From: HARUP16@delphi.com I know that it was wrong to steal the RSA code for a shareware alternative, but [...]

Nobody stole code. PGP infringes on (at least) U.S. Patent 4,405,829, which covers the RSA algorithm. Personally, I have no qualms about exponentiating in any algebra I please. As to the question of "whether RSADSI are good guys": they certainly could be. However, I don't see RSA doing a hell of a lot to promote crypto use -- the opposite, in fact. Their software output is hardly impressive for a corporation of a decade's standing. They won't sell me a license -- they'll sell it to Lotus, but I can't see their source code. The government hasn't banned public-key encryption, but it's banned patent-infringing public-key encryption. And for practical purposes, that's the only kind there is. The combined effect of present patent law and RSA's "sue first, write code later" approach has been to stifle the development of cryptography in this country and in the world. Perhaps if encryption algorithms were not encumbered, they would already be in common use, rendering Clipper untenable. If RSA Inc. wishes to sell me a license I shouldn't have to buy, that would be nice. If they wish to show their change of heart in some other way, that would be nice too, as long as it doesn't come with a licensing agreement like RSAREF's. But if they're going to continue to sit on their patents, I'll do without their blessing. Incidentally, I don't think the issue of algorithm patents is as minor as some have portrayed it. It has blocked the use of RSA, after all, giving Clipper a window. Furthermore, there are patents on approximately every other cryptographic technique: PK in general, exponential key exchange, LUC, IDEA, DigiCash, .... Patents may gut cryptology the way they have data compression, to pick one example. This would be a shame. Eli ebrandt@jarthur.claremont.edu

HARUP16@delphi.com says:

I think what Matt was trying to get at is that privacy should be free The day that I feel the need to have to pay $100 to ensure that my business is nobody's business but my own is the day I leave this country for a nice outlet free desert island.

Nothing is free. Food isn't free. Clothing isn't free. Places to live aren't free. Computers to run crypto sofware are not free. There is no reason on earth that privacy should be free. This is not to say that privacy needs to be expensive. However, it is to say that we do not yet live in a communist society. People DO deserve to get rewarded for their work if they wish to be. Phil Zimmerman and others have very kindly donated their work to the public -- but we should not forget that they were in no way obligated to be as nice as they were. .pm

Stanton McCandlish writes, in response to Perry Metzger, on privacy and free lunches:

...

[Perry says privacy isn't and shouldn't be free (Liam's summary).] Sorry to get on your case yet again, Perry, but I just cannot accept that, and I don't think anyone else here can either.

A-ha! You've just caused me to "un-lurk," Stanton; thanks for the great opening.

Privacy should be free, just like freedom should be free, and the right to say what you want should be free. This is not to say well made tools for ENSURING these rights should be free.

Here you seem to be confusing the issue. How can you say that privacy (the right?) should be free, when defending privacy shouldn't be free? Can someone walk up to you and _give_ you privacy? I always assumed you had to be willing to go out and get it yourself, by hook or by crook. Without defense of a right, the right is moot. _With_ defense of a right, the right is moot: In that case, you already have what you want! I suppose I also have a "right to lunch," too, with the caveat that each I must "ensure" my right to lunch by tripping down to MacDonald's and buying it. Why bother with the right? What is free here? The fact that MacDonald's is open for business? But I'm not even guaranteed that! Are rights a useless construction?

A radio broadcasting station will sure help you exercise your speech rights, but you aren't likely to get one for christmas. Likewise, crypto software should not be expected to be free, unless, as in the case of PGP, the author makes it free of their own accord.

Well said; I agree completely.

While this is true, I would urge people to keep in mind that while we can be expected to pay for tools to help us maintain our rights, no one can charge us a fee for those rights themselves. Privacy is free, it is our birthright.

I hope I'm not getting off list topic here on my first post, but the "privacy is free" meme looks to be potentially damaging for us. Perhaps you mean, Stanton, that privacy as a commodity should not be traded for U.S. dollars, Deutsche Mark, or Mexican Pesos, but for some other currency? Sweat, perhaps? If you pay in sweat, it isn't free--you could have paid someone else to sweat for you. Surely this hasn't boiled down to a question over valid currency for trade in privacy? I think the fundamental question here is whether rights are free. [Whether they "should be" free doesn't mean ANYTHING; what does "should be" mean?] Look around; you'll see a lot of people "fighting for their rights" to do X. I don't think you can tell _them_ that "the right to do X is free." Cheers, TANSTAAFL, and I hope I haven't offended Stanton over a minor point, Liam P.S. If anyone knows what rights are, mail me. I'm extremely interested. Don't perpetuate my possible topical error by sending it to Cypherpunks, unless you think everyone else will be interested. (Maybe Extropians would be...) --- Public key available by arrangement -- The cat is out of the bag. Too much of a dreamer not to be practical -- Go have your own "valiant defeat." Liam David Gray <lg2g+@andrew.cmu.edu> -- Quote me.