[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Holding Netscape's and Microsoft's Feet to the Fire



At 4:11 PM -0700 10/22/96, Jeff Weinstein wrote:
>John Young wrote:
>>
>>    10-17-96, BuWi:
>>
>>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
>>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
>>
>>       The PICA specification will also be designed to make the
>>       task of developing differing domestic and exportable
>>       security requirements much easier. [GAK alliance 2.]
>
>  John, I think you are misreading the intent here.  By making
>it easier to develop separate domestic and exportable
>versions of a product, we foil the government's attempt to
>force weak domestic encryption because it is too much work to
>maintain two different versions.

Thwarting the True Intent of GAK by ensuring that domestic crypto is
completely unhampered, unhindered, unlimited, and unGAKked is terribly
important. A year or so ago, when Netscape folks issued assurances that the
"relative convenience" of having one "world version" would not be the
determining factor, and that Netscape would have two versions (times the
number of platforms they support), was an incredibly positive development.

(And Bill Gates, of the Evil Microsoft, had already isssued scathing
denunciations of key escrow and mandatory crypto, so MS was already
effectively in our camp.)

So, if PICA helps this (along with the Elites Alliance, a rival type), more
power to them. I wouldn't be surprised if the Feds try to exert pressure on
them to change this purpose that Jeff W. describes. Government will realize
that industry consortia are a way to "build consensus" on getting GAK built
in to even domestic products. (The renaming of Clipper/Tessera/etc. to key
escrow and then to "key recovery" is essential to this strategy....got to
convince U.S. software companies that Mr. Policeman is Our Friend...not an
easy sell.)

But I wonder if the PICA Alliance will be allowed to pursue this "dual
strength strategy." Mightn't it be a violation of the ITARs merely to
_conspire_ to keep domestic crypto unhindered and strong?

(:-} for the :-}-impaired.)

Though this is preaching to the choir, it's imperative that Netscape,
Microsoft, and the Other Minor Players remain committed to _never_
compromising the security of _domestic_ products....Europe and Asia will
have to take of themselves, as the true battle always has and always will
be about the U.S. government's desire to surveil us and tap our
communications at will.

(Anyone who doubts this should reread the recent comments of Janet Reno,
Louis Freeh, Jamie Gorelick, and all the others talking about the need to
read the communications of criminals and suspected criminals. The real goal
is to head off crypto anarchy, as the summary by Black Unicorn made clear
just a day or two ago.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."