C) exclusive or partially exclusive licensing is a reasonable and necessary initiative to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public; and
This condition absolutely is not met. The history of the computer industry and the potential for the DSA clearly indicates that there will be, if anything, a glut of risk capital for implementing DSA. And it's probably not even likely to be "risk" capital!
(D) the proposed terms and scope of exclusivity are not greater than reasonably necessary to provide the incentive for bringing the invention to practical application or otherwise promote the invention's utilization by the public.
Even if DSA is a subset of PKP's patents and NIST is assigning DSA to PKP to simplify the situation, this condition is definitely not met as NIST is licensing DSA to PKP for at least 10 years longer than it needs to - more than half the life of the patent. PKP's patents expire before 2000, but NIST is granting DSA until the year 2010. This is FAR greater than is reasonably necessary. Because technology tends to diffuse in accordance with an exponential curve (at least until it saturates), it is likely that the royalties PKP will receive between 2000 and 2010 will be a hundred times greater than those it receives beween 1993 and 2000. Thus, in practice, NIST may be being overgenerous by a factor of one hundred or more. SUMMARY: If we assume that NIST's goal is to get DSA in use as quickly as possible, then their only obstacle is PKP. The clauses above address the issues of technology diffusion and the attraction of risk capital. These issues are not central in this case as it must be blindingly obvious to anyone who knows the computer industry that the DSA standard would go like curry through a senior citizen if all the patents were lifted from it (remember, we are most likely talking about most commercial outlets in the US and nearly all electronic mail in the future). Thus, the only reason why NIST should consider handing over the DSA patent under these clauses is because PKP has the industry by the throat. But this is not certain, and even if it was, under clause (D) above, NIST should attempt to minimize its commitment to PKP. If it is to license DSA to PKP AT ALL, it should license it only until PKP's patents run out, not until the year 2010. And even licensing DSA to PKP until the patents run out is unnecessary because if NIST offered a public license of DSA, companies could simply fight PKP's patents in the courts directly without DSA being involved. 3.3 Alternatives for NIST ------------------------- As we have seen above, NIST's actions are at least inconsistent with the code with respect to section (D). So, we can write to them and complain about that specifically. By now, you should have a pretty good feel for the situation. My personal opinion is that NIST are simply eager to diffuse the technology, but because they feel "blocked" by PKP, have folded to them. Unfortunately, they seem to giving up far more than they need to. So let's help them get their confidence back :-) by coming up with some alternatives: A1: ISSUE A GENERAL PUBLIC LICENSE: This would knock NIST out of it, allowing those wishing to implement DSA to deal with PKP directly, either through the courts, or the banks. :-) At least PKP's power would not be increased. A2: FIND ANOTHER STANDARD OR ENCOURAGE INFRASTRUCTURE FOR ANOTHER STANDARD: Do we want DSA at all? Given that the NSA had a finger in it, it's not clear how secure it is. Is it really desirable for certain U.S. government agencies, perhaps a little out of control, to be able to digitally prove in court that any citizen it particularly feels like targetting has taken out a $200,000 loan which has not been repayed? Well, of course, it's not that simple. Even so, these technologies have a habit of being used for increasingly serious applications and this sort of abuse is not unimaginable. In the new commercial world, a backdoor to the DSA would be a license to print money, without all the hassles of running a printing press. Perhaps it is better to take a completely different approach. Independent of licensing issues, I don't think that NIST are going to back down from their own standard. However, they could assist the free market along by specifying that all implementations of DSA incorporate a general digital signature framework into which a variety of digital signature algorithms could be inserted, including DSA. If all manufacturers implemented this, then, at a later date it would be easy to switch to another standard or choose one or another standard at the supermarket till. Even if NIST gave PKP DSA, by enforcing this "slot" openness in the implementation of DSA, it could pave the way for the standard to be replaced in the future by a better one (perhaps RSA!) when the PKP patents expire. 3.4 A Modern Aesops Fable ------------------------- During times of drought a farmer noticed that his cow was looking a bit thin so he sent his son out with the cow to find some nice green grass to munch on so that the cow would grow fat and yield lots of milk. The son walked the cow for miles and miles (making the cow even thinner in the process), but couldn't find any grass (it's the Australian outback). In the end he found a nice green paddock and set the cow grazing. Later the son returned to the homestead: Farmer : How'd it go son? Do we have a happy cow now? Son : Well sort of; I had trouble finding a grassy paddock. Farmer : But you found one in the end didn't you? Son : Yes, and I put the cow in the paddock. But soon another farmer came running out. He said it was his paddock --- he had rented it for three years --- and that I couldn't graze my cow there without giving him some milk. It was the only green paddock there was. Farmer : So what did you do? Son : I gave him the cow. 4. WHAT YOU CAN DO ================== 4.1 Many Options ---------------- If you've read this far, the extra amount of work required to print out a letter of objection and mail it to NIST will seem trivial by comparison! Furthermore, if you act, you may be able to secure a DSA license for yourself from NIST before DSA is handed over to PKP. It is important to realize that NIST are actually SOLICITING objections. So it's not as if you are writing in cold. Regardless of what NIST's real attitude is, the fact is that they have to receive and collate all the objections they receive and pay some sort of attention to them. As we've seen above, the issues are complicated, and the sort of response you'll want to send NIST will depend on your point of view. I'm not going to tell you what to send to NIST. However, I am going to make it as easy as possible to send SOMETHING to NIST by providing handy information such as the address of the person to send to :-) along with various form letters. One interesting aspect of objecting is stated by NIST in their announcement: >Applications for a license filed in response to this notice will be >treated as objections to the grant of the prospective license. Thus, if you do no more than simply file an application for a DSA license (to NIST before it hands it over to PKP), you will be objecting implicitly. 4.2 To Whom To Write -------------------- NIST states in their announcement that "Inquiries, comments, and other materials relating to the prospective license shall be submitted to: Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 Phone: +1(301) 975-2803. Fax: +1(301) 926-2569. The formal deadling is the end of 08-Aug-1993. However as that is a Sunday, Michael Rubin has stated to others that correspondence received on Monday 09-Aug-1993 will be accepted. Furthermore, in a telephone conversation between Michael Rubin and myself between 1:22am and 1:24am on 04-Aug-1993 Adelaide time, he informed me that faxed correspondence would be accepted until midnight ending Mon 09-Aug-1993 [implicitly Washington DC time]. (Sorry, I forgot to ask him his email address - fax is probably better anyway, as I understand that faxed signatures are accepted in law (no digital signatures in email yet :-)). The LPF has requested that you send a copy of your letter to them at: League for Programming Freedom 1 Kendall Square #143 P.O.Box 9171 Cambridge, Massachusetts 02139 The League for Programming Freedom is an organization which defends the freedom to write software, and opposes monopolies such as patented algorithms and copyrighted languages. It advocates returning to the former legal system under which if you write the program, you are free to use it. Please write to the League if you want more information. Sending copies to the League will enable them to show them to elected officials if that is useful. 4.3 A Selection of Things To Say -------------------------------- Here is a list of actions to give you ideas. * Write to NIST and ask for a personal or implementors license. The personal license will allow you to use the DSA technology in 5,231,668. The implementors license will allow you to create for-private-use or public domain DSA implementations. You can use the Dan Bernstein form letters in Appendix E to do this. NIST may or may not grant the license, but at least you can try. * Write to NIST objecting to the DSA deal on one or more of the following grounds: - Various idealistic reasons such as the creation of the technology using public money, the assignment of the technology to a private company, and the involvement of the NSA in formulating the standard. - Because the deal "is not consistent with requirements of 35 U.S.C. 209 and 37 CFR 404.7." More specifically
(C) exclusive or partially exclusive licensing is a reasonable and necessary initiative to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public; and
There will be no shortage of risk capital for DSA!
(D) the proposed terms and scope of exclusivity are not greater than reasonably necessary to provide the incentive for bringing the invention to practical application or otherwise promote the invention's utilization by the public.
PKP's patents run out by 2000, but NIST is granting them DSA to 2010. * Write to NIST and suggest that they issue a general public license. * Write to NIST objecting, explaining the importance of DSA in future society and urging them to (as the LPF puts it) "pursue all possible means, judicial and legislative, to invalidate or annull the PKP patents", and failing that "take them by eminent domain". This would be cheaper in the long run than the current plan. (Note: I can't help you with the details here: I don't know what eminent domain is. I presume it's what happens when congress finds out that someone has patented the slush fund :-) * Send a copy of the farmer fable :-) That's it! Over to you now! ===================================================================== APPENDIX A: GLOSSARY ==================== DES = Data Encryption Standard. DSA = Digital Signature Algorithm. DSS = Digital Signature Standard. LPF = League for Programming Freedom NIST = National Institute of Standards and Technology. NSA = National Security Agency. PKP = Public Key Partners. RSA = Rivest Shamir Adelman - an important public-key cypher. ===================================================================== APPENDIX B: NIST'S ANNOUNCEMENT =============================== ** The following notice was published in the Federal Register, Vol. 58, No. 108, dated June 8, 1993 under Notices ** National Institute of Standards and Technology Notice of Proposal for Grant of Exclusive Patent License This is to notify the public that the National Institute of Standards and Technology (NIST) intends to grant an exclusive world-wide license to Public Key Partners of Sunnyvale, California to practice the Invention embodied in U.S. Patent Application No. 07/738.431 and entitled "Digital Signature Algorithm." A PCT application has been filed. The rights in the invention have been assigned to the United States of America. The prospective license is a cross-license which would resolve a patent dispute with Public Key Partners and includes the right to sublicense. Notice of availability of this invention for licensing was waived because it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public. Public Key Partners has provided NIST with the materials contained in Appendix A as part of their proposal to NIST. Inquiries, comments, and other materials relating to the prospec- tive license shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, Maryland 20899. His telephone number is (301) 975-2803. Applica- tions for a license filed in response to this notice will be treated as objections to the grant of the prospective license. Only written comments and/or applications for a license which are received by NIST within sixty (60) days for the publication of this notice will be considered. The prospective license will be granted unless, within sixty (60) days of this notice, NIST receives written evidence and argument which established that the grant of the license would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. Dated: June 2, 1993. Raymond G. Kammer Acting Director, National Institute Standards and Technology. Appendix "A" The National Institute for Standards and Technology ("NIST") has announced its intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's pending patent application on the Digital Signature Algorithm ("DSA"). Subject to NIST's grant of this license, PKP is pleased to declare its support for the proposed Federal Information Processing Standard for Digital Signatures (the "DSS") and the pending availability of licenses to practice the DSA. In addition to the DSA, licenses to practice digital signatures will be offered by PKP under the following patents: Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 It is PKP's intent to make practice of the DSA royalty free for personal, noncommercial and U.S. Federal, state and local government use. As explained below, only those parties who enjoy commercial benefit from making or selling products, or certifying digital signatures, will be required to pay royalties to practice the DSA. PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993. Having stated these intentions, PKP now takes this opportunity to publish its guidelines for granting uniform licenses to all parties having a commercial interest in practicing this technology: First, no party will be denied a license for any reason other that the following: (i) Failure to meet its payment obligations, (ii) Outstanding claims of infringement, or (iii) Previous termination due to material breach. Second, licenses will be granted for any embodiment sold by the licensee or made for its use, whether for final products software, or components such as integrated circuits and boards, and regard- less of the licensee's channel of distribution. Provided the requisite royalties have been paid by the seller on the enabling component(s), no further royalties will be owned by the buyer for making or selling the final product which incorporates such components. Third, the practice of digital signatures in accordance with the DSA may be licensed separately from any other technical art covered by PKP's patents. Fourth, PKP's royalty rates for the right to make or sell products, subject to uniform minimum fees, will be no more than 2 1/2% for hardware products and 5% for software, with the royalty rate further declining to 1% on any portion of the product price exceeding $1,000. These royalty rates apply only to noninfringing parties and will be uniform without regard to whether the licensed product creates digital signatures, verifies digital signatures or performs both. Fifth, for the next three (3) years, all commercial services which certify a signature's authenticity for a fee may be operated royalty free. Thereafter, all providers of such commercial certification services shall pay a royalty to PKP of $1.00 per certificate for each year the certificate is valid. Sixth, provided the foregoing royalties are paid on such products or services, all other practice of the DSA shall be royalty free. Seventh, PKP invites all of its existing licensees, at their option, to exchange their current licenses for the standard license offered for DSA. Finally, PKP will mediate the concerns of any party regarding the availability of PKP's licenses for the DSA with designated representatives of NIST and PKP. For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief Counsel for Technolo- gy, NIST, or Public Key Partners. Dated: June 2, 1993. Robert B. Fougner, Esq., Director of Licensing, Public Key Partners, 310 North Mary Avenue, Sunnyvale, CA 94033 [FR Doc. 93-13473 Filed 8-7-93; 8:45 am] ===================================================================== APPENDIX C: UNITED STATES CODE (U.S.C.) TITLE 35 - PATENTS SECTION 209 ====================================================================== Note: 37 CFR 404.7. is basically the following repeated over a few times with some irrelevant bits added. S 209. Restrictions on licensing of federally owned inventions -------------------------------------------------------------- (a) No Federal agency shall grant any license under a patent or patent application on a federally owned invention unless the person requesting the license has supplied the agency with a plan for development and/or marketing of the invention, except that any such plan may be treated by the Federal agency as a commercial and financial information obtained from a person and privileded and confidential and not subject to disclosure under section 552 of title 5 of the United States Code. (b) A Federal agency shall normally grant the right to use or sell any federally owned invention in the United States only to a licensee that agrees that any products embodying the invention and produced through the use of the invention will be manufactured substantially in the United States. (c) (1) Each Federal agency may grant exclusive or partially exclusive licenses in any invention covered by a federally owned domestic patent or patent application only if, after public notice and opportunity for filing written objections, it is determined that --- (A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public; (B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention; (C) exclusive or partially exclusive licensing is a reasonable and necessary initiative to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public; and (D) the proposed terms and scope of exclusivity are not greater than reasonably necessary to provide the incentive for bringing the invention to practical application or otherwise promote the invention's utilization by the public. (2) A Federal agency shall not grant such exclusive or partially exclusive license under paragraph (1) of this subsection if it determines that the grant of such license will tend substantially to lessen competition or result in undue concentration in any section of the country in any line of commerce to which the technology to be licensed relates, or to create or maintain other situations inconsistent with the antitrust laws. (3) First preference in the exclusive or partially exclusive licensing of federally owned inventions shall go to small business firms submitting plans that are determined by the agency to be within the capabilities of the firm and equally likely, if executed, to bring the invention to practical application as any plans submitted by applicants that are not small business firms. <<<<Note: The rest of the clauses are mainly administrative dealing with foreign patents and record keeping. There are clauses that enable the government to terminate the license if the licensees misbehave. In particular, the final clause (given below) is rather interesting.>>>> (f)...(4) the right of the Federal agency to terminate the license in whole or in part if the agency determines that such action is necessary to meet requirements for public use specified by Federal regulations issued after the date of the license and such requirements are not reasonably satisfied by the licensee. ===================================================================== APPENDIX D: 37 CFR 404.8 (Checklist for License Application) ============================================================ 37 CFR 404.8 gives a checklist of the things you have to do to apply for a license. S 404.8 Application for a License --------------------------------- An application for a license should be addressed to the Federal agency having custody of the invention and should normally include: (a) Identification of the invention for which the license is desired including the patent application, serial number or patent number, title, and date, if known; (b) Identification of the type of license for which the application is submitted. (c) Name and address of the person, company, or organization applying for the license and the citizenship or place of incorporation of the applicant; (d) Name, address, and telephone number of the representative of the applicant to whom correspondence should be sent; (e) Nature and type of the applicant's business, identifying products and services which the applicant has successfully commercialized; and approximate number of the applicant's employees; (f) Source of information concerning the availability of a license on the invention. (g) A statement indicating whether the applicant is a small business firm as defined in S404.3(c) [S404.3 (c) SMALL BUSINESS FIRM means a small business concern as defined in section 2 of Pub. L. 85-536 (U.S.C.632) and implementing regulations of the Administrator of the Small Business Administration.] (h) A detailed description of applicant's plans for developing or marketing the invention, or both, which should include: (1) A statement of the time, nature and amount of anticiapted investment capital and other resources which applicant believes will be required to bring the invention to practical application; (2) A statement as to the applicant's capability and intention to fulfill the plan, including information refarding manufacturing, marketing, financial and technical resources; (3) A statement of the fields of use for which applicant intends to practice the invention; and (4) A statement of the geographic areas in which applicant intents to manufacture any products embodying the invention and geographic areas where applicant intents to use or sell the invention, or both; (i) Identification of licenses previously granted to applicant under federally owned inventions; (j) A statement containing applicant's best knowledge of the extent to which the invention is being practiced by private industry or Government, or both, or is otherwise available commercially; and (k) Any other information which applicant believes will support a determination to grant the license to the applicant. ===================================================================== APPENDIX E: DAN BERNSTEIN'S POSTING AND FORM LETTER =================================================== The following is a recent posting to sci.crypt by Dan Bernstein. It provides two form letter that can be used to apply for a DSA license. The first letter requests a personal license. The second requests an implementer's license. Dan's letters seems to provide all the information required by some sort of US code. I don't know which one though. Certainly the information provided seems very similar to that specified in 37 CFR 404.8 (see Appendix D). Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb@silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to use DSA? Apply for a personal license from NIST! Message-ID: <13176.Jul2706.22.0393@silverton.berkeley.edu> Date: 27 Jul 93 06:22:03 GMT Organization: IR Lines: 103 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you want to guarantee your own rights to this technology? You can! It's free, if you can spare a stamp. Attached is a form letter you can send to NIST to apply for a personal license. Put in your own name, address, country, and the right date; print it out; read through to check it over; sign it; and drop it in the mail. You don't have to get everything right the first time---NIST will contact you if they need more information to make a decision. And, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for a personal license to use the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a personal license allowing me to implement and use DSA. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to use DSA to attach digital signatures to a variety of electronic documents, primarily for authentication. I plan to use DSA implementations, initially in software but perhaps later in hardware, from a variety of potential future sources. Investments: I may spend many hours programming a DSA implementation. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement and use DSA only in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Please note that PKP has stated its intent to make DSA free for personal use. Therefore, if NIST grants PKP a license and PKP acts according to its stated intent, there is no harm to anyone if I am granted this personal license. However, I do not trust PKP to act according to its stated intent, and I do not want to have to apply for a license from PKP even if it is royalty-free. So I ask that you grant me a license directly. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb@silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to publish your dsa.c? Apply for a license from NIST! Message-ID: <13238.Jul2706.22.3993@silverton.berkeley.edu> Date: 27 Jul 93 06:22:39 GMT Organization: IR Lines: 101 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you have a free DSA implementation, or have you been thinking of writing one for the benefit of the net community? Do you want to guarantee your users the rights to this technology? You can! It's free, if you can spare a stamp. This is another form letter---just like the personal license application exhibited in my previous message. You should make sure to apply for a personal license. Once you've done that, follow the same instructions for the implementor's license. Once again, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for an implementor's license permitting me to sublicense the use of the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a license allowing me to let others freely use my implementation of DSA, i.e., allowing me to sublicense the use of DSA at no cost. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to create a source-code implementation of DSA in software, using computer resources which are already available to me. I plan to give this implementation to anyone who asks, and perhaps to publish this implementation via electronic or non-electronic means, for study and use by the academic and non-academic communities. I hope to have people hear about this implementation by a variety of means, including word of mouth. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement DSA in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Let me emphasize that this is not a commercial license application. I do not intend to collect any fees for the use of this implementation. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] ===================================================================== APPENDIX F: THE LPF ANNOUNCEMENT ================================