Re: Golden Key Campaign
From: "Dave Banisar" <banisar@epic.org>
WASHINGTON, DC -- A new coalition today urged support for strong technologies to protect privacy and security on the rapidly growing Internet. The Internet Privacy Coalition said that new technologies were critical to protect private communications and on-line commerce, and recommended relaxation of export controls that limit the ability of US firms to incorporate encryption in commercial products.
Phil Zimmermann, author of the popular encryption program Pretty Good Privacy, expressed support for the effort of the new coalition. "It is time to change crypto policy in the United States. I urge those who favor good tools for privacy to back the efforts of the Internet Privacy Coalition."
I see that a lot of good people are involved in this, and it sounds like a worthwhile cause. But I have one thing I want to get off my chest. (Long time list readers will know that this is one area where I have trouble being completely rational.) The thing that worries me when I put crypto software up at my site is not the export restrictions. I can make people click a button promising that they are USA citizens or otherwise legal. A lot of other people do it and while it might get me into trouble eventually I think it demonstrates good faith. (There has also been some discussion on the cyberia list with regard to the communications decency amendment that "I am not a minor" buttons would be adequate defenses for that law, and this seems like a similar situation.) No, the thing that worries me most is patent infringement. And the main company I worry about is RSA, one of the sponsors of this golden key effort. Note that RSA's logo is a key, and we see the RSA key at the bottom of our Netscape screens all the time. I don't remember if it's golden. It seems ironic for RSA to be casting itself as a friend of the principle of availability of privacy tools when its own lawyers patrol the net to make sure there are no unauthorized encryption programs out there. They fought against PGP for years until Phil trumped them by going over their heads to MIT. Look what happened when Wei Dai announced his fine crypto library. It wasn't the NSA which come down on him. It was RSA lawyers who demanded that he pull his library off the net until he had it clean enough for them. I have not actually seen the new logo because I don't have a graphical browser here, but I hope it is not too similar to RSA's key. I hate to see that company rewarded when it is acting counter to the interests of people who need access to privacy tools. Hal
Hal wrote:
No, the thing that worries me most is patent infringement. And the main company I worry about is RSA, one of the sponsors of this golden key effort. Note that RSA's logo is a key, and we see the RSA key at the bottom of our Netscape screens all the time. I don't remember if it's golden.
The key at the bottom of the Netscape window is not the RSA logo, and doesn't even look much like it. Our key is meant to convey the absence or presence of encryption via a metaphor that is understandable to the average home user, not as an advertisement for RSA. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
The key at the bottom of the Netscape window is not the RSA logo, and doesn't even look much like it. Our key is meant to convey the absence or presence of encryption via a metaphor that is understandable to the average home user, not as an advertisement for RSA.
The RSA key *does* appear on the flash screen though, remember. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer@c2.net
sameer@c2.org wrote:
The key at the bottom of the Netscape window is not the RSA logo, and doesn't even look much like it. Our key is meant to convey the absence or presence of encryption via a metaphor that is understandable to the average home user, not as an advertisement for RSA.
The RSA key *does* appear on the flash screen though, remember.
Yes, this screen does appear on startup on the unix version, but on Mac and Windows (90% of installations) it only appears when you select "About Netscape" from the "Help" menu. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
I know you feel strongly about this, and I don't expect to change your mind. But sometimes in politics you have to play the angles. I don't think most people care about their civil liberties as much as they should. If it were just a question of censorship and wiretapping, I think we'd probably lose the political fight. Sure we're right. But that's not enough. We don't have any clout. But fortunatly big business has come to the conclusion that it's going to have to kill the crypto parts of ITAR in order to do business overseas. And that means the export restrictions are as good as dead. The other side of the debate has been raising the spectres of the four horsemen, and that argument has to be addressed, at least nominally. RSA can't say, "We know that law enforcement is concerned about terrorism, drugs, and child pornography. But we need the rules changed anyway so we can make buckets of money." So they say stand on civil liberties. Yes, it's disingenuous. But if they win, we'll all come out ahead. In order to make the money, they're going to secure our civil liberties. The patents won't last forever. They're going to expire, and when they do, the war will be over, because ITAR's crypto restrictions will be dead. And it will be due, in large part, to the cypherpunks who made corporate customers afraid to use 40 bit keys. Security isn't the only thing that's economics. So's politics.
No, the thing that worries me most is patent infringement. And the main company I worry about is RSA, one of the sponsors of this golden key effort. Note that RSA's logo is a key, and we see the RSA key at the bottom of our Netscape screens all the time. I don't remember if it's golden.
The logo they have at www.rsa.com is two modern-style keys (like we all have on our keychains) fit together at the teeth. The key on the "Golden Key Campaign" and on Netscape looks more like an old-style thing, a circle on the end of a long bar with two teeth at the end. I'd say the RSA logo (the one at their web site) looks nothing like the one on the envelope.
They fought against PGP for years until Phil trumped them by going over their heads to MIT.
Yes, but from the previous post, it sounds like PRZ supports this.
I hate to see that company rewarded when it is acting counter to the interests of people who need access to privacy tools.
Financially, RSA *does* have a hell of a lot to gain from relaxed export controls. OTOH, I would think that other companies would be able to sell RSA-patented encryption, just not to inside the USA (IANAL). Of course, that inside-the-USA factor is a very big one. IMNSHO, relaxed export controls would be much better than the status quo, even if R$A does have exclusive milking rights to that global cow. One company selling crypto, even with a monopoly, is better than no companies selling crypto. Besides, the patent on public-key crypto won't last forever. I think I'll put the golden key on my web pages, right alongside the blue ribbon. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 | | -- Disclaimer: JMHO, YMMV, IANAL. -- | ===================================================================:)
participants (5)
-
Alex Strasheim -
Hal -
Jeff Weinstein -
sameer@c2.org -
Steve Reid