From: Timothy C. May <tcmay@got.net> To: cypherpunks@toad.com Subject: Holding Netscape's and Microsoft's Feet to the Fire Date: Tuesday, October 22, 1996 8:59 PM

At 4:11 PM -0700 10/22/96, Jeff Weinstein wrote:

...

John Young wrote:

...

10-17-96, BuWi:

"Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell, RSA, and Silicon Graphics Announce PICA Crypto-Alliance"

The PICA specification will also be designed to make the task of developing differing domestic and exportable security requirements much easier. [GAK alliance 2.]

John, I think you are misreading the intent here. By making it easier to develop separate domestic and exportable versions of a product, we foil the government's attempt to force weak domestic encryption because it is too much work to maintain two different versions.

Thwarting the True Intent of GAK by ensuring that domestic crypto is completely unhampered, unhindered, unlimited, and unGAKked is terribly important. A year or so ago, when Netscape folks issued assurances that

The truly frightening thing here is that Bill gates has come out more often on the strong crypto side than Netscape, Apple, IBM and just about everyone else. Why is this? Has Justice crapped on him once too often, and now he's looking for payback? At first I thought that it may be that Microsoft has big financial transaction plans. If this were true, they would probably get the leniency that banks and others get for crypto. So what is it? Here is my theory, if you will indulge me for a minute; It was a dark and stormy...uh middle of the afternoon in Redmond. Bill is at his desk reading the latest sales figures for Windows and Office 95. "600 million, hot shit! But I grow bored with commonplace software, I need new money schem..uh challenges". Somehow Bill finds his way into Building 666 on the Microsoft campus. The building is home to Microsoft's Security and Crypto division. He hails a young minion. "Here my son, what have you done for me today?" The young man gulps, "Uh well let me see Mr Gates...". Suddenly Bill notices the boy's shirt. It is black, on the front are printed the words; "This T-Shirt is a Munition". Under the words are a few lines of code. Because they are not Basic, Bill is confused. He blurts out,"Say that isn't Java is it!". "No Mr. Gates, it's Perl. This is the RSA code implemented in it." Bill says,"I see, carry on my boy". The young man scurries back to his office. Suddenly it strikes Gates like the first time he envisioned the DOS liscening scheme. "Munitions! Hot shit, weapons on a floppy I could make billions! I could arm the whole world with Microsoft weapons of software and dominate any governments who got in my way! Then I could have Larry Ellison and Marc Andressen and any other punks who made fun of me locked away". I'm sure it didn't happen just this way. It's quite possible that Bill gates never says "hot shit". ---------- the

"relative convenience" of having one "world version" would not be the determining factor, and that Netscape would have two versions (times the number of platforms they support), was an incredibly positive development.

(And Bill Gates, of the Evil Microsoft, had already isssued scathing denunciations of key escrow and mandatory crypto, so MS was already effectively in our camp.)

So, if PICA helps this (along with the Elites Alliance, a rival type), more power to them. I wouldn't be surprised if the Feds try to exert pressure on them to change this purpose that Jeff W. describes. Government will realize that industry consortia are a way to "build consensus" on getting GAK built in to even domestic products. (The renaming of Clipper/Tessera/etc. to key escrow and then to "key recovery" is essential to this strategy....got to convince U.S. software companies that Mr. Policeman is Our Friend...not an easy sell.)

But I wonder if the PICA Alliance will be allowed to pursue this "dual strength strategy." Mightn't it be a violation of the ITARs merely to _conspire_ to keep domestic crypto unhindered and strong?

(:-} for the :-}-impaired.)

Though this is preaching to the choir, it's imperative that Netscape, Microsoft, and the Other Minor Players remain committed to _never_ compromising the security of _domestic_ products....Europe and Asia will have to take of themselves, as the true battle always has and always will be about the U.S. government's desire to surveil us and tap our communications at will.

(Anyone who doubts this should reread the recent comments of Janet Reno, Louis Freeh, Jamie Gorelick, and all the others talking about the need to read the communications of criminals and suspected criminals. The real goal is to head off crypto anarchy, as the summary by Black Unicorn made clear just a day or two ago.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed.

---------:---------:---------:---------:---------:---------:---------:----

Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."