----- Forwarded Cyberia-L message (DAVID POST <postd@EROLS.COM>) -----<

I was at EPIC's annual crypto conference yesterday, and just thought I'd pass along my impressions. It was, as always, extremely interesting; EPIC does a terrific job at these things of getting a very diverse and thoughtful collection of people with interests in crypto policy into the room together, everyone from Whit Diffie and Phil Zimmermann and Eric Hughes to Scott Charney of DOJ and Bruce McConnell of the White House, people from the OECD and the hardware/software community, etc. There were panels on key escrow, digital cash, international developments, and the Karn/Bernstein cases and other domestic policy developments. To me, the most striking feature of the event was what I felt was a new bite to the complaints about export controls. People have been complaining, needless to say, about these for a while -- but the *economic* case for lifting controls is now in the forefront of the discussion in a way that was not the case before, imho. Indeed, there wasn't an enormous amount of talk about the *privacy* implications of encryption this time at all. Jim Bidzos of RSA gave a very powerful talk at lunch, at which he unveiled two chips that are now being mass produced by Nippon Telephone, one incorporating the Triple-DES algorithm, and one with the RSA public key algorithm. Someone else pointed to a recent story in the Economist, which listed the leading encryption software/services companies worldwide, each of which is Israeli. Bidzos made the claim, and many others echoed, that the export controls are in the process of doing nothing more than ceding a potentially lucrative market to others, a market in which the US might otherwise be expected to be the dominant player. It may even, in the eyes of some, be too late to undo this damage. Now, some of this may be exaggerated, special interest whining. But there's an interesting hook here. Many have talked about the importance of control over "standards " in network industries, the importance of obtaining an early dominant position in the market that can appropriate all of the network externalities waiting to be plucked out there. [Mark Lemley has an interesting discussion of this in a piece on antitrust on the Net -- Mark, is that out anywhere yet?] Acting quickly to penetrate the market becomes critical, not just because markets change on "Internet Time," but also because the early entrants have a chance of establishing themselves as de facto standards and thereby extending their dominance over time. This, one can plausibly argue, is what is happening -- has happened? -- in this market. It is more credible in these kinds of markets to argue, as Bidzos was arguing, that if government policymakers wait until there's actual evidence of damage, of "lost market share," to US companies, that it will at that point already be too late to do anything about the damage. ---------- [Second Cyberia-L message by David Post] One other interesting issue generated heated discussion -- as in yelling and screaming between audience and panel -- at the EPIC conference. Scott Charney of DOJ, who heads the US delegation to the OECD crypto guidelines conference, was subjected to pretty heated questioning about the possibility that the US is trying to use the international forum as a way to move a particular policy agenda that is *not* being successfully peddled at home, and then to use the international support as a means of moving the domestic policy debate in that direction. Jamie Boyle of AU was particularly eloquent about this concern (I raised it too, less eloquently) -- I think it fair to say that both of us had the copyright experience in the back of our minds, where, many of us believe, the US has been pushing the "Lehman agenda" in international discussions as a way of presenting Congress with a kind of fait accompli. Charney vigorously denied that this was going on -- he strongly argued that since the OECD guidelines are non-binding (unlike, say, the treaty obligations being discussed in the copyright context), there's simply nothing wrong with discussing these clearly global issues with our international partners. It was, as they say in the press, a spirited exchange. David ********************************* David G. Post, Georgetown University Law Center Postd@erols.com 202-364-5010 Cyberspace Law Institute home page http://www.cli.org ********************************* David ********************************* David G. Post, Georgetown University Law Center Postd@erols.com 202-364-5010 Cyberspace Law Institute home page http://www.cli.org *********************************