[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A legal way to use RSA!



To: [email protected]

                     A Legal Way To Use RSA
                     ----------------------

There is a LEGAL way to establish the free use of PGP and the RSA 
algorithm by anyone who wishes to preserve their constitutional right 
to privacy.  No licensing or fees are involved.

The RSA algorithm is not copyrighted software, it's a patented 
technique (presumably in the form of a mathematical algorithm).  
Under patent law, it is legal to manufacture anything that someone 
has patented for your own use.  If the item is an improved can 
opener, for example, then you can make one for yourself directly from 
the patent office drawings if you like.  You cannot offer them for 
sale.  So anyone is free to create a computer program which utilizes
the RSA algorithm so long as it's just for them.

All mathematical equations, no matter how large and complex, consist 
of smaller terms or sub calculations.  In the instant case of the RSA 
algorithm, these smaller terms consist of prime numbers, Euler's 
quotient function, and operations like calculating the greatest 
common divisor and modular arithmetic.  It's all about as patentable 
as long division.  No one could be prevented from using such ordinary 
mathematics.

PGP performs other tasks besides RSA related calculations.  It 
supports IDEA and XXENCODE which are in the public domain.  So it's 
only necessary to rewrite the RSA section to avoid conflict with the 
patent.  This could be accomplished by arranging the section into a 
few mathematical modules or "building blocks."  These could then be 
rearranged by the user into several different configurations for 
encryption ------ with only one supporting the actual RSA algorithm.  
After all, large prime numbers can  legitimately be used as keys for 
almost any encryption technique and the arithmetic operations may be 
called as subroutines for a variety purposes.  

By stacking the un patentable "building blocks" into the particular 
sequence which implements the RSA algorithm, the users would, in 
essence, be employing their own tools (the computer and it's 
software) to create a copy of the RSA algorithm for their individual 
use.  Programming skills would not be required since the inexpert 
user could simply employ a setup program and select from a menu of 
different encryption modes.  Alternatively, a DEBUG script could be 
circulated separately to appropriately reshuffle the object code.

Legal action to prevent such a program from being distributed could 
be very difficult.  What reasonable argument could be set forth 
against someone using the mathematical functions?  Arguing that 
someone -might- use the program to create RSA would make no more 
sense than arguing that a drill press -might- be used to make a 
patented can opener.  Besides, if it's legal for someone to make 
their own can opener, how can it be illegal to sell them the tools 
and materials to do it with?  Providing instructions on how to do it 
can hardly be attacked because the U.S. Patent Office, itself,
publishes the plans (technically, they appear to violate the law 
whenever they send copies outside U.S. borders).  By now, you get the 
point.  There's a well anchored legal loophole in the patent law big 
enough to sail a ship through.  It may render patents of formulae 
used in computer software worthless (as they ought to be).

I sympathize with Public Key Partners.  The venture must have looked 
awfully good on paper, but their position is fundamentally untenable.  
Sooner or later the subject of their exclusive rights over RSA will 
reach the courtroom.  There is legal precedent for allowing private 
corporations to market products developed with public funds.  
However, a case might very well be made that MIT erred in granting an 
exclusive license.  It would be to the greater public good (the 
underlying principal) to release RSA into the public domain so a 
range of competing businesses could provide it to the public.  
Because the right to privacy is involved, rather than valves for a 
rocket engine, a federal court could take licensing entirely out of 
Massachusetts' and MIT's hands if any federal funds could be traced 
to RSA's development.

Once in court, it will make the newspapers.  A private company 
profiteering from something the taxpayers paid for ----- denying 
privacy to the average American with heavy handed tactics.  The 
simple fact is, I don't like it and I have a feeling most people 
won't like the sound of it.  The press, a major user of electronic 
mail and a jealous guardian of sources, is not likely to take a 
sympathetic stance.  There is a large organized body of opposed 
computer users poised to launch letter writing campaigns and many 
congressional "waste slayers" are apt to show real interest in the 
matter.  Foundations which fund lawsuits on freedom issues abound.  
As courtroom and legislative arguments are raised against the license 
or patent, what foolish company is going to risk paying the license 
fee?  The RSA license quivers on a bowl of Jello.

I know financial misadventure when I see it.  I'm glad none of my 
money is invested in Public Key Partners.

Bon Voyage!