[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PKP and DSS -- Licensing and Summation (fwd)



From: [email protected] (Ross Williams)
Newsgroups: sci.crypt
Subject: NIST/PKP scandal: All you need to act.
Followup-To: sci.crypt
Date: 4 Aug 1993 04:21:12 GMT
Organization: Rocksoft Pty Ltd.
Lines: 1885
Distribution: world
NNTP-Posting-Host: wattle.itd.adelaide.edu.au
Summary: NIST/PKP scandal: All you need to act.
Keywords: nist pkp dsa dss patent digital signature


Why It Is Important That You Read This Document and Address This Issue
----------------------------------------------------------------------
Right now there are some fairly significant political things happening
in the area of digital signatures that will determine how they are
managed for the next two decades. This matters because digital
signatures will be a key technology in the future. It is likely that,
in the future, most commercial transactions, and most digital
communications (including email) will be sealed with a digital
signature. In 1999 when J.Random Citizen goes the supermarket and
swipes his credit card to buy a chocolate bar, he will most likely be
issuing a digital signature. Digital signatures are going to be an
extremely important technology in future society, not just in the US,
but throughout the world. Because of the propagation of patents
through GATT and other agreements, what happens in the US affects
everyone.

Unfortunately, as far as I can tell, this is a technology that the
general public is not even aware of. As a result, the entire legal and
political foundation for the technology is being layed down right now
by the US Government and other organizations, without much interaction
with the outside world. Now this isn't necessarily a bad thing;
governments do a lot of good things. However, recent political
developments have alarmed many people.

A difficulty with the situation is that the issues are rather complex
and the approach one takes to them will depend on one's attitudes
towards Government, industry, intellectual property, patents and so
on. And even if you have firm convictions on any of these issues,
deciding what one's position on the issue is, and what one should do
can be difficult. It's easy to be a radical and shoot from the hip,
and it's easy to be a cynic and do nothing, but I don't like either of
these approaches. The only alternative is to think it through properly
and make a measured response (which may well happen to be radical!).

The document below is my attempt to enumerate the facts, identify the
key constraints and issues and identify a number of possible positions
and responses. Rather than attempting to "precompile" all this
information and advocate a particular course of action, I have
provided information so that you can make up your own mind. To this
end, I have added appendices containing reference material that you
might otherwise have to look up (as I had to).

The deadline for action (by fax) is midnight ending Monday 9 August
1993 Washington D.C. time, but it would be best to act well before
then to be on the safe side. I urge you, at the very least, to read
this document and make up your own mind about this important issue.

Ross Williams ([email protected])
4 August 1993.


AN ANALYSIS OF THE NIST/PKP DIGITAL SIGNATURE PATENT LICENSING PROPOSAL
=======================================================================
Version : 3.
Date    : 4 August 1993.
Author  : Ross N. Williams.
Net     : [email protected]
Snail   : 16 Lerwick Avenue, Hazelwood Park 5066, Australia.
Fax     : +61 8 373-4911.
Phone   : +61 8 379-5020 (10am to 10pm Adelaide Australia time).
Thanks  : The following people have provided me with information:
             Noah Friedman    ([email protected]).
             Jack Larsen      ([email protected]).
             Richard Stallman ([email protected]).
             Dan Bernstein    ([email protected])
Cleared : Cleared for public release 1:18am 04-Aug-1993: RNW.
Status  : Copyright (C) Ross Williams 1993. However, permission is granted to
          make and distribute verbatim copies of this document provided
          that this copyright notice is included.
Disclaimer: Where this document expresses opinions on behalf of the
author, those opinions are the author's only and are not representative
of any organization associated with the author.

Note: A GLOSSARY appears at the end of this document. If you are
unsure of an acronym, look it up. Search for the word "glossary".


0. TABLE OF CONTENTS
====================
1. The Facts of the Case
   1.1 Public Key Cryptography
   1.2 The Digital Signature Standard
   1.3 The Choice
   1.4 The Gift
   1.5 Objecting and Appealing
2. What People Think (and Feel!)
3. Analysis.
   3.1 Enumerating The Objections
   3.2 The US Code
   3.3 Alternatives for NIST
   3.4 A Modern Aesops Fable
4. What You Can Do.
   4.1 Many Options
   4.2 To Whom To Write
   4.3 A Selection of Things To Say
--
A. Glossary.
B. NIST's Announcement
C. United States Code Title 35.
D: 37 CFR 404.7 (Checklist for License Application)
E: Dan Bernstein's Posting and Form Letter
F: The LPF Announcement
G. The letters I intend to send.


1. THE FACTS OF THE CASE
========================
As far as I can determine, these are the facts of the case. I have not
checked all these facts, and welcome corrections. I regret that I do
not have the time to substantiate the stuff in this section with
formal references.

1.1 Public Key Cryptography
----------------------------
* In late 1970's and early 1980's there was a revolution in
cryptography caused by the invention of public-key cryptography by
researchers at MIT and Stanford. Those researchers created patents
covering much of the new technology, and these patents were assigned
to their respective institutions.

* In order to exploit the new technology, MIT and Stanford created a
company called Public Key Partners (PKP) to whom they granted
exclusive sublicensing rights to the cryptography patents. As a result
PKP has controlled the use of public key cryptography for the last
decade or so.

* PKP claims that its patents are very broad and cover not just
specific public key cryptography techniques such as the RSA technique,
but also cover the IDEA of public-key cryptography too. Like most
issues involved in this whole situation, this issue is not clear and
can only be resolved in the courts. This document assumes that the PKP
patends are broad.

* The PKP patents expire between 1997 and 2008. The most important
ones expire between 1997 and 2000.

* Public key cryptography is a seminal enabling technology that solves
most information integrity problems, including the ability to create
unforgeable digital signatures. Digital signatures are just like real
handwritten signatures except that they can be applied to digital
documents.


1.2 The Digital Signature Standard
----------------------------------
* Digital signatures are extremely powerful, but also rather
technologically messy to implement. Keys have to be generated and
managed. In particular, the issuing of a digital signature is a social
and commercial event most likely requiring network events. In my
opinion digital signatures will not enter widespread use until they
are standardized.

* Several years ago, the US Congress, recognising the need for a
standard, instructed NIST (The US National Institute of Standards and
Technology) to perform a study and come up with a proposal for a
digital signature standard.

* NIST evaluated the options and, among other things, commissioned its
own signature scheme called DSA (Digital Signature Algorithm). The DSA
was prepared with assistance from the NSA (National Security Agency).

* When all the dust settled, there were two proposals to choose from:
a proposal by PKP based on RSA, and DSA. NIST patented DSA which meant
that both proposals were embodied in patents, one owned by PKP and the
other by NIST.

* There were many pros and cons for each proposal including:

   - PKP asserted that the NIST proposal was technically more
     arbitrary than the RSA and was created in a more politically
     impure environment (with help from the NSA) and so was more
     likely to have a backdoor in it somewhere. RSA is based on prime
     numbers and is simpler and more self-evidently backdoor-free.

   - The PKP proposal was privately owned and so, if it was chosen,
     everyone would have to pay PKP royalties.

* Because the use of digital signatures requires the interaction
between random pairs of individuals in society and other organizations
and agencies, it would appear that there is no room for two standards.
It might be possible for two standards to coexist, but once one
catches on, no one will want to know about the other, as "hardly
anybody uses it". Furthermore, whatever is chosen as the standard is
likely to become mandatory when interacting with various government
institutions. Thus, whatever happens, the standard that catches on is
likely to dominate and will be hard to supplant even by
technologically better rivals. This makes right-now a critical time.


1.3 The Choice
--------------
* The decision was up to NIST. In the end it chose its own proposal
which was subsequently named in its DSS (Digital Signature Standard)
as the standard algorithm.

* NIST's problem then was how to cope with PKP. It seems that earlier
on, NIST declared the DSA free of coverage from other patents:

   "[We] believe this technique is patentable and that no other patents
   would apply to the DSS."
   -- NIST --US Federal Register, 30 August 1991.

However, it seems that since that time, PKP applied pressure to NIST
claiming that the DSA was covered by PKP's broader patents. It is
still not clear what the practical scope of PKP's patents is and the
only way to tell is go to court. What is certain is that the PKP
patents THREATEN the DSA patent and can cause trouble for it at any
time.

Meanwhile, NIST has certainly behaved as if the PKP patents are a
problem as it stated in its DSA license proposal announcement (see
Appendix B of this document):

     >The prospective license is a cross-license which would resolve a
     >patent dispute with Public Key Partners and includes the right to

If PKP are right then patent law says that neither party can use the
technology without obtaining a license from the other party. However,
the coverage of PKP's patents is far from clear.


1.4 The Gift
------------
* In the end, NIST decided to simply GIVE its DSA patent to PKP.
Actually, it's not giving, it's an exclusive license, which is
effectively the same thing. We will use the word "give" in this
document.

* This decision has been, to say the least, controversial. At least is
has within the subculture that knows about these things. It hasn't hit
Donahue yet.

* The PKP patents run out between 1997 and 2000. The DSA patent runs
out in about 2010. Thus, if PKP's patents have teeth then NIST is
GIVING PKP a monopoly of a major national standard for 10 years. If
PKP's patents don't have coverage, then NIST is GIVING PKP the
monopoly for about 16 years. Either way, it's an unnecessarily
generous gift and one that will probably cost the public hundreds of
millions of dollars.

* Monopolistic control over DSA is a gold mine. I can't put a figure on
how much it would be worth, but certainly more than three flat rocks and a
piece of string. Just remember that most commercial transactions of the
future and probably most electronic communications will be executed using
digital signatures and you get an idea of the scope of the monopoly.
It's almost like simultaneously owning a patent on the pens with which
all people must sign contracts and on sealing wax with which people seal
envelopes (or did in more romantic eras).

* PKP has stated its INTENT to license DSA free for non-commercial use:

     >It is PKP's intent to make practice of the DSA royalty free for
     >personal, noncommercial and U.S. Federal, state and local
     >government use.  As explained below, only those parties who enjoy
     >commercial benefit from making or selling products, or certifying
     >digital signatures, will be required to pay royalties to practice
     >the DSA.

However, this apparently does not cover software distribution schemes
that operate at cost or which cross-subsidize distribution to yield a
non-profit. Note also that this statement of intent does not represent
a binding committment.

* PKP has issued a statement committing itself to charging a maximum
royalty rate of 5% if the deal goes through. However, there are also
"minimum fees" which are going to be $10000 per year, plus $10000 for
small companies and $25000 for big companies.

* An important aspect of the situation is that after PKP's patents run
out, there will be nothing stopping anyone from creating and using new
digital signature algorithms that are not DSA. The trouble is that by
that stage DSA will be so well established that no one will want to
use anything else. So, while PKP will eventually lose control over
public-key cryptography, they will still have control over the DSA,
and by then nobody will be able to supplant it with a free standard.

* If the deal does go through then we are likely to see an interesting
effect as the PKP patent expiry dates approach. At roughly that time,
PKP's RSA patents will expire and we will find that PKP is promoting
the DSA (over which it holds a patent) and downplaying (and possibly
denigrating) the RSA algorithms upon which the company was
founded!!!!!!!!!!!!!


1.5 Objecting and Appealing
---------------------------
* The DSA patent has not yet been licensed to PKP. By 37 CFR 404.7,
this cannot occur unless NIST first advertises the fact that the
licensing is to take place, and solicits objections from the public.
NIST made such an advertisement in the US Federal Register on 8 June
1993:

     >The prospective license will be granted unless, within sixty (60)
     >days of this notice, NIST receives written evidence and argument
     >which established that the grant of the license would not be
     >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7.
     >Dated:  June 2, 1993.

This noticed was published on about 8 June 1993 so the deadline for
responses is 8 August 1993 Washington D.C. time. However, this is a
Sunday and we have obtained a verbal commitment from NIST that Monday
is OK too.

* A lawyer I know who has knowledge of this case has indicated that he
thinks that there is no likelihood that NIST will back out of the deal
at this stage. However, he feels that this stance is a result of
leftovers from the Bush administration. Apparently appeals will be
heard by the new Clinton administration and so there is a chance of a
change of mind by NIST.

* An appeal can be made later to the new administration by anyone who
submitted written comments to NIST (as explained above) in opposition
to the proposal. Appealants can appeal "de novo" which means that they
are not limited to facts and arguments submitted now.

* The word "algorithm" appears in the DSA patent, despite the fact
that it is officially impossible to register a software patent (it has
to be framed in terms of hardware) so it may be that the DSA patent is
invalid.


2. WHAT VARIOUS PEOPLE THINK (AND FEEL!)
========================================
* Many people do not believe that algorithmic processes, and in
particular, software should be patentable at all. This is an extremely
complex issue, but if you do not believe that software patents should
exist, you will also believe that the PKP patents should not exist.

* Many people are worried that public key cryptography was patented,
given its origins. They point out that most of the research leading to
it was funded by public (i.e. taxpayer's) money granted by the US
Federal Government to Universities. They point out that if the result
of such research should be framed as property at all (e.g. patents)
then it should be public property. In fact, a database search of the
relevant patents reveals that many of them have the following note
attached which would seem to indicate that the government may have
some direct rights to the patents:

   >GOVERNMENT INTEREST       (GI)  The Government has rights in this
   >                          invention pursuant to Grant No. ENG-10173 of
   >                          the National Science Foundation and IPA No.
   >                          0005.

* One of the purposes of the patent system is to cause technology to
be exploited. Some people have suggested that PKP has not been
effective in allowing the diffusion public key cryptography. I am not
in a position to establish the truth or falsehood of this statement.
However, there is intuitive evidence in the fact that public key
cryptography was invented almost 20 years ago, and yet is not yet in
widespread use. A visit to the supermarket checkout counter reveals no
digital signatures. Why not?

* Some people have suggested that the reason for the lack of diffusion
of public key cryptography is that a cosy unspoken understanding
exists between PKP and various US Government agencies that are
none-too-happy about the prospect of a diffusion of this technology.
Evidence for the attitude of government agencies is: 1) the smoking
gun of the 56-bit DES key, 2) the fact that much cryptographic
technology is currently classified as "munitions" and cannot be
exported without a license. Evidence of the lack of diffusion is the
supermarket argument above. The rest is speculation.

* Many people were worried when NIST patented the DSA. They felt that
no good could come from embodying a public standard as a piece of
intellectual property. Their fears have been realized as NIST is about
to license that property exclusively to PKP.

* It is very easy to get hot under the collar at NIST. However, it is
also important to realize that their actions MAY be motivated by no
more than a desire for the public good - to disseminate digital
signature technology as quickly as possible. In this quest they ran up
against a problem - PKP - and solved it as quickly and as easily as
they could - by giving the DSA patent to PKP.

* I do not particularly hold any bad feelings towards PKP or its
employees. I have been developing a product recently that has required
me to interact with PKP and to license one of their algorithms. They
have been nothing but polite and helpful and have provided me with
useful information. My concern is not with PKP, but with the future of
digital signatures.


3. ANALYSIS
===========

3.1 Enumerating The Objections
------------------------------
I you are at all like me, by this stage your brain will be feeling as
if it is full of cotton wool so let's attempt to crystalize it all.
First, why should we care at all? The answer to this is that digital
signatures are going to be very important in the future. Second, what
bad things have happened, or are about to happen? This depends on your
stand on various issues in intellectual property. Combing through
previous sections, we can assemble at least the following list of
potential objections:

   * Object to software patents in general.
   * Object to publicly funded universities creating patents at all.
   * Object to such universities assigning such patents to commercial companies.
   * Object to PKP allegedly holding up the diffusion of public key technology.
   * Object to the involvement of the NSA in creating the DSA.
   * Object to NIST choosing DSA as standard instead of RSA.
   * Object to NIST embodying DSA in a patent.
   * Object to government agencies assigning patents to commercial companies.
   * Object to NIST assigning the patent to just ONE company.
   * Object to NIST effectively extending PKP's patent powers.
   * Object to NIST making it more difficult for companies that
     wish to fight PKP to do so.

So there is certainly a lot to grumble about! This is a problem with
this issue: there are too many ducks to shoot at and the more
idealistic you are the easier it becomes to get angry and confused.
However, right now we are right near the end of NIST's 60-day deadline
and coherent focussed action is required.

From the legal tactical point of view, there are many many angles of
attack. I won't go into them here; the situation touches on
constitutional law, administrative law, patent law and I don't
understand it all. Just be assured that "teams of lawyers are working
around the clock" :-) What we really need of course is a turbo-charged
Hillary, but this is not possible at this time.

What IS important is that the current situation seems to be largely a
result of the leftovers of the Bush administration. The new Clinton
administration may take different view on all this. I have heard that
soon the top few people in NIST will be replaced by Clinton people.
This means that if enough people object now with enough good reasons,
the issue might get held up long enough for it to be caught by the new
administration. And the "de novo" aspect of the appeals process means
that new arguments can be created and presented later, so you are not
limited later to what you say now. So say anything, but please say
something, now.

As we have seen, there are many legitimate objections that could be
made. In my mind the key ones are:

   * That NIST is placing a key international standard in the
   hands of a single company.

   * That by handing DSA to PKP, NIST is giving PKP power
   unnecessarily. It may be that some companies believe that they
   can beat PKP's broad patents in court. However, if the NIST/PKP
   deal goes through, such companies will have to break not only
   the broad PKP patents, but the more specific DSA one as well.
   If the PKP patents are so strong, why should NIST need to give
   PKP the DSA patent at all?

In addition to these general objections, we can also respond directly
and formally to NIST's requests for comments on the deal. The next
section discusses this.


3.2 The US Code
---------------
NIST has requested objections to its proposal before 8 August 1993.
Furthermore, it has specified exactly what its criterion is for
evaluating objections:

     >The prospective license will be granted unless, within sixty (60)
     >days of this notice, NIST receives written evidence and argument
     >which established that the grant of the license would not be
     >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7.
     >Dated:  June 2, 1993.

I have obtained copies of 35 U.S.C. 209 (see Appendix C) and 37 CFR 404.7
(see Appendix D). The latter is basically the former repeated over a few
times with some bits added.

Here are the juicy clauses of 35 U.S.C. 209 - the ones that specify the
criteria that NIST is supposed to be using to determine whether to license
DSA to PKP. NIST is most likely to respond favourably to objections lodged
to it that address these criteria and explain why they are not being met.
Here we go:

   >(A) the interests of the Federal Government and the public will
   >best be served by the proposed license, in view of the applicant's
   >intentions, plans, and ability to bring the invention to practical
   >application or otherwise promote the invention's utilization by
   >the public;

I think it's fairly clear from the history of the computer industry in
the last two decades that computer companies will need little
encouragement in adopting and implementing this standard without the
help of PKP!


   >(B) the desired practical application has not been achieved, or is not
   >likely expeditiously to be achieved, under any non-exclusive license
   >which has been granted, or which may be granted, on the invention;

DSS has only recently been declared a standard, so it's hard to judge.
It depends on how good PKP's is at preventing companies from
implementing DSA.


   >(C) exclusive or partially exclusive licensing is a reasonable and
   >necessary initiative to call forth the investment of risk capital and
   >expenditures to bring the invention to practical application or
   >otherwise promote the invention's utilization by the public; and

This condition absolutely is not met. The history of the computer
industry and the potential for the DSA clearly indicates that there
will be, if anything, a glut of risk capital for implementing DSA.
And it's probably not even likely to be "risk" capital!


   >(D) the proposed terms and scope of exclusivity are not greater than
   >reasonably necessary to provide the incentive for bringing the invention
   >to practical application or otherwise promote the invention's
   >utilization by the public.

Even if DSA is a subset of PKP's patents and NIST is assigning DSA to
PKP to simplify the situation, this condition is definitely not met as
NIST is licensing DSA to PKP for at least 10 years longer than it
needs to - more than half the life of the patent. PKP's patents expire
before 2000, but NIST is granting DSA until the year 2010. This is FAR
greater than is reasonably necessary. Because technology tends to
diffuse in accordance with an exponential curve (at least until it
saturates), it is likely that the royalties PKP will receive between
2000 and 2010 will be a hundred times greater than those it receives
beween 1993 and 2000. Thus, in practice, NIST may be being
overgenerous by a factor of one hundred or more.


SUMMARY: If we assume that NIST's goal is to get DSA in use as quickly
as possible, then their only obstacle is PKP. The clauses above
address the issues of technology diffusion and the attraction of risk
capital. These issues are not central in this case as it must be
blindingly obvious to anyone who knows the computer industry that the
DSA standard would go like curry through a senior citizen if all the
patents were lifted from it (remember, we are most likely talking
about most commercial outlets in the US and nearly all electronic mail
in the future). Thus, the only reason why NIST should consider handing
over the DSA patent under these clauses is because PKP has the
industry by the throat. But this is not certain, and even if it was,
under clause (D) above, NIST should attempt to minimize its commitment
to PKP. If it is to license DSA to PKP AT ALL, it should license it
only until PKP's patents run out, not until the year 2010. And even
licensing DSA to PKP until the patents run out is unnecessary because
if NIST offered a public license of DSA, companies could simply fight
PKP's patents in the courts directly without DSA being involved.


3.3 Alternatives for NIST
-------------------------
As we have seen above, NIST's actions are at least inconsistent with
the code with respect to section (D). So, we can write to them and
complain about that specifically.

By now, you should have a pretty good feel for the situation. My
personal opinion is that NIST are simply eager to diffuse the
technology, but because they feel "blocked" by PKP, have folded to
them. Unfortunately, they seem to giving up far more than they need
to. So let's help them get their confidence back :-) by coming up with
some alternatives:

A1: ISSUE A GENERAL PUBLIC LICENSE: This would knock NIST out of it,
allowing those wishing to implement DSA to deal with PKP directly,
either through the courts, or the banks. :-) At least PKP's power
would not be increased.

A2: FIND ANOTHER STANDARD OR ENCOURAGE INFRASTRUCTURE FOR ANOTHER
STANDARD: Do we want DSA at all? Given that the NSA had a finger in
it, it's not clear how secure it is. Is it really desirable for
certain U.S. government agencies, perhaps a little out of control, to
be able to digitally prove in court that any citizen it particularly
feels like targetting has taken out a $200,000 loan which has not been
repayed? Well, of course, it's not that simple. Even so, these
technologies have a habit of being used for increasingly serious
applications and this sort of abuse is not unimaginable. In the new
commercial world, a backdoor to the DSA would be a license to print
money, without all the hassles of running a printing press.

Perhaps it is better to take a completely different approach.
Independent of licensing issues, I don't think that NIST are going to
back down from their own standard. However, they could assist the free
market along by specifying that all implementations of DSA incorporate
a general digital signature framework into which a variety of digital
signature algorithms could be inserted, including DSA.

If all manufacturers implemented this, then, at a later date it would
be easy to switch to another standard or choose one or another
standard at the supermarket till. Even if NIST gave PKP DSA, by
enforcing this "slot" openness in the implementation of DSA, it could
pave the way for the standard to be replaced in the future by a better
one (perhaps RSA!) when the PKP patents expire.


3.4 A Modern Aesops Fable
-------------------------
During times of drought a farmer noticed that his cow was looking a bit
thin so he sent his son out with the cow to find some nice green grass
to munch on so that the cow would grow fat and yield lots of milk. The
son walked the cow for miles and miles (making the cow even thinner in the
process), but couldn't find any grass (it's the Australian outback).
In the end he found a nice green paddock and set the cow grazing.

Later the son returned to the homestead:

Farmer : How'd it go son? Do we have a happy cow now?
Son    : Well sort of; I had trouble finding a grassy paddock.
Farmer : But you found one in the end didn't you?
Son    : Yes, and I put the cow in the paddock. But soon another farmer
         came running out. He said it was his paddock --- he had rented it
         for three years --- and that I couldn't graze my cow there without
         giving him some milk. It was the only green paddock there was.
Farmer : So what did you do?
Son    : I gave him the cow.


4. WHAT YOU CAN DO
==================

4.1 Many Options
----------------
If you've read this far, the extra amount of work required to print
out a letter of objection and mail it to NIST will seem trivial by
comparison! Furthermore, if you act, you may be able to secure a DSA
license for yourself from NIST before DSA is handed over to PKP.

It is important to realize that NIST are actually SOLICITING
objections. So it's not as if you are writing in cold. Regardless of
what NIST's real attitude is, the fact is that they have to receive
and collate all the objections they receive and pay some sort of
attention to them.

As we've seen above, the issues are complicated, and the sort of
response you'll want to send NIST will depend on your point of view.
I'm not going to tell you what to send to NIST. However, I am going to
make it as easy as possible to send SOMETHING to NIST by providing
handy information such as the address of the person to send to :-)
along with various form letters.

One interesting aspect of objecting is stated by NIST in their
announcement:

     >Applications for a license filed in response to this notice will be
     >treated as objections to the grant of the prospective license.

Thus, if you do no more than simply file an application for a DSA
license (to NIST before it hands it over to PKP), you will be
objecting implicitly.


4.2 To Whom To Write
--------------------
NIST states in their announcement that "Inquiries, comments, and other
materials relating to the prospective license shall be submitted to:

   Michael R. Rubin
   Active Chief Counsel for Technology
   Room A-1111, Administration Building,
   National Institute of Standards and Technology
   Gaithersburg, Maryland 20899
   Phone: +1(301) 975-2803.
   Fax: +1(301) 926-2569.

The formal deadling is the end of 08-Aug-1993. However as that is a
Sunday, Michael Rubin has stated to others that correspondence
received on Monday 09-Aug-1993 will be accepted. Furthermore, in a
telephone conversation between Michael Rubin and myself between 1:22am
and 1:24am on 04-Aug-1993 Adelaide time, he informed me that faxed
correspondence would be accepted until midnight ending Mon 09-Aug-1993
[implicitly Washington DC time]. (Sorry, I forgot to ask him his email
address - fax is probably better anyway, as I understand that faxed
signatures are accepted in law (no digital signatures in email yet
:-)).

The LPF has requested that you send a copy of your letter to them at:

   League for Programming Freedom
   1 Kendall Square #143
   P.O.Box 9171
   Cambridge, Massachusetts 02139

The League for Programming Freedom is an organization which defends
the freedom to write software, and opposes monopolies such as patented
algorithms and copyrighted languages. It advocates returning to the
former legal system under which if you write the program, you are free
to use it. Please write to the League if you want more information.
Sending copies to the League will enable them to show them to elected
officials if that is useful.


4.3 A Selection of Things To Say
--------------------------------
Here is a list of actions to give you ideas.

* Write to NIST and ask for a personal or implementors license. The
personal license will allow you to use the DSA technology in
5,231,668. The implementors license will allow you to create
for-private-use or public domain DSA implementations. You can use the
Dan Bernstein form letters in Appendix E to do this. NIST may or may
not grant the license, but at least you can try.

* Write to NIST objecting to the DSA deal on one or more of the following
grounds:

   - Various idealistic reasons such as the creation of the technology
   using public money, the assignment of the technology to a private
   company, and the involvement of the NSA in formulating the standard.

   - Because the deal "is not consistent with requirements of
     35 U.S.C. 209 and 37 CFR 404.7." More specifically

   >(C) exclusive or partially exclusive licensing is a reasonable and
   >necessary initiative to call forth the investment of risk capital and
   >expenditures to bring the invention to practical application or
   >otherwise promote the invention's utilization by the public; and

   There will be no shortage of risk capital for DSA!

   >(D) the proposed terms and scope of exclusivity are not greater than
   >reasonably necessary to provide the incentive for bringing the invention
   >to practical application or otherwise promote the invention's
   >utilization by the public.

   PKP's patents run out by 2000, but NIST is granting them DSA to 2010.

* Write to NIST and suggest that they issue a general public license.

* Write to NIST objecting, explaining the importance of DSA in future
society and urging them to (as the LPF puts it) "pursue all possible
means, judicial and legislative, to invalidate or annull the PKP
patents", and failing that "take them by eminent domain". This would
be cheaper in the long run than the current plan. (Note: I can't help
you with the details here: I don't know what eminent domain is. I
presume it's what happens when congress finds out that someone has
patented the slush fund :-)

* Send a copy of the farmer fable :-)

That's it! Over to you now!

=====================================================================

APPENDIX A: GLOSSARY
====================
DES  = Data Encryption Standard.
DSA  = Digital Signature Algorithm.
DSS  = Digital Signature Standard.
LPF  = League for Programming Freedom
NIST = National Institute of Standards and Technology.
NSA  = National Security Agency.
PKP  = Public Key Partners.
RSA  = Rivest Shamir Adelman - an important public-key cypher.

=====================================================================

APPENDIX B: NIST'S ANNOUNCEMENT
===============================

 ** The following notice was published in the Federal Register, Vol.
           58, No. 108, dated June 8, 1993 under Notices **

National Institute of Standards and Technology

Notice of Proposal for Grant of Exclusive Patent License

This is to notify the public that the National Institute of
Standards and Technology (NIST) intends to grant an exclusive
world-wide license to Public Key Partners of Sunnyvale, California
to practice the Invention embodied in U.S. Patent Application No.
07/738.431 and entitled "Digital Signature Algorithm."  A PCT
application has been filed.  The rights in the invention have been
assigned to the United States of America.

The prospective license is a cross-license which would resolve a
patent dispute with Public Key Partners and includes the right to
sublicense.  Notice of availability of this invention for licensing
was waived because it was determined that expeditious granting of
such license will best serve the interest of the Federal Government
and the public.  Public Key Partners has provided NIST with the
materials contained in Appendix A as part of their proposal to
NIST.

Inquiries, comments, and other materials relating to the prospec-
tive license shall be submitted to Michael R. Rubin, Active Chief
Counsel for Technology, Room A-1111, Administration Building,
National Institute of Standards and Technology, Gaithersburg,
Maryland 20899.  His telephone number is (301) 975-2803.  Applica-
tions for a license filed in response to this notice will be
treated as objections to the grant of the prospective license.
Only written comments and/or applications for a license which are
received by NIST within sixty (60) days for the publication of this
notice will be considered.

The prospective license will be granted unless, within sixty (60)
days of this notice, NIST receives written evidence and argument
which established that the grant of the license would not be
consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7.

  Dated:  June 2, 1993.

Raymond G. Kammer
Acting Director, National Institute Standards and Technology.

Appendix "A"

The National Institute for Standards and Technology ("NIST") has
announced its intention to grant Public Key Partners ("PKP")
sublicensing rights to NIST's pending patent application on the
Digital Signature Algorithm ("DSA").

Subject to NIST's grant of this license, PKP is pleased to declare
its support for the proposed Federal Information Processing
Standard for Digital Signatures (the "DSS") and the pending
availability of licenses to practice the DSA.  In addition to the
DSA, licenses to practice digital signatures will be offered by PKP
under the following patents:

          Cryptographic Apparatus and Method ("Diffie-Hellman")
                No. 4,200,770
          Public Key Cryptographic Apparatus and Method
                ("Hellman-Merkle")   No. 4,315,552
          Exponential Cryptographic Apparatus and Method
                ("Hellman-Pohlig")   No. 4,434,414
          Method For Identifying Subscribers And For Generating
                And Verifying Electronic Signatures In A Data Exchange
                System ("Schnorr")   No. 4,995,082

It is PKP's intent to make practice of the DSA royalty free for
personal, noncommercial and U.S. Federal, state and local
government use.  As explained below, only those parties who enjoy
commercial benefit from making or selling products, or certifying
digital signatures, will be required to pay royalties to practice
the DSA.

PKP will also grant a license to practice key management, at no
additional fee, for the integrated circuits which will implement
both the DSA and the anticipated Federal Information Processing
Standard for the "key escrow" system announced by President Clinton
on April 16, 1993.

Having stated these intentions, PKP now takes this opportunity to
publish its guidelines for granting uniform licenses to all parties
having a commercial interest in practicing this technology:

First, no party will be denied a license for any reason other that
the following:

          (i)    Failure to meet its payment obligations,
          (ii)   Outstanding claims of infringement, or
          (iii)  Previous termination due to material breach.

Second, licenses will be granted for any embodiment sold by the
licensee or made for its use, whether for final products software,
or components such as integrated circuits and boards, and regard-
less of the licensee's channel of distribution.  Provided the
requisite royalties have been paid by the seller on the enabling
component(s), no further royalties will be owned by the buyer for
making or selling the final product which incorporates such
components.

Third, the practice of digital signatures in accordance with the
DSA may be licensed separately from any other technical art covered
by PKP's patents.

Fourth, PKP's royalty rates for the right to make or sell products,
subject to uniform minimum fees, will be no more than 2 1/2% for
hardware products and 5% for software, with the royalty rate
further declining to 1% on any portion of the product price
exceeding $1,000.  These royalty rates apply only to noninfringing
parties and will be uniform without regard to whether the licensed
product creates digital signatures, verifies digital signatures or
performs both.

Fifth, for the next three (3) years, all commercial services which
certify a signature's authenticity for a fee may be operated
royalty free.  Thereafter, all providers of such commercial
certification services shall pay a royalty to PKP of $1.00 per
certificate for each year the certificate is valid.

Sixth, provided the foregoing royalties are paid on such products
or services, all other practice of the DSA shall be royalty free.

Seventh, PKP invites all of its existing licensees, at their
option, to exchange their current licenses for the standard license
offered for DSA.

Finally, PKP will mediate the concerns of any party regarding the
availability of PKP's licenses for the DSA with designated
representatives of NIST and PKP.  For copies of PKP's license
terms, contact Michael R. Rubin, Acting Chief Counsel for Technolo-
gy, NIST, or Public Key Partners.

  Dated:  June 2, 1993.

Robert B. Fougner, Esq.,
Director of Licensing, Public Key Partners,
310 North Mary Avenue, Sunnyvale, CA  94033

[FR Doc. 93-13473 Filed 8-7-93; 8:45 am]

=====================================================================

APPENDIX C: UNITED STATES CODE (U.S.C.) TITLE 35 - PATENTS SECTION 209
======================================================================

Note: 37 CFR 404.7. is basically the following repeated over a few
times with some irrelevant bits added.

S 209. Restrictions on licensing of federally owned inventions
--------------------------------------------------------------
(a) No Federal agency shall grant any license under a patent or patent
application on a federally owned invention unless the person requesting
the license has supplied the agency with a plan for development and/or
marketing of the invention, except that any such plan may be treated
by the Federal agency as a commercial and financial information obtained
from a person and privileded and confidential and not subject to disclosure
under section 552 of title 5 of the United States Code.

(b)  A Federal agency shall normally grant the right to use or sell any
federally owned invention in the United States only to a licensee that
agrees that any products embodying the invention and produced through
the use of the invention will be manufactured substantially in the United
States.

(c)

(1) Each Federal agency may grant exclusive or partially
exclusive licenses in any invention covered by a federally owned domestic
patent or patent application only if, after public notice and opportunity
for filing written objections, it is determined that ---

   (A) the interests of the Federal Government and the public will
   best be served by the proposed license, in view of the applicant's
   intentions, plans, and ability to bring the invention to practical
   application or otherwise promote the invention's utilization by
   the public;

   (B) the desired practical application has not been achieved, or is not
   likely expeditiously to be achieved, under any non-exclusive license
   which has been granted, or which may be granted, on the invention;

   (C) exclusive or partially exclusive licensing is a reasonable and
   necessary initiative to call forth the investment of risk capital and
   expenditures to bring the invention to practical application or
   otherwise promote the invention's utilization by the public; and

   (D) the proposed terms and scope of exclusivity are not greater than
   reasonably necessary to provide the incentive for bringing the invention
   to practical application or otherwise promote the invention's
   utilization by the public.

(2) A Federal agency shall not grant such exclusive or partially exclusive
license under paragraph (1) of this subsection if it determines that the grant
of such license will tend substantially to lessen competition or result in
undue concentration in any section of the country in any line of commerce
to which the technology to be licensed relates, or to create or maintain
other situations inconsistent with the antitrust laws.

(3) First preference in the exclusive or partially exclusive licensing of
federally owned inventions shall go to small business firms submitting
plans that are determined by the agency to be within the capabilities of
the firm and equally likely, if executed, to bring the invention to
practical application as any plans submitted by applicants that are not
small business firms.

<<<<Note: The rest of the clauses are mainly administrative dealing with
foreign patents and record keeping. There are clauses that enable the
government to terminate the license if the licensees misbehave. In particular,
the final clause (given below) is rather interesting.>>>>

(f)...(4) the right of the Federal agency to terminate the license
in whole or in part if the agency determines that such action is
necessary to meet requirements for public use specified by Federal
regulations issued after the date of the license and such requirements
are not reasonably satisfied by the licensee.

=====================================================================

APPENDIX D: 37 CFR 404.8 (Checklist for License Application)
============================================================

37 CFR 404.8 gives a checklist of the things you have to do to apply
for a license.

S 404.8 Application for a License
---------------------------------
An application for a license should be addressed to the Federal agency
having custody of the invention and should normally include:

(a) Identification of the invention for which the license is desired
including the patent application, serial number or patent number,
title, and date, if known;

(b) Identification of the type of license for which the application is
submitted.

(c) Name and address of the person, company, or organization applying
for the license and the citizenship or place of incorporation of the
applicant;

(d) Name, address, and telephone number of the representative of the
applicant to whom correspondence should be sent;

(e) Nature and type of the applicant's business, identifying products
and services which the applicant has successfully commercialized;
and approximate number of the applicant's employees;

(f) Source of information concerning the availability of a
license on the invention.

(g) A statement indicating whether the applicant is a small business
firm as defined in S404.3(c)

    [S404.3 (c) SMALL BUSINESS FIRM means a small business concern as
    defined in section 2 of Pub. L. 85-536 (U.S.C.632) and implementing
    regulations of the Administrator of the Small Business Administration.]

(h) A detailed description of applicant's plans for developing or
marketing the invention, or both, which should include:

   (1) A statement of the time, nature and amount of anticiapted investment
   capital and other resources which applicant believes will be required to
   bring the invention to practical application;

   (2) A statement as to the applicant's capability and intention to fulfill
   the plan, including information refarding manufacturing, marketing,
   financial and technical resources;

   (3) A statement of the fields of use for which applicant intends to
   practice the invention; and

   (4) A statement of the geographic areas in which applicant intents to
   manufacture any products embodying the invention and geographic areas
   where applicant intents to use or sell the invention, or both;

(i) Identification of licenses previously granted to applicant under
federally owned inventions;

(j) A statement containing applicant's best knowledge of the extent to
which the invention is being practiced by private industry or Government,
or both, or is otherwise available commercially; and

(k) Any other information which applicant believes will support a
determination to grant the license to the applicant.


=====================================================================

APPENDIX E: DAN BERNSTEIN'S POSTING AND FORM LETTER
===================================================

The following is a recent posting to sci.crypt by Dan Bernstein. It
provides two form letter that can be used to apply for a DSA license.
The first letter requests a personal license. The second requests an
implementer's license. Dan's letters seems to provide all the
information required by some sort of US code. I don't know which one
though. Certainly the information provided seems very similar to that
specified in 37 CFR 404.8 (see Appendix D).

Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au!
munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb
From: [email protected] (D. J. Bernstein)
Newsgroups: sci.crypt
Subject: You want to use DSA? Apply for a personal license from NIST!
Message-ID: <[email protected]>
Date: 27 Jul 93 06:22:03 GMT
Organization: IR
Lines: 103

NIST plans to give Public Key Partners exclusive rights to the Digital
Signature Algorithm. Do you want to guarantee your own rights to this
technology? You can! It's free, if you can spare a stamp.

Attached is a form letter you can send to NIST to apply for a personal
license. Put in your own name, address, country, and the right date;
print it out; read through to check it over; sign it; and drop it in the
mail. You don't have to get everything right the first time---NIST will
contact you if they need more information to make a decision. And, as a
bonus, your application will automatically count as an objection to the
NIST-PKP deal!

I believe that NIST must receive your application by next Friday, the
6th of August, but the due date might be earlier. You might want to
check immediately with Michael Rubin at 301-975-2803. If necessary you
can fax your letter to him.

---Dan


                                [address]
                                [date]

Michael R. Rubin
Acting Chief Counsel for Technology
Room A-1111
Administration Building
National Institute of Standards and Technology
Gaithersburg, MD 20899

Dear Mr. Rubin:

I hereby apply for a personal license to use the Digital Signature
Algorithm.

1. Title of invention: Digital Signature Algorithm (DSA).

2. Patent Application Serial Number: 07/738.431.

3. United States Patent Number: To be issued as 5,231,668, I believe.

4. Source of information concerning availability of a license: Various
sources, including your Federal Register notice.

5. Name and address of applicant: [name], [address, phone, etc.].

6. Applicant's representative: not applicable.

7. I am a [country] citizen.

8. Approximate number of persons employed: not applicable.

9. I am not a small business firm.

10. Purpose: I would like a personal license allowing me to implement
and use DSA. See #12.

11. Business and commercialization: not applicable; see #10.

12. Plans: I plan to use DSA to attach digital signatures to a variety
of electronic documents, primarily for authentication. I plan to use DSA
implementations, initially in software but perhaps later in hardware,
from a variety of potential future sources. Investments: I may spend
many hours programming a DSA implementation.

13. Fields of commercialization: not applicable; see #10.

14. I am not willing to accept a license for less than all fields of use
of DSA.

15. I intend to implement and use DSA only in [country].

16. Type of license: I would like a non-exclusive license which does not
require royalty payments.

17. I have never been granted a license to a federally owned invention.

18. Known uses of DSA by industry or government: I have heard that ISC
sells a product called dsaSIGN, and that Bellcore has implemented DSA.

19. Other information: I understand that NIST may grant an exclusive
DSA license to PKP, and that this license application will be treated as
an objection to the PKP license.

Please note that PKP has stated its intent to make DSA free for personal
use. Therefore, if NIST grants PKP a license and PKP acts according to
its stated intent, there is no harm to anyone if I am granted this
personal license. However, I do not trust PKP to act according to its
stated intent, and I do not want to have to apply for a license from PKP
even if it is royalty-free. So I ask that you grant me a license
directly.

Thank you for your kind attention. Please let me know if you need more
information.

                                Sincerely,



                                [name]


Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au!
munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb
From: [email protected] (D. J. Bernstein)
Newsgroups: sci.crypt
Subject: You want to publish your dsa.c? Apply for a license from NIST!
Message-ID: <[email protected]>
Date: 27 Jul 93 06:22:39 GMT
Organization: IR
Lines: 101

NIST plans to give Public Key Partners exclusive rights to the Digital
Signature Algorithm. Do you have a free DSA implementation, or have you
been thinking of writing one for the benefit of the net community? Do
you want to guarantee your users the rights to this technology? You can!
It's free, if you can spare a stamp.

This is another form letter---just like the personal license application
exhibited in my previous message. You should make sure to apply for a
personal license. Once you've done that, follow the same instructions
for the implementor's license. Once again, as a bonus, your application
will automatically count as an objection to the NIST-PKP deal!

I believe that NIST must receive your application by next Friday, the
6th of August, but the due date might be earlier. You might want to
check immediately with Michael Rubin at 301-975-2803. If necessary you
can fax your letter to him.

---Dan


                                [address]
                                [date]

Michael R. Rubin
Acting Chief Counsel for Technology
Room A-1111
Administration Building
National Institute of Standards and Technology
Gaithersburg, MD 20899

Dear Mr. Rubin:

I hereby apply for an implementor's license permitting me to sublicense
the use of the Digital Signature Algorithm.

1. Title of invention: Digital Signature Algorithm (DSA).

2. Patent Application Serial Number: 07/738.431.

3. United States Patent Number: To be issued as 5,231,668, I believe.

4. Source of information concerning availability of a license: Various
sources, including your Federal Register notice.

5. Name and address of applicant: [name], [address, phone, etc.].

6. Applicant's representative: not applicable.

7. I am a [country] citizen.

8. Approximate number of persons employed: not applicable.

9. I am not a small business firm.

10. Purpose: I would like a license allowing me to let others freely
use my implementation of DSA, i.e., allowing me to sublicense the use of
DSA at no cost. See #12.

11. Business and commercialization: not applicable; see #10.

12. Plans: I plan to create a source-code implementation of DSA in
software, using computer resources which are already available to me.
I plan to give this implementation to anyone who asks, and perhaps to
publish this implementation via electronic or non-electronic means, for
study and use by the academic and non-academic communities. I hope to
have people hear about this implementation by a variety of means,
including word of mouth.

13. Fields of commercialization: not applicable; see #10.

14. I am not willing to accept a license for less than all fields of use
of DSA.

15. I intend to implement DSA in [country].

16. Type of license: I would like a non-exclusive license which does not
require royalty payments.

17. I have never been granted a license to a federally owned invention.

18. Known uses of DSA by industry or government: I have heard that ISC
sells a product called dsaSIGN, and that Bellcore has implemented DSA.

19. Other information: I understand that NIST may grant an exclusive
DSA license to PKP, and that this license application will be treated as
an objection to the PKP license.

Let me emphasize that this is not a commercial license application. I do
not intend to collect any fees for the use of this implementation.

Thank you for your kind attention. Please let me know if you need more
information.

                                Sincerely,



                                [name]

=====================================================================

APPENDIX F: THE LPF ANNOUNCEMENT
================================