From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jan 1996 04:20:48 +0800
To: Rishab Aiyer Ghosh <rishab@m-net.arbornet.org>
Subject: Re: Netscape and NSA
In-Reply-To: <m0td0rd-0009PVC@m-net148.arbornet.org>
Message-ID: <30FF642C.400@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rishab Aiyer Ghosh wrote:
> 
> Any special reason why Netscape is working with
> the NSA to support their Fortezza encryption card?
> 
> ObConspiracyTheory: Hmmmmm....
> 
> Nice government-friendly Jim Clark quote, with the rest of the story
> http://www-e1c.gnn.com/gnn/wr/96/01/12/features/nsa/index.html

  Here is another quote for you:

	"Netscape will fight in all forums for totally private
	encryption." -- Jim Barksdale Netscape CEO

  One particularly interesting paragraph from the GNN article is:

	"One senior Federal Government source has reported that
	NSA has been particularly successful in convincing
	key members of the US software industry to cooperate
	with it in producing software that makes Internet
	messages easier for NSA to intercept, and if they are
	encrypted, to decode," Madsen wrote. "A
	knowledgeable government source claims that the NSA
	has concluded agreements with Microsoft, Lotus and
	Netscape to permit the introduction of the means to
	prevent the anonymity of Internet electronic mail, the use
	of cryptographic key-escrow, as well as software industry
	acceptance of the NSA-developed Digital Signature Standard (DSS)."

  I believe that the reference to Netscape in this paragraph is
a distortion of our agreement with the NSA.  They agreed to
buy some of our current products, which they paid for, and to
buy products in the future that support Fortezza.  Given the
large number of organizations within the government that are
standardizing on fortezza, our motivation for producing such
a product should be obvious.  I think in the end the non-NSA
purchases of Fortezza based products within the government
will be much larger than what the NSA buys.

  Once we have implemented Fortezza we would like to add support
for many alternative crypto cards that are not GAK'd and are more
apropriate for commercial or personal use.  We will also continue
to offer software encryption.

  Management here has never asked me not to implement anonymity
enhancing features.  They have not asked me to implement DSS.
They have not asked me to implement GAK.  Management has
let me hold up a release to fix a bug that was causing a
user's identity to be accessible from a server.  We have
awarded several bugs bounty prizes to people who found
bugs related to privacy.

  I understand that in his keynote speach at the RSA Security
Conference Jim Barksdale repeated our strong opposition to
GAK.  Perhaps someone who attended could provide more details.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.