[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Golden Key Campaign



From: "Dave Banisar" <[email protected]>
> WASHINGTON, DC -- A new coalition today urged support for strong technologies
> to protect privacy and security on the rapidly growing Internet. The Internet
> Privacy Coalition said that new technologies were critical to protect private
> communications and on-line commerce, and recommended relaxation of export
> controls that limit the ability of US firms to incorporate encryption in
> commercial products.
> 
> Phil Zimmermann, author of the popular encryption program Pretty Good Privacy,
> expressed support for the effort of the new coalition. "It is time to change
> crypto policy in the United States. I urge those who favor good tools for
> privacy to back the efforts of the Internet Privacy Coalition."

I see that a lot of good people are involved in this, and it sounds like
a worthwhile cause.  But I have one thing I want to get off my chest.
(Long time list readers will know that this is one area where I have
trouble being completely rational.)

The thing that worries me when I put crypto software up at my site is not
the export restrictions.  I can make people click a button promising that
they are USA citizens or otherwise legal.  A lot of other people do it
and while it might get me into trouble eventually I think it demonstrates
good faith.  (There has also been some discussion on the cyberia list
with regard to the communications decency amendment that "I am not a
minor" buttons would be adequate defenses for that law, and this seems
like a similar situation.)

No, the thing that worries me most is patent infringement.  And the main
company I worry about is RSA, one of the sponsors of this golden key
effort.  Note that RSA's logo is a key, and we see the RSA key at the
bottom of our Netscape screens all the time.  I don't remember if it's
golden.

It seems ironic for RSA to be casting itself as a friend of the
principle of availability of privacy tools when its own lawyers patrol
the net to make sure there are no unauthorized encryption programs out
there.  They fought against PGP for years until Phil trumped them by
going over their heads to MIT.

Look what happened when Wei Dai announced his fine crypto library.  It
wasn't the NSA which come down on him.  It was RSA lawyers who demanded
that he pull his library off the net until he had it clean enough for
them.

I have not actually seen the new logo because I don't have a graphical
browser here, but I hope it is not too similar to RSA's key.  I hate to
see that company rewarded when it is acting counter to the interests of
people who need access to privacy tools.

Hal