[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mr. Bubble II



-----BEGIN PGP SIGNED MESSAGE-----

Tim May, 12/3/95, 2:22 PM :
 
>My thesis is that both Netscape and Microsoft are in positions at this time
>to either do the right thing (tm) or to help build in the tools for a
>police state, an Orwellian surveillance state.

      Gee, Tim, this is *your* thesis? 

>Netscape, being the dominant browser company, and Microsoft, being the
>dominant OS company, are in special positions to "build in Big Brother."
>I'm not claiming they are, just that they are clearly in a position to make
>it technologically more feasible to make non-GAK illegal. They both need to
>carefully think about the role that's been "given" to them (whether by
>fortune, hard work, or being in the right place at the right time) and do
>what's right.

      And?

>Strong words, perhaps, but the implications of mandatory key escrow are

      Not strong at all, actually.

>quite clear. We debated these points for a long time during the Clipper
>debate, and later when "Software Key Escrow" began to rear its head. I
>won't repeat these arguments against GAK here, but will take this
>opportunity to quote from a new book that actually quotes my words:

      [self-congratulations deleted]

>It is important that such companies as Netscape and Microsoft fully
>understand that crypto policy will largely determine civil liberties in
>this country and other countries for a long time to come. And they must
>understand that they can influence the direction. Bill Gates, after some
>early waffling, seems to now fully understand the implications of GAK and
>has written persuasively against it. Jim Clark does not seem to me have
>thought about it as deeply, or perhaps has views of civil liberties which
>are not at odds with mandatory key escrow, the "open door policy" mentioned
>above.

      Like many entrepreneurs, he is an opportunist in every sense, good
and bad. He has yet to advance -- "graduate" maybe -- beyond that point.
NS's stance re GAK is a golden opportunity for Mr. Bubble either to
graduate or to get popped: either patted on the back by Papa State or
popped in the noggin. When "opportunity" is at stake, he's a shrewd
maneuverer; but when pitting his integrity against federal charges is at
stake, he's still a kid -- he doesn't see the opportunity in it.

>And time is of the essence. Things move very fast. It is no longer the case
>that a law is passed, then companies respond to the new legal regime with
>their own policies and products. Companies, especially in high tech, are
>"partners" from the start, as we saw with the Clipper development (where
>AT&T had known about Clipper for years prior to the first public
>announcement, and was cooperating in the development of it, not to mention
>the other companies such as Mykotronx, VLSI Technology, etc., which were
>involved in secret for years).

      Partner, schmartner: "partners" can be adversarial, and adversarial
relations can become *very* adversarial. Here's the question: is the dog
gonna wag the tail or vice versa? The USG has, as we all know,
demonstrated its infinite capacity to knuckle under in the face of
hardened opposition, whether announced or de facto. NS is in a privileged
position to drag the LEA establishment onto the mat, with the whole of the
American public watching. And it stands to gain from doing so, as do we
all.
      But Mr. Bubble wants to be friends, wants to receive genteel toasts.
      With the kind of money Mr. Bubble stands to make -- whether from NS
or from subsequent ventures -- he should be maybe just a bit tougher. If
he's looking for models, names like Carnegie and and Bismarck come to
mind. (Note that their progeny *still* have money, not 2 years later but
*generations* later.)

>It is only sheer speculation on our part (some of us, at least) that
>negotiations about GAK have been going on with the major software
>companies. Jim Clark, for example, learned what he knows about key escrow
>_someplace_, and it probably wasn't from our list or from articles he'd
>read. I'm betting, but could of course be wrong, that he and other folks at
>Netscape (and I mustn't leave out Microsoft, Sun, SGI, Apple, etc.) have
>been briefed on key escrow and that various negotiations are already
>underway. This would match how things were done with Clipper, and would
>explain Clark's voiced support for the need for GAK.

      On the contrary, it is sheer speculation that negotiations about GAK
*haven't* been going on. This shit doesn't happen by magic.

>I hope Jeff W. and Jim C. can have some _long_ chats. The stakes are too
>high for product decisions to be made without full awareness of the
>implications. The statements from Jim Clark do tend to imply a kind of
>defeatism, and even Jeff's comments seemed laden with qualifications about
>"only if the government requires us to." As Hal Finney noted in his post,
>it's as if the Netscape people are preparing for the inevitable. Maybe it's
>not an indication that GAK is being considered within Netscape, but maybe
>it is. After all, one rarely hears "only if we have to" qualifications on
>things that are truly from out in left field.

      Yes.

>And what Netscape agrees to put in future releases of its browsers or its
>servers could have dramatic effects on the whole climate.

      Yes.


      [social darwinism deleated]

>Should Netscape play ball with the NSA or refuse to cooperate? I'm not
>suggesting that Netscape "break the law." Actually, there are *no* laws at
>present about GAK or about the use of strong crypto within the U.S., and
>most of us want to keep it that way. Thus, Jim Clark and Netscape could
>strongly lobby for keeping things the way they are, and could even say "If
>foreign governments demand GAK, let them build it in themselves--we will
>not produce the software to run a police state."

      NS should implement strong crypto, make it publicly available by FTP
and in a box, and see how the USG responds. The public is on its side.

>And if export laws demand GAK in exported products, Netscape should "do the
>right thing" and have two versions. It may add to their costs a little, but
>it's better than building in the machinery for a GAK law to later be
>passed.

      Yes.

>(Explain something to me. I have never, ever understood why it is a concern
>of the U.S. government that we help build in GAK for foreign governments,
>that we make sure that products intended for export to France or Syria have
>GAK that allows those governments to read the traffic of their citizens.
>And if the concern is that exported versions of software must be readable
>to the _United States_, then this is a non-starter in terms of sales in
>many or even most foreign countries! I'm sure France will welcome with open
>arms a version of Netscape that allows the NSA to read the traffic of
>French citizens. Oh, by the way, what legal jurisdictions will be involved
>in obtaining the escrowed keys of foreigners? The answers are both clear
>and murky, if you catch my drift.)

      Because it isn't interested in freedom, here or anywhere else. It is
interested in a "controlled burn" distribution of stability and
instability. Its willingness to do business with its "enemies" has been
amply demonstrated.
      But your drift is clear, and it is right.

>If the U.S. insists on GAK _within the U.S._, as many of us fear is the
>long-term danger, then all bets are off anyway. But I would hope that
>Netscape does nothing to make it _easier_ to make this the case!

      On the contrary: That's when bets are on. That's when *you* -- and
all of us -- might have to start putting our money and our homes in
Corralitos on the line. That's when Black Unicorn will upload the papers
he claims to have, when I will start wrapping PGP-encrypted mail in
pretty-looking wrappers. That's when we'll have no one but ourselves to
blame. Not even Netscape.

>A viable thing for Netscape to do is to announce forthrightly that it will
>separate the issue of export from what it sells in the U.S., that there
>will be NO GAK included in any U.S.-sold packages. The quest for an "all
>world" version, freely exportable, should not take precedence over the
>civil liberties issues. And I predict that any slight losses in market
>share or slight increases in product cost will be _less_ than the effects
>Netscape will see if their product comes to be associated with "Big Brother
>Inside."

      Yes. But NS should act first, explain second. If NS wants money,
that's how to get it.

>Enough for now.

      Yes.

Hieronymous.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMMIHhr3g0mNE55u1AQFI3QH/Y32u8ASp61MPjkaeQJJly7qwQ5BuGNYx
XndZMAPBVXJjOr4Mx5BieouM5GG5WgBc1fMTTRrnAJtSHQO3dgwwBQ==
=WCJS
-----END PGP SIGNATURE-----