(Cyphergang, this is going to have to be my last post for a while on this thread. The points have been made. Some agree with me, some call me treasonous. I say what I think. -TCM) Hal Finney writes: .....stuff elided....

First, I don't see that the interests of RSADSI are fully aligned with ours regarding Clipper. Despite PKP's success in accumulating patents, Clipper per se does not appear to infringe, being based on a new symmetric cryptosystem. So they don't have any direct leverage over the use of Clipper.

That's right, they don't. Clipper/Skipjack/Capstone looks to be well-planned move to reassert government control over crypto, with various government modules replacing existing modules (as with the DSS signature standard, which uses the El Gamal algorithm). Whether RSADSI is upset, I don't know. I suspect so. Bidzos was quoted as saying "Clipper is an arrow aimed at the heart of my company." (source: Eric, who saw it in a newspaper) ...

In fact, Clipper in some ways represents a major market opportunity for PKP. To the extent that the publicity leads to increased sales of encrypting phones, PKP may benefit from the success of the Clipper.

This could be. I don't think enough is known to answer this. I suspect the "end run" theory mentioned above. If Bidzos thought Clipper was a great thing for his company, he wouldn't be busily lobbying to help kill it, nor would he have shown up at ur emergency meeting to tell us what he knew.

(The follow-on Capstone project does appear to pose a greater threat to PKP, since it will use DSS (for key exchange???).)

Capstone is not really a "follow-on," in the sense that it is due to be announced *this month*, if I recall correctly. It's very far along, I believe. More like a "one-two punch." And, yes, it appears to be a major threat to us all. But we'll have to wait and see, I suppose.

Furthermore, in any future government prohibition on non-Clipper cryptography, our greatest nightmare, it is plausible that the government would "take care" of PKP by making sure that they get a nice piece of the pie. I could easily imagine a situation in which non-Clipper crypto is banned, Clipper is widely distributed, and PKP is doing very well financially with a slice of the profits from every sale.

I think I mentioned somewhere that I put Bidzos on the spot with what I called "The 64-bit Question": Are you going to cut a deal and sell us out? Bidzos was very sober when he answered this, and said, roughly: "If you mean will I conspire with the government to deny strong crypto to users, no. But if Clipper and Capstone are destined for deployment and they come to us and offer royalties, what choice will we have? We have a duty to our shareholders." And as he was leaving for the day, he leaned in the door to our meeting and said, as if to reiterate the point, "Tim, I won't sell you out." (Please don't use this recollection of what he said for a dissection of what he really meant, what RSA is really doing, etc. I have already said that Bidzos said he knew nothing about the Clipper program until we all did. And so on.)

Even if Jim Bidzos were personally committed to widespread, strong, public cryptography, and opposed Clipper for fundamental philosophical reasons (just like us), he would be faced with a conflict of interest. As several

This is not clear. Deploying strong crypto could be more lucrative to RSADSI than having the government deploy its own Capstone "CA" (Cryptographic Algorithm, the new acronym du jour) and paying RSADSI some token amount for some small piece of the package.

people have pointed out here, Bidzos has a fiduciary responsibility to his shareholders to maximize profits for his twin companies. If it comes down to a choice between opposing Clipper on principle and accepting it along with guaranteed profits, he may be forced (in the same sense in which he is forced to send threats to Stanton McCandlish) to back Clipper.

So, even if Bidzos is personally a nice guy I think we need to remember that his company may not be a natural ally of ours.

I completely agree and nothing I have ever said suggests we place all our faith in his company or any other institution. What I have said--several times, now--is that a frontal attack on the RSA patents, via highly public postings of PGP and a "Fuck you!" approach to talking with patent owners, is not the best strategy at this time.

I like Tim's .sig and all it represents. But frankly, it is hard for me to square a commitment to radical change with the proposed alliance with PKP. Part of the trouble is that I still don't understand exactly what our relationship with RSADSI is proposed to become. But at a minimum it sounds like we would avoid supporting activities which would infringe on their patents.

There's no proposed alliance being talked about. See previous paragraph. I don't expect anyone to necessarily agree with my politics.

That means that when we want to start working on some of those things in Tim's .sig, we are in many cases going to have to get Jim Bidzos's permission. Can you imagine asking something like this:

"Dear Jim: We request permission to use the RSA algorithm for an implementation of digital cash which we will distribute in an underground way among BBS's all over the world, with the goal being the support of "information markets, black markets, [and] smashing of governments" (to quote Tim's excellent .sig). "Please sign on the dotted line below. Yours truly, an anonymous Cypherpunk."

Of course not! Nobody has suggested this. This is a straw man. Being nonconfrontational in some areas (aka "living to fight another day," aka "choosing your battles carefully") doesn't mean any kind of mutual approval pact has been signed. I want strong crypto first and foremost. Then the other stuff can perhaps follow. If crypto privacy is outlawed now, if the War on Drugs and "What have you got to hide?" approaches win out, then all is lost.

How, exactly, are we supposed to progress towards Crypto Anarchy if we have to be sure not to step on PKP's toes? Do we just not ask him for permission (in which case we are in PGP's boat)? Do we ask for permission without revealing the full scope of the project (in which case it may be rescinded later)? I am not being facetious here. I honestly don't see how you can carry out Cypherpunk activities with a corporate sponsor.

Asked and answered. Let me phrase the issue in slightly different terms. Which of the following strategies do you folks think will best improve the chances that strong crypto remains legal? 1. CONFRONTATION: We fight RSADSI at every step. We engage them in legal battles, we distribute infringing code whenever possible. We get PGP spread to thousands of users, perhaps tens of thousands of users at bootleg, underground sites. (Remember that businesses cannot use PGP without fear of prosecution, fines, whatever...unless the Cypherpunks win their lawsuit against RSADSI, sometime around 1997 or so, at the rate these cases move through the courts.) 2. REALPOLITIK: We concentrate instead on spreading strong crypto into as many ecological niches as possible: individuals, corporations, e-mail packages, attorney-client transactions, and so on. We emphasize the legal, constitutional right to communicate messages in the language of our choice (that is, we have no obligation to speak in languages eavesdroppers can more easily understand). To head off government moves to act against PGP and similar systems, the parts of PGP that conflict with RSA's patents are modified, thus becoming legal to use (and Phil even has a chance to make some money, which he sure as hell can't do now). I'll take #2 and worry about digital money and anonymous systems later. Strong crypto is logically prior to everything else. All I've argued is that the "in your face" approach has its limits. Most of the PGP users are, I think we'll all agree, hobbyists and hackers who downloaded it, played with it, learned some crypto from it, exchanged keys, etc. Probably not too many critical uses, YET. But the popularity suggests a hunger for strong crypto. The Clipper/Capstone move indicates the government wants to head this off at the pass. The question is whether the bootleg and infringing PGP (and Phil admits to all this in his docs, obviously) has a better chance of succeeding than a fully legal and already spreading RSA solution? (The issue of PGP's feature set versus that of MailSafe's is secondary to the main issues...between RSAREF, RIPEM, OCE, and other RSA-based systems, the features can be found. I expect a compromise along these lines, mixing parts of PGP with parts of RSAREF, is going to happen.) As for Stanton McLandish's removal of PGP from his site, Eric Hughes and others have explained the legal issues in great detail. Of course, anyone who really wishes to take on the RSA patents in a big way is perfectly free to place PGP on his U.S. site, advertise it heavily in sci.crypt so that RSADSI cannot possibly claim to have missed it, tell Bidzos to get lost when the inevitable "cease and desist" warning arrives, and then follow through with the several-year legal battle that will result. Strong crypto is far more important that this petty issue of patents. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement