RE: HELP! Some nut is threatening to sue!

[tcmay@netcom.com (Timothy C. May)]

Dr. Zaphod writes, commenting on Jim Bidzos' e-mail to Stanton M.,

>     For a guy who claims to want to help us Cypherpunks in the way of
>personal encryption, scare tactics seem a little out of place.  I'm sure
>we'd all like to use legal encryption methods [maybe]... but we ARE
>Cypherpunks.. giving us the responsibility to use what's best and defend our
>rights for privacy.  Using a package that hasn't been updated in 5 years
>[MailSafe], we have diminished to politically correct yippies.  I;m not sure
>quite what to do.. but I saw Jim Bidzos on a magazine once.. and he looks
>like a fed.
>By playing the game we are becoming part of it.  TTFN.

* The scare tactics may have been somewhat too harsh, or at least phrased
in typical "cease and desist" lawyer terms, but Stanton _did_ post his
announcement very prominently and widely in sci.crypt, where everyone could
see it. RSADSI was pretty much forced to react, lest they later find their
patents/copyrights/whatever ruled invalid by their failure to protect them.
Most PGP sites are less well-advertised :-}.

* I agree that PGP has a feature set (especially its distributed trust
model) that is more interesting than the creaky old MailSafe program. There
may be several solutions brewing here, as several postings in this thread
have noted.

* As George Gleason has also noted, dividing our community may play into
the government's hands. (Some may think I'm trying to fragment the PGP
community with these comments. Not at all. PGP has done a valuable service
in educating hackers, users, etc., and in energizing the community. But
keeping crypto "underground," as by nature PGP must be, is not what we
want, is it?)

* I once thought RSA Data Security Inc. was NSA-controlled. This was in
1988 or so, when I tried to buy a crypto package from them and got the
run-around ("Don't call us, we'll call you."). It seemed natural, to me at
that time, that the Agency would control such a crucial technology. This
opinion didn't last too long, as I got more familiar with the crypto
community.

Now I'm convinced otherwise, and that Clipper/Capstone is in fact the
government's  way of gaining control of a technology they failed to
classify and control the first time around. (To be sure, the export
controls and other legal restrictions are a way the Agency and others
control the spread of strong crypto, but so far there has been no basic
challenge to the "right to encrypt." Many of us see Clipper as a probable
move in this direction. Time will tell.)

After meeting many of the principals, including some early investors (like
Alan Alcorn, of Atari fame, at the Hackers Conference), I came to a
different conclusion: RSA Data Security was just concentrating on the "big
deals" which are only now coming to fruition--the zillion-copy deals with
large companies like Apple, Microsoft, Lotus, etc.. This market is vastly
larger than the PGP community, which may be as "small" as several thousand
copies (does anybody have any better guesses?).

And it turns out anyone _can_ buy a personal encryption package from
RSADSI...it's called MailSafe. In 1991, I stopped off at the offices of RSA
in Redwood City, while on my way to Lake Tahoe to the Hackers Conference,
to pick up my copy of MailSafe and ran into Jim Bidzos. We talked about PGP
(1.0 in those days) and about the upcoming Hackers Conference. Jim made an
interesting offer: Anyone at the Hackers Conference could buy MailSafe for
$50, just by saying they were there. This fee barely covered the
manufacturing/packaging costs, as I'm sure you all know. So far as I know,
a handful of people followed up. (And I agree there's a perceived problem
that no one, especially in our community, uses it. That's why I have both a
MailSafe and a PGP key...I figure I'm pretty safe against any legal
charges, as I can always wave my MailSafe license in the air!)

Several other conversations have convinced me that Bidzos is not a Fed.
Also, his company has sponsored two excellent (and *free*, by the way!)
conferences on crypto, featuring speakers from outside his company (such as
Mark Riordan of RIPEM fame) and talks highly critical of the "Digital
Signature Standard" (DSS), which the real Feds were pushing as a weak
alternative to RSA digital signatures. (By the way, DSS is part of the new
Capstone system, unsurprisingly.)

* I'm not a lawyer (which is why I'll cc Mike Godwin and Lee Tien on this
response), but my understanding is that the RSA patents cannot just be
licensed on a "per person" basis...that's just not the way patents work.
That is, we can't just pay RSA a quite reasonable $50 apiece for a
perpetual license to the patents and be done with it. Instead, each product
that uses the patents must be separately licensed, as per patent laws.
(This doesn't mean the fee is anywhere _near_ the $125 for MailSafe, the
$50 fee I suggested here, etc. I suspect the deals with Apple, Lotus, etc.,
resulted in _much_ lower fees, perhaps just a couple of bucks per user.
Just a guess.)

* A "personal encryption" product, for users who don't use commercial
e-mail products such as Lotus Notes (which contains RSA), is sorely needed.
The PGP distributed trust model and other features, combined with a fully
legal "crypto core," could be a real success. (Personally, I'd like to see
a commercial version of "Eudora," the Macintosh off-line mail reader I now
use, with easier (push-button, automatic) support for PGP, RIPEM, etc.). 

* The upcoming battle for strong crypto is as important a battle for civil
liberties as our generation will ever face, in my opinion. The precendents
set in the next several years will shape this country (and other countries,
by extension) for many years to come.

-Tim May
--
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, smashing of governments.
Higher Power: 2^756839 | Public Key: MailSafe and PGP available.
Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime