To: cypherpunks@toad.com A Legal Way To Use RSA ---------------------- There is a LEGAL way to establish the free use of PGP and the RSA algorithm by anyone who wishes to preserve their constitutional right to privacy. No licensing or fees are involved. The RSA algorithm is not copyrighted software, it's a patented technique (presumably in the form of a mathematical algorithm). Under patent law, it is legal to manufacture anything that someone has patented for your own use. If the item is an improved can opener, for example, then you can make one for yourself directly from the patent office drawings if you like. You cannot offer them for sale. So anyone is free to create a computer program which utilizes the RSA algorithm so long as it's just for them. All mathematical equations, no matter how large and complex, consist of smaller terms or sub calculations. In the instant case of the RSA algorithm, these smaller terms consist of prime numbers, Euler's quotient function, and operations like calculating the greatest common divisor and modular arithmetic. It's all about as patentable as long division. No one could be prevented from using such ordinary mathematics. PGP performs other tasks besides RSA related calculations. It supports IDEA and XXENCODE which are in the public domain. So it's only necessary to rewrite the RSA section to avoid conflict with the patent. This could be accomplished by arranging the section into a few mathematical modules or "building blocks." These could then be rearranged by the user into several different configurations for encryption ------ with only one supporting the actual RSA algorithm. After all, large prime numbers can legitimately be used as keys for almost any encryption technique and the arithmetic operations may be called as subroutines for a variety purposes. By stacking the un patentable "building blocks" into the particular sequence which implements the RSA algorithm, the users would, in essence, be employing their own tools (the computer and it's software) to create a copy of the RSA algorithm for their individual use. Programming skills would not be required since the inexpert user could simply employ a setup program and select from a menu of different encryption modes. Alternatively, a DEBUG script could be circulated separately to appropriately reshuffle the object code. Legal action to prevent such a program from being distributed could be very difficult. What reasonable argument could be set forth against someone using the mathematical functions? Arguing that someone -might- use the program to create RSA would make no more sense than arguing that a drill press -might- be used to make a patented can opener. Besides, if it's legal for someone to make their own can opener, how can it be illegal to sell them the tools and materials to do it with? Providing instructions on how to do it can hardly be attacked because the U.S. Patent Office, itself, publishes the plans (technically, they appear to violate the law whenever they send copies outside U.S. borders). By now, you get the point. There's a well anchored legal loophole in the patent law big enough to sail a ship through. It may render patents of formulae used in computer software worthless (as they ought to be). I sympathize with Public Key Partners. The venture must have looked awfully good on paper, but their position is fundamentally untenable. Sooner or later the subject of their exclusive rights over RSA will reach the courtroom. There is legal precedent for allowing private corporations to market products developed with public funds. However, a case might very well be made that MIT erred in granting an exclusive license. It would be to the greater public good (the underlying principal) to release RSA into the public domain so a range of competing businesses could provide it to the public. Because the right to privacy is involved, rather than valves for a rocket engine, a federal court could take licensing entirely out of Massachusetts' and MIT's hands if any federal funds could be traced to RSA's development. Once in court, it will make the newspapers. A private company profiteering from something the taxpayers paid for ----- denying privacy to the average American with heavy handed tactics. The simple fact is, I don't like it and I have a feeling most people won't like the sound of it. The press, a major user of electronic mail and a jealous guardian of sources, is not likely to take a sympathetic stance. There is a large organized body of opposed computer users poised to launch letter writing campaigns and many congressional "waste slayers" are apt to show real interest in the matter. Foundations which fund lawsuits on freedom issues abound. As courtroom and legislative arguments are raised against the license or patent, what foolish company is going to risk paying the license fee? The RSA license quivers on a bowl of Jello. I know financial misadventure when I see it. I'm glad none of my money is invested in Public Key Partners. Bon Voyage!
Once in court, it will make the newspapers. A private company profiteering from something the taxpayers paid for
Uhh, I hate to inform you, but this was discussed back in the Congress in the 1960's. It was decided, then, that patents COULD be obtained fromm research done using gov't funding. Therefore, this is nothing new. In fact, I doubt a paper would even touch this "scoop"... As to whether or no I agree with this, well, thats a different topic. (I happen to believe that patents on algorithms are stupid, but that's besides the point). In other words, there was nothing illegal in the RSA patent, even if there was gov't funding.... -derek
William Oldacre suggests just letting people roll their own encryption packages. Russell Brand exhibited a few relevant passages of the patent law. Allow me to make the argument clearer. First, patent law covers all use, including personal use. It would be beneficial public policy to allow personal use broadly under statute, but drawing the line between personal use and sole proprietorship is difficult at best. There are many cases where society might wish to distinguish between profit and not-for-profit and personal uses, yet however one looks at this, these can be difficult to distinguish at their margins. When, for example, does a hobby which turns into a money making adventure actually become a business. At the first sale? At the first loss filed on Schedule C? When specifically, might patent licensure invoke? Remember, this has to be a litigable distinction. For many of these reasons, all rights to patents are vested in the patent holder. Second, assume that personal use really was OK. Then some people really could build their own. But you could even then sell kits, because that would be tantamount to the completed object. You could sell all the parts, but you could agglomerate them into a single unit. Big deal, you might say. It is a big deal. Most people, more that 99%, could not assemble a crypto system out of parts. You would make crypto protection available only to the programming elite. This, surely, is not my idea of a worthwhile end goal. Patents are a restriction; they are designed to be a restriction. We can either use them by licensing them or go around them by not using them but rather a substitute. Any other way of dealing with them is not generalizable to the public at large. I am sympathetic to personal and research uses of unlicensed patents, but my goal is the whole world. Eric
participants (3)
-
Derek Atkins
-
Eric Hughes
-
William Oldacre