[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PGP on soda.berkely.edu
-----BEGIN ??? SIGNED MESSAGE-----
I want to apologize to Eric and Tim for intimating that their motives in
exploring the possibility of closer ties to RSADSI were due to pressure
from that company and its officers. I had apparently misinterpreted Eric's
statements about the popularity of the Cypherpunks FTP directories to
conclude that it was a major distribution site for PGP. I am glad to hear
that Eric and Tim are not facing any immediate legal problems due to their
support for this software.
Turning to the issue under discussion, I do have a couple of other thoughts.
First, I don't see that the interests of RSADSI are fully aligned with
ours regarding Clipper. Despite PKP's success in accumulating patents,
Clipper per se does not appear to infringe, being based on a new symmetric
cryptosystem. So they don't have any direct leverage over the use of
Clipper.
Now, Clipper-based phones presumably need some way to exchange keys, and
here PKP's patents are likely to be relevant. But I was under the impression
that AT&T, at least, was already producing secure telephones. I don't
see why whatever arrangements they made for key exchange under their
previous technology would have to be changed with Clipper.
In fact, Clipper in some ways represents a major market opportunity for PKP.
To the extent that the publicity leads to increased sales of encrypting
phones, PKP may benefit from the success of the Clipper.
(The follow-on Capstone project does appear to pose a greater threat to
PKP, since it will use DSS (for key exchange???).)
Furthermore, in any future government prohibition on non-Clipper cryptography,
our greatest nightmare, it is plausible that the government would "take care"
of PKP by making sure that they get a nice piece of the pie. I could easily
imagine a situation in which non-Clipper crypto is banned, Clipper is
widely distributed, and PKP is doing very well financially with a slice
of the profits from every sale.
Even if Jim Bidzos were personally committed to widespread, strong, public
cryptography, and opposed Clipper for fundamental philosophical reasons
(just like us), he would be faced with a conflict of interest. As several
people have pointed out here, Bidzos has a fiduciary responsibility to
his shareholders to maximize profits for his twin companies. If it comes
down to a choice between opposing Clipper on principle and accepting it
along with guaranteed profits, he may be forced (in the same sense in which
he is forced to send threats to Stanton McCandlish) to back Clipper.
So, even if Bidzos is personally a nice guy I think we need to remember
that his company may not be a natural ally of ours.
One final point, for now.
I like Tim's .sig and all it represents. But frankly, it is hard for me
to square a commitment to radical change with the proposed alliance with
PKP. Part of the trouble is that I still don't understand exactly what
our relationship with RSADSI is proposed to become. But at a minimum it
sounds like we would avoid supporting activities which would infringe
on their patents.
That means that when we want to start working on some of those things in
Tim's .sig, we are in many cases going to have to get Jim Bidzos's
permission. Can you imagine asking something like this:
"Dear Jim: We request permission to use the RSA algorithm for an
implementation of digital cash which we will distribute in an underground
way among BBS's all over the world, with the goal being the support of
"information markets, black markets, [and] smashing of governments"
(to quote Tim's excellent .sig). "Please sign on the dotted line
below. Yours truly, an anonymous Cypherpunk."
Obviously there is no way Bidzos could give such approval. Even if he
personally were a card-carrying member of the Anarchist Party he could
not bear the legal liability that someone in his position would take if
he granted this request.
How, exactly, are we supposed to progress towards Crypto Anarchy if we
have to be sure not to step on PKP's toes? Do we just not ask him for
permission (in which case we are in PGP's boat)? Do we ask for permission
without revealing the full scope of the project (in which case it may be
rescinded later)? I am not being facetious here. I honestly don't see
how you can carry out Cypherpunk activities with a corporate sponsor.
I guess that's enough for now...
Hal
[email protected]
-----BEGIN ??? SIGNATURE-----
Version: 2.2
iQCVAgUBK+HUu6gTA69YIUw3AQF9hAP+K6HXxXxjpK2qmjtFmj6LnWFW10KG09P+
o09BpbCJsiXTulv85XEtDfTyqus+T9o2dp01xaJaj0T/En3nKPs7NjKlgNciLmhV
3gzAAuv3VedheUR4cLuZOKxk6MkcwywRB4T/PHPomJ411FeYHI1DgBxZEbpM25e0
Y5mk4vQP+oo=
=zKde
-----END ??? SIGNATURE-----