Someone flamed once over including Usenet (esp. sci.crypt) postings here, so I'll just give a summary of an excellent letter posted by D. Bernstein (cowriter sci.crypt FAQ, dogged Sternlight flamer, ITAR consultant, cryptographic agitator, etc.). I'm sure there'll be a lot of flames over this one in sci.crypt, assuming nobody's brain dead. There's some real pointy pricks at Bidzos and PKP (the truth hurts). In short, Bernstein looks at the specific laws and conventions surrounding granting a patent and exclusively so by the government to a private company. The laws are fairly restrictive. The most devastating claim is that NIST has failed to adhere to the law in granting a license "only if, after public notice and opportunity for filing written objections, it is determined that the interests of the Federal Government and the public will best be served by the proposed license ... and the proposed terms and scope of exclusivity are not greater than reasonably necessary.." 35 USC 209(c)(1) Mostly he objects to the *exclusive* arrangement (read: MONOPOLY), and points out that ``NIST does not need to wait 60 days for public comments in order to grant a nonexclusive license.'' - ``The public obviously has an interest in being able to use DSA without royalty payments after PKP's patents expire. The grant of an exclusive license would not serve this interest.'' Hence the `public will be best served by the proposed license' clause of the law above is not satisfied. Similar to the S. Walker letter I posted earlier. - Law states that, for (partially or wholly) exclusive arrangements, "the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any nonexclusive license which has been granted, or which may be granted, on the invention." That is, a monopoly is only acceptable if the products would be brought to market in no other way. But Bernstein cites Info Security Corp. selling implementations of DSA *now*. - Similarly, law requires "exclusive or partially exclusive licensing is a reasonable and necessary incentive to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public." 35 USC 209(c)(1)(C) But DSA is already in practical application and promoted by ISC. Not only that, but digital signatures would clearly be embraced by many companies *without* the incentive of awarded monopoly (assuming the algorithm was robust, but we're going in circles). He argues that a *nonexclusive* arrangement with PKP could achieve the `same effects', and therefore the monopolistic arrangement is not `reasonable or necessary' under this law. - NIST's 8 June 1993 notice states that "it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public." As Bernstein writes, ``under 35 USC 209(c)(1), NIST is required to make such determinations _a_f_t_e_r the public comment period...'' - Points out that NIST has `already promised the public royalty-free use of DSS'. Items: The Deputy Directory of NIST testified on 27 June 1991 that DSA "is expected to be available on a royalty-free basis in the public interest world-wide." In the 30 August 1991 Federal Register, NIST stated again "NIST expects it to be available on a royalty-free basis. Broader use of this technique resulting from public availability should be an economic benefit to the government and the public." - Attacks the PKP royalty rates as `obscene' and `exploitive'. In the June 8 announcement there is the slippery phrase, `subject to uniform minimum fees'. The fees are neither uniform nor minimal. $10K startup plus $10K per year for businesses under $1M per year, and $25K up front and $10K per year for businesses over $1M per year. ``Obviously it would have been more difficult for PKP to convince NIST to grant PKP a license if PKP had disclosed its actual exploitative fees---otherwise, why has NIST been planning to require PKP to charge uniform fees?'' Sorry, that all assumes that NIST (that is, the NSA puppetmaster driving it) isn't in full knowledge of every aspect of the complete proposal, a rather unlikely scenario. - He goes back and looks at early DSS testimony, and shows that everyone's opinions on the patent infringement are divided and unsure, whereas of those claiming `PKP and Schnorr have a serious claim upon DSA rights' many have `a financial interest in PKP which they did not disclose' (Bidzos, Rivest, Hellman, Fischer) which `you may not be aware of'. (I can't imagine that M.R. Rubin could be so naive, he seems rather likely to be an accomplice, but all bureacrats are inscrutable).

Together these people shout quite loudly. Each one cites accusations of patent infringement from the others, while they all pretend to be independent scientists and businessmen. Sometimes they bamboozle outsiders into thinking "all these people say there's a problem, so there must be a problem."

In fact all the accusations come primarily from financial partners of one man, Jim Bidzos. Please be aware that all is not as it seems. The interests of Jim Bidzos, no matter how often repeated, are not the interests of the public.

- The NIST June 8 announcement does not actually describe the exact licensing arrangement, only generalities. He asks that NIST give the *specific* license arrangement and restart the 60 day public hearing period, which is already ticking. - Objects that NIST give in to PKP patents when it has not been demonstrated (e.g. by a court) that the DSA algorithm infringes on the PKP patents. I think he's on thin ice here, esp. regarding the Schnorr situation. In general Bernstein doesn't subscribe to any conspiracy theories, and takes the view that the wool has been pulled over NIST's eyes by PKP in withholding information (such as the `uniform minimum fees'), and is overly optimistic about the influence of his comments and others during the review period (``even a short letter can be devastatingly effective'' he writes). I think this is a bit naive. In particular, the public-key Capstone licensing term of the arrangement (which he completely ignores) suggests that both sides were shrewdly engaged in a mutually beneficial arrangement (that is, between NSA and PKP, NIST dutifully cloaking the machinations of the former). The 60 days comments period on the licensing is probably just a smokescreen--it serves nothing other than determining how much outrage such an action would cause, how much collusion can be slithered through. Writing to Rubin, he states:

You told me that the Federal Government has certain national security interests in the PKP license. As the documents explaining these interests are supposedly classified I am unable to address this point.

I'd be glad to explain it. `national security interests': euphemism for widespread Clipper & Capstone penetration and a wiretapping free-for-all. Remember, without PKP's consent, Capstone public key exchange infringes on PKP patents. This is an *immensely* valuable PKP trump card and critical necessity for the NSA if they want to have a widespread commercial standard. Stop wondering why the NIST-PKP-DSS arrangement is so one-sided! It makes no sense unless one considers it in the full lewd exposure of the Clipper-Capstone clampdown. * * * On the other hand, lots of Anti PKP-Bidzos Propaganda!

PKP is not an engineering company trying to protect a risky investment; it is a litigation company using its patent portfolio.

PKP is a litigation company. Its sole contact with the public, to my knowledge, has been a series of threatening letters. It does not bring inventions to practical application, or promote use of anything by the public, nor has it ever demonstrated any ability to do so.

Bidzos has habitually squashed the use of cryptography.

It is well known that Bidzos, via PKP, has attempted to squash several public-key cryptography implementations, such as RPEM and PGP. For several years personal computers have been fast enough to make public-key cryptography convenient for the masses. Do you make daily use of encryption? I suggest that, if it were not for Bidzos, we would all be using cryptography now.

If Bidzos's goal were to make money he would offer personal licenses to let individuals use PGP for a reasonable fee. Instead he simply refuses to provide any licenses for PGP.

Given his history, do we want Bidzos in control of DSA? Especially now, when he is just a few years away from losing his monopolies, does it make any sense to give him a fresh new 17-year monopoly over a U.S. government standard technology?

* * * Included: why it's not `no big deal', and another call for YOU to write letters (ah, if only all the faceless bureacrats had email addresses). ===cut=here=== From: djb@silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: An open letter of opposition to the NIST-PKP giveaway Date: 31 Jul 93 00:23:03 GMT NIST plans to give PKP exclusive rights to NIST's DSA patent. Attached is a copy of a letter I just sent NIST in opposition to this plan. Some people have told me that they've read the NIST-PKP announcement and don't see any big problem. After all, they say, PKP asks for a mere 5% royalty rate! Isn't it worth this much to settle the issue? These people have missed a crucial phrase in the announcement. ``PKP's royalty rates for the right to make or sell products, _subject to uniform minimum fees_, will be no more than 2 1/2% for hardware products and 5% for software...'' [italics added]. Those ``uniform fees,'' it turns out, are a minimum of $5 per program per user, subject to a minimum of $10,000 per program per year, plus a non-uniform startup fee of $10,000 for small companies and $25,000 for large companies. If you'd like to object to the NIST-PKP giveaway, you still have time. Your letter must be received by Michael R. Rubin, Acting Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, MD 20899, 301-975-2803, by Friday, 6 August. (Rubin actually says that the next Monday is okay; but I wouldn't risk it.) Even a short letter (``Dear Mr. Rubin: For NIST to grant an exclusive DSA license to PKP would be illegal and against the public interest. Please do not do this.'') can be devastatingly effective. (You may also want to send a copy of your letter to the League for Programming Freedom, 1 Kendall Square #143, P.O. Box 9171, Cambridge, MA 02139.) ---Dan