[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Let's Say "No!" to Single, World Versions of Software




It is imperative that Netscape, Microsoft, Qualcomm, and the other players
be pressured/urged/cajoled to commit to introducing strong, unescrowed
crypto for the *domestic* versions, even if not for export versions.

I believe several signs are pointing to jockeying in the U.S. to get the
major players in software to introduce "one version" programs with key
escrow built in. While the avowed intent will be to stop _export_ of
unescrowed strong crypto, such a "one version" (interoperable) strategy
would mean that key escrow is the de facto situation within the United
States.

Several months back, during the flap over Netscape founder Jim Clarke's
statements about the needs for key escrow, one result was that Netscape
acknowledged that even if it had to have *two* versions, a domestic version
and an export version, it would not put key escrow or other GAK versions
into U.S . releases.

It bears repeating, though we all know this: There are no restrictions
whatsoever on crypto use in the United States. (The restrictions on airwave
use of codes are more complicated to analyze, and don't effect speech,
writing, normal communications, etc.)

Not compromising on what is available to U.S. users is critical. (Of
course, we all know that what is widely available to U.S. users will
quickly become available in Europe, Asia, and elsewhere. But this is no
reason, formally, to compromise on basic freedoms within the U.S.)

So, I urge you, be prepared to attack any of the major software vendors who
offer any "one version" solutions which limit the strength of crypto
available to the U.S. customers in the name of offering a single, world,
exportable version.

Without this ITAR hook, the government is currently powerless to control
crypto domestically. (Many believe such restrictions would be dismissed on
First Amendment grounds, as restrictions on the form of speech. Of course,
many also believe the ITARs will eventually be found to be
unconstitutional, at least the parts dealilng with software, technical
articles, speech, etc.)

One of the lines of my ever-expanding .sig has been "Boycott "Big Brother
Inside" software!" I added this during the Lotus Notes flap, where Lotus
honcho Ray Ozzie was proposing his "40 + 24" solution, where Lotus would
give 24 bits of the 64-bit key to the government. When I coined the logo
"Big Brother Inside," the Cypherpunks meeting after Clipper was announced
in '93, it was this kind of cozy relationship between industry and
government I was mainly commenting on.

The NSA and FBI know that recruiting Netscape, Microsoft, Novell, Lotus,
and others to implement GAK in their stupendously popular software products
is the single best way to control the spread of strong crypto.

I say we make it clear that this will not fly for U.S. versions! What kind
of GAK gets built into products intended to be exported to Albania and Iran
is of little relevance here in the U.S., where no laws give the government
permission to dictate what is in a program, or how long a key is, or
whether master keys have been duly deposited with the secret police.

Let's remind people of this.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."