Re: Why GNU GPL is bad for crypto deployment

[Michael Stutz <stutz@dsl.org>]

On Tue, 29 Sep 1998, Adam Back wrote:

> Here is problem: say that our goal is to maximise deployment of
> software with crypto built in, especially commercial software.

I think your argument is only valid if you replace "commercial" with
"proprietary" and replace "especially" with "only in the case of."


> Well, it's your code, and you wrote it, so it's your choice: my
> comments are based on the assumption that the author is more
> interested in crypto deployment than in the GNU license virus as a
> means of promoting the availability of source code.

Free software is not about simply providing the source code as a
programmer's convenience, but it ensures that each user has freedom. And
free sofware always leads to the development of _more_ free software (case
in point: GNU C++, which was built off gcc and developed by a consortium
that usually releases non-free software. I expect the same kind of synergies
to occur with GPG and other crypto-related free projects).

If your goal is to maximize the amount of *non-free* software that contains
built-in crypto, then the GNU GPL is not the license to use, because it does
not pander to corporations and other large organizations who benefit by
restricting information to individuals.

If you release your crypto code as public domain, those companies who sell
binaries of non-free, proprietary software will eagerly use your code in
their products. But they (or the govt, or anyone else) are not obligated to
release the source of any improvements or modifications made to your code.

You might think, "This trade-off is okay, since my original code is still
available. But I want the best of both words -- I want GNU people to use my
code, but I also want Microfoo to adapt it, too."

The prospect of Microfoo possibly using your code might tempt you -- this
might get your code in more places right now, but it will not benefit to the
free software community (depending on your license terms, the code may well
be unuseable, or only useable until a replacement is written), and the users
of Microfoo's verion will be deprived of their freedoms to distribute or
adapt your code. So it might not help your long-term goal of maximum crypto
deployment.

Furthermore, if the code were to be released under a "cypherpunks license"
as described -- which added additional restrictions to the use of the code
-- it would not be useable at all on free operating systems. (This is why
PGP had to be rewritten from scratch.)

I would suggest that the GNU GPL, which protects the freedom of all
individuals who use the software, and ensures that the information always
remains free, may be as "cypherpunk" as a software license can get, if the
idea is to keep the information free.

If you want to publish code that individuals are be free to run, copy,
distribute, study, adapt and improve, write free software that can be used
on free operating systems. If you work on and improve this free software,
the body of free software will increase and the currently-in-use non-free
software will head closer to 100% obsolescence. By writing free code, you
will catalyze this process and ensure that free systems contain your code.
You might not have your crypto code on as many systems tomorrow as you would
have if you had been tempted by the thought of proprietary use of your code,
but for the long term, it seems that the best way to ensure that strong
crypto be available everywhere for all individuals is to make that crypto
code free, without exception -- and the best way to do that is to copyleft
it.

For a list of current FSF crypto-related projects, please see
<http://www.gnu.org/prep/tasks.html#SEC8>.