At 01:07 PM 4/6/96 -0500, Black Unicorn wrote:

...

I contend that had he talked to Phillip Zimmermann in 1990 or so, he would have told Zimmermann that "It's illegal to write an encryption program using RSA, because it's patented! You'll never get away with it!"

I would have indicated that "you're going to face the prospect of intellectual property litigation, and that can get nasty in the extreme."

One thing I've never heard is an explanation of how computer software and especially mathematics went from "extremely not patentable" in the early and middle 1970's, to "patentable" once Messr's Rivest, Shamir, and Adleman invented a piece of mathematics that the government wanted to deny to the public. How convenient. Coincidence? Even if we accept the supposition that at some point, "they" decided for non-suspicious reasons to _start_ issuing patents on software and mathematics, I've never heard an explanation of how R, S, and A _knew_ to apply for a patent, long before the first software patent was issued, and even longer before the first pure mathematics patent was issued. (which, was, probably, on RSA!) Were these guys psychic or what? Who told them what, and when? Patents have to be applied-for within a year of disclosure, which means they had to decide whether to pay the money for a patent application that by historic standards could not possibly be issued. Yet they did it anyway. What's wrong with this picture?

...

But history records that Zimmermann _did_, and he "got away with it."

A combination of politics and law and timing.

Something tells me that given the unblemished history of non-patentable mathematics, RSA could never have withstood a patent challenge. They had to have known this.

...

...

That is, resist by what legal means are available, but ultimately depend on the user to secure his or her own data.

Notice that Unicorn never gives useful specific suggestions about which "legal means are available."

Notice that there are no checks in my mailbox from Mr. Bell.

Implying that he's unwilling to do anything useful for free, which raises interesting questions about why he's bothering to send his notes to me. Is he being _paid_ for this?

...

...

Where I differ with Mr. Bell is that he seems to think the ISPs of the world are going to rise and unite to quash the oppressive hand of big government at their own expense in order to satisify some sense of personal ethics or customer goodwill.

Cumulatively, they could do exactly this. Spread among most ISP's, the cost per ISP could be quite low.

Provided you could get "most" ISP's to sign on, provided that the insurance provided for the very expensive proposition of seizure of ISP equipment, and provided that this be the first insurance entity ever with a stated policy of paying off policyholder for criminal sanctions which were directly the result of overt illegal acts by the policyholder.

Yet another misrepresentation. The purpose of the risk-pooling is obviously to set a friendly precedent, and it does not require any "overt illegal acts," merely challenges to an overly broad interpretation of subpoena power. Any siezure of ISP equipment would simply result in another "Steve Jackson Games"-type decision that would be expensive for the jurisdiction in which it occurred, and would further cement the precedent that the government couldn't do anything about. In fact, one of the most obvious precedents that needs to be set is that the government has no right to sieze equipment from an ISP (and thus shut the ISP down) if all it wants is _data_. Clearly, that's exceeding the bounds of what the government is realistically entitled to. I think the most any ISP should be required to do is to present an encrypted version of all the system's data, and then the appeals process can start. The government won't be able to use the data until the process is complete, months or years down the line. Naturally, the fact that the information on the system is subpoenaed should automatically become public knowledge, because the data is already fixed and immutable. And an ISP should NEVER be required to act as an agent for the cops, and in fact should be prohibited from doing so if his contracts with his customers certify he won't be. Jim Bell jimbell@pacifier.com