From: "Dave Banisar" <banisar@epic.org>
WASHINGTON, DC -- A new coalition today urged support for strong technologies to protect privacy and security on the rapidly growing Internet. The Internet Privacy Coalition said that new technologies were critical to protect private communications and on-line commerce, and recommended relaxation of export controls that limit the ability of US firms to incorporate encryption in commercial products.
Phil Zimmermann, author of the popular encryption program Pretty Good Privacy, expressed support for the effort of the new coalition. "It is time to change crypto policy in the United States. I urge those who favor good tools for privacy to back the efforts of the Internet Privacy Coalition."
I see that a lot of good people are involved in this, and it sounds like a worthwhile cause. But I have one thing I want to get off my chest. (Long time list readers will know that this is one area where I have trouble being completely rational.) The thing that worries me when I put crypto software up at my site is not the export restrictions. I can make people click a button promising that they are USA citizens or otherwise legal. A lot of other people do it and while it might get me into trouble eventually I think it demonstrates good faith. (There has also been some discussion on the cyberia list with regard to the communications decency amendment that "I am not a minor" buttons would be adequate defenses for that law, and this seems like a similar situation.) No, the thing that worries me most is patent infringement. And the main company I worry about is RSA, one of the sponsors of this golden key effort. Note that RSA's logo is a key, and we see the RSA key at the bottom of our Netscape screens all the time. I don't remember if it's golden. It seems ironic for RSA to be casting itself as a friend of the principle of availability of privacy tools when its own lawyers patrol the net to make sure there are no unauthorized encryption programs out there. They fought against PGP for years until Phil trumped them by going over their heads to MIT. Look what happened when Wei Dai announced his fine crypto library. It wasn't the NSA which come down on him. It was RSA lawyers who demanded that he pull his library off the net until he had it clean enough for them. I have not actually seen the new logo because I don't have a graphical browser here, but I hope it is not too similar to RSA's key. I hate to see that company rewarded when it is acting counter to the interests of people who need access to privacy tools. Hal