If we as a company were to take the position that in no case will we allow a government to get access to our encrypted messages, or refuse to allow key escrow with our products, the governments of the world will quickly put us out of business by outlawing the sale of our products in their countries. The fundamental issue is how do we accommodate the requirements of governments, while protecting our rights as citizens.

None of this represents the position of Netscape with respect to what we will do. But if we do not come up with a solution to this problem that is acceptable to each government, we will not be able to export our products, except with a short key length (e.g. 40 bit keys), and that will not be acceptable to corporate customers in other countries. They will create their own solution, and we will not be able to sell to a larger world market. In fact, we could even be ordered by our own government to establish a key escrow system for its use inside the US.

I don't expect Netscape, as a corporate citizen, to engage in civil disobedience. But I hope that Netscape will take seriously its obligation to protect the rights of citizens. Decisions that businesses make have big effects on the way day to day life exists all over the world. GM makes decisions that affect how safe transportation will be and how much it will cost. Microsoft makes decisions that effect millions of people's work environments. Even small businesses have small bits of power: I run a little ISP, and a few hundred people depend on me to protect the privacy of their email. The decison that Netscpae is faced with now is a big one. It's going to have widespread and long lasting consequences for privacy and civil liberties all over the world. When you look at what's going to happen on the ground, it's probably as important as a major decision by the Supreme Court. We understand that government officials in this country and elsewhere are putting pressure on Netscape. But you should understand that the public is overwhelmingly in favor of universal access to strong crypto. This is a democracy, after all, and the FBI and NSA still work for the people. If you need help standing up for what's right, you'll get it. Take your case to the public, and you'll be suprised at the response you'll get. Why not say: 1 Netscape will follow all laws and regulations. 2 The current rules are forcing Netscape to choose between providing reasonable levels of privacy to its customers and competing in the international marketplace. 3 Netscape feels the rules should be changed to make this choice unnecessary. If you make that argument publicly, you'll get widespread support from the business communitity and the general public. And if it turns out that we can't win, you can always fall back on selling totalitarian-friendly products.

E. ALLEN SMITH wrote:

I believe that the central question at hand is whether Netscape will incorporate mandatory GAK into any of its products if you have an economic (governmental purchase) rather than physical (governmental threat of violence) reason to do so. I would hope that the upcoming statement will clarify this position, and in the proper direction. -Allen

If the government wants to purchase software for its own use that implements key escrow, why it that bad? The whole point of our anti-GAK position is that government mandated key escrow is bad. If individuals, companies, or government agencies want to escrow their own keys, with the escrow agents of their own choosing, I have not problem. Its only when the government make the escrow and the agent mandatory that I've got a problem. I don't believe that Netscape will ship a product that mandates GAK unless it was required by law to do so. As long as it is legal to sell non-escrowed crypto products in this country or elsewhere, I think we will keep doing it, because that is what our customers want. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.