[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape gives in to key escrow
On Fri, 1 Dec 1995 [email protected] wrote:
> From: SMTP%"[email protected]" 1-DEC-1995 12:26:55.99
> >First, a viable strategy is to simply do nothing. Ignore the goverment's
> >protestations, drag one's feet, shrug, etc. Jim Clark could simply have
> >said nothing. (Recall that Bill Gates came out recently saying that strong
> >encryption is inevitable...Clark could have either said nothing, or said
> >something similar to what Gates said.)
>
> That may be a very bad move from their point of view. If the Gov.
> pushes hard, and it is an important customer, it is in their interest
> to satisfy them. As long as anyone else wants to follow the Gov. it is
> also good for them to follow those lines, and to be the firsts ones.
>
> What about foreign customers? If the Gov. can restrict export of
> your technologies, they'll move to other providers. It is better for
> you to pay hommage to the Gov. requests and get to overseas markets
> faster and sooner than anyone else.
You need to think real hard about how likely foreign customers on a scale
as large as the U.S. government are going to be attracted to a product
that forfeits its keys to the U.S. government. Consider this problem
again in light of all the hand waving about the U.S. intelligence
agencies and industrial espionage/intelligence.
>
> >Second, the issue is not "satisfying" a "bunch of cypherpunks." If Netscape
> >truly pushes for GAK, and people reject GAK and Netscape, then this will
> >surely hurt shareholder value. (Frankly, I expect one or more stories to
> >appear in the next few days about the budding "Friends Don't Let Friends
> >Use Netscape" and "Just Say No to Netscape" movements. Whether this will
> >hurt the stock is unclear.)
>
> The "just say no" movement is OK as long as you don't append
> "to XXX". It could work if it is only Netscape... But as soon as anyone
> else gives in (e.g. Microsoft) it will become a burden. It's much better
> IMHO to ask "say yes to privacy". It's much better to say "this page is
> optimized for good safety and may not be reliable under non-crypto
> browsers -e.g. Netscape-" than saying "your browser is bad". Which
> BTW, may be OK in the USA, but is not in other places. Belgium comes
> to mind for forbidding negative advertising. And surely others.
And most of those laws apply only to other members of the market, not
"public safety" announcements by private or not-for-profit organizations.
It infuriates me to turn this into a question of hand wringing over
exactly HOW to say that your keys will be turned over to the nearest
government agency and that the product, from a security standpoint, is
simply unacceptable. I suppose we could call it "security challenged"
but I think that a bit silly, don't you?
Then again, we wouldn't want to hurt anyone's feelings.
If you can't say anything nice, then key forfeiture obviously sucks.
>
> >I say that the ideas being discussed are in fact "constructive" ideas. I
> >won't reiterate them all here, but they clearly involve concrete action
> >(e.g., modifying server software to issue warnings to Netscape users, or
> >encouragement of alternatives to Netscape).
>
> Some of them are. Others are not. Others are destructive (like
> denying access to Netscape users), or unpracticable (like saying "Mozilla
> is not the best thing" in some places), or unrealistic (like saying "quit
> your job"), or plain silly.
Let's put this example in a more personal context, with you as the
netscape guru. In fact, let us carry that assumption along, as really
I'm talking to the netscape insiders to begin with.
It's silly or unrealistic only because your views on the subject are
obviously worth less than the salary cut you would take for quitting.
In fact, the fact that it is silly or unreasonable at all for you to
resign is totally based on your assessment of what the spread of strong
crypto and the opposition to key forfeiture is worth. You have made that
decision, but don't call hopeful prodding unrealistic unless you include
the statement 'key forfeiture is simply not worth enough for me to endure
the risk and likely salary cut I will have to face if I oppose it strongly.'
> If you deny access to a user, you'll make him/her angry. And not
> angry with Netscape. They'll be angry with you. We need people on our
> side. That's basic psicology. I'd go for more pages explaining what
> crypto is and can do for Joe Random.
Your faith in Joe Random vastly exceeds mine.
> Many people has said "I can do this or that with my server or
> whatever". How many people is offering an alternate safe crypto service
> and making it interesting and desirable for Joe Random? And making it
> well known? I'd say that not enough.
And one less now that Netscape has taken this position, yes. Shuffling
the blame off on everyone else is a fine thing to do unless you are
sitting on top of a hunk of cash, a lot of influence, and a foot into the
market. You have the chance here to do a lot of good, rather than cave
in and suckle off the teat of your local authority figure. Then again,
your money is in your pocket, and we have well estlablished exactly what
strong crypto is worth to you.
> If you can offer an attractive service, protected with another
> crypto method, and make it popular, people will demand it. If you just
> add a note saying you use that crypto 'cos Government-enforced crypto is
> not good enough, people will feel happy and will learn.
Again, your faith in Joe Random is excessive. NETSCAPE has a position of
power at the moment, and could easily energize the issue and educate a
lot more stockholders by taking a stand than by caving in. If your
concern is education, netscape press releases and political positions are
much more potent in that regard than cypherpunks mailing lists.
Your information cost is lower by a factor of 100 or more. Putting the
burden on our shoulders, and then couching it in terms of the cypherpunks
being negative, when indeed we are merely pointing out to whoever will
listen that a spineless money decision has been made, is the center of
hyprocracy. It sickens me.
> In general, people prefers positive presentations to complains
> or problems. Have a look at TV ads. How many of them say "Don't use
> that stuff, it's shit" instead of "Use my stuff, it's better".
As does this psycho-babble trash.
> That's what I advocate: a positive course of action, offering
> a better alternative. Not just a storm of complains or "bad karma".
So when pinto's explode, I might as well just advertize hondas as a
'better value' and not mention the rather glaring fault in the competing
product?
I might add, few cypherpunks (to their great credit) sell their
software. We are interested in the software being the strongest, and
best quality.
Freeware has that effect, it clairifies the issue. No longer is hype or
advertizing an issue. It is merely quality, and peer review, elements
which Netscape has completely missed the target (and the barn) on from
the beginning.
> >What more are you expecting? Have you been reading what people are actually
> >discussing doing and actually already doing?
> >
> Yes, I've read all along. As I hope will be more clear now. And
> I have found lots of people saying "I won't support Netscape", "I will
> say no", "I will deny access to Netscape", "I'll add a complain to my
> page", "Jim should retract", "Netscape should go back", "Netscape better
> changes its money-making policy and becomes a political activist",
> "This or that guy must quit job"...
>
> What I was expecting is people to be more realistic, not to forget
> that the main goal of a company is to make money instead of defending public
> freedom (which indeed is bad for business), and start promoting better (or
> not) alternatives.
You mean to realize that Netscape could care less about the 'educated'
consumer who is displeased with the decision, and instead is following
that large nose which sniffs the waifting scent of green?
Look, I am as much for free market as anyone else. That's fine. Don't,
however, tell anyone not to complain because this or that company is only
in it for the money. Some people vote with their feet.
I sold the lot of my netscape shares. I did just fine, and I will sleep
better at night. SOME cypherpunks do buy stock. Some of us put a great
deal of money into the market in fact. Some of us are interested in
promoting companies that further our LONG term interests as well as short term
interests. If you would happen to look at the long term, you might
discover that there is more money in it for Netscape, and everyone else,
if strong crypto is not restricted. Unfortuantely, like most Joe
Randoms, and most Joe Random Inc.'s, long term for you is when the
restricted sell of your stock options expire.
Either support GAK or do not. Don't give us horseshit about how you
think we are being too hard on Netscape because we are educated
consumers, and because we realize that GAK crypto is not the best product it
could be.
It is as much our right to gripe and moan about the spineless decision as
it is for you to make it. To tell us to ignore it is hypocritical in the
extreme. If your product is so superior, why the hell should you care
about a few cypherpunks moaning about this or that? Aren't we members of
the free market as well? Who are you to tell us that our decision to
promote or to denounce netscape is based on the wrong criteria? The
entire point of the free market is to hear and support those concerns in
the proportionate levels and with the respective influences that they wield.
Take your emotional censorship elsewhere. And while your at it, try
making a superior product to please us, rather than some high-school
textbook psycho-babble about saying only nice things to the other
children in the sandbox.
> And, to finish, note that I have also seen some very good answers,
> on which I don't coment since I agree and have little to add to.
>
> >--Tim May
> >
> jr
---
"In fact, had Bancroft not existed, potestas scientiae in usu est
Franklin might have had to invent him." in nihilum nil posse reverti
00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information