It is imperative that Netscape, Microsoft, Qualcomm, and the other players be pressured/urged/cajoled to commit to introducing strong, unescrowed crypto for the *domestic* versions, even if not for export versions. I believe several signs are pointing to jockeying in the U.S. to get the major players in software to introduce "one version" programs with key escrow built in. While the avowed intent will be to stop _export_ of unescrowed strong crypto, such a "one version" (interoperable) strategy would mean that key escrow is the de facto situation within the United States. Several months back, during the flap over Netscape founder Jim Clarke's statements about the needs for key escrow, one result was that Netscape acknowledged that even if it had to have *two* versions, a domestic version and an export version, it would not put key escrow or other GAK versions into U.S . releases. It bears repeating, though we all know this: There are no restrictions whatsoever on crypto use in the United States. (The restrictions on airwave use of codes are more complicated to analyze, and don't effect speech, writing, normal communications, etc.) Not compromising on what is available to U.S. users is critical. (Of course, we all know that what is widely available to U.S. users will quickly become available in Europe, Asia, and elsewhere. But this is no reason, formally, to compromise on basic freedoms within the U.S.) So, I urge you, be prepared to attack any of the major software vendors who offer any "one version" solutions which limit the strength of crypto available to the U.S. customers in the name of offering a single, world, exportable version. Without this ITAR hook, the government is currently powerless to control crypto domestically. (Many believe such restrictions would be dismissed on First Amendment grounds, as restrictions on the form of speech. Of course, many also believe the ITARs will eventually be found to be unconstitutional, at least the parts dealilng with software, technical articles, speech, etc.) One of the lines of my ever-expanding .sig has been "Boycott "Big Brother Inside" software!" I added this during the Lotus Notes flap, where Lotus honcho Ray Ozzie was proposing his "40 + 24" solution, where Lotus would give 24 bits of the 64-bit key to the government. When I coined the logo "Big Brother Inside," the Cypherpunks meeting after Clipper was announced in '93, it was this kind of cozy relationship between industry and government I was mainly commenting on. The NSA and FBI know that recruiting Netscape, Microsoft, Novell, Lotus, and others to implement GAK in their stupendously popular software products is the single best way to control the spread of strong crypto. I say we make it clear that this will not fly for U.S. versions! What kind of GAK gets built into products intended to be exported to Albania and Iran is of little relevance here in the U.S., where no laws give the government permission to dictate what is in a program, or how long a key is, or whether master keys have been duly deposited with the secret police. Let's remind people of this. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."