At 3:57 PM 7/30/96, Arun Mehta wrote:

At 15:13 30/07/96 -0700, Timothy C. May wrote:

...

It is imperative that Netscape, Microsoft, Qualcomm, and the other players be pressured/urged/cajoled to commit to introducing strong, unescrowed crypto for the *domestic* versions, even if not for export versions.

I agree. Foreign buyers will look askance at software that is "second grade" in security terms, just so the US government can read their mail. This will encourage non-US software companies to fill the vacuum, and US companies will get pissed off and pull some strings in Washington.

Exactly. Having a U.S. version, without any limits on crypto and without any software key escrow (GAK), and then having a "for export" version, with keylength limits and/or mandatory registration of keys with the U.S. National Security Agency.... Well, what this would do is to basically drive sales of the "NSA" version to near zero. Between customer distaste for an NSA version, I can imagine many foreign governments not being too pleased to see this product being used by its citizens. (We've discussed this many times, since software key escrow came to our attention in 1993. Imagine the reaction of the United States government if American corporations adopted a French software product which automatically gave access to American trade secrets to DGSE ( Direction Generale de Security France Securite Exterieure), their primary spy agency, and RG (Direction de Renseignement), their economic intelligence agency. France is well-known for spying on U.S. businesses (a la the Air France case), and would no doubt be thrilled to have a "French-GAKked" program in wide use in the U.S.) This point has been raised by us many times. And, to be fair, this point is not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they would not countenance the importation into the U.S. of "Iraq-GAKked" and "China-GAKked" programs, for example. So, what's the deal? The resolution of this quandary almost certainly lies in an "international agreement," along the lines of the various key escrow meetings which have been held (Karlsruhe in '93, Washington in '94, etc.). A "New World Order" solution, with complicated reciprocal agreements about whom the trusted key authorities might be, how nations could gain access, etc. (These relationships are too complicated for my brain to handle...how, for example, would one come to an agreement with Libya? What about Cuba, given that many of our nominal allies trade freely with Cuba and chafe when we try to get them to join our boycotts?) Such an international deal would almost certainly mean that even fully-domestic versions of software would have to be GAKked. Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell, etc. *not* to play ball on this. This would then "marginalize" the European and Asian customers of a special "NSA-readable" version of their products, and would likely derail the whole thing. ObMartialLaw: Clinton is pushing to have new "anti-terrorist" legislation passed *this week*, according to CNN. He wants "memories to be fresh." Joe Biden wants exanded roving wiretap laws and restrictions on efforts to "circumvent" wiretaps. Feinstein wants bomb instructions banned. And so it goes. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."