From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 11:54:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5gs0-0008zfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:07 PM 4/6/96 -0500, Black Unicorn wrote:

>> I contend that had he talked to Phillip Zimmermann in 1990 or so, he would 
>> have told Zimmermann that "It's illegal to write an encryption program 
using 
>> RSA, because it's patented!  You'll never get away with it!"
>
>I would have indicated that "you're going to face the prospect of 
>intellectual property litigation, and that can get nasty in the extreme."

One thing I've never heard is an explanation of how computer software and 
especially mathematics went from "extremely not patentable" in the early and 
middle 1970's, to "patentable" once Messr's Rivest, Shamir, and Adleman 
invented a piece of mathematics that the government wanted to deny to the 
public.  How convenient.

Coincidence?

Even if we accept the supposition that at some point, "they" decided for 
non-suspicious reasons to _start_ issuing patents on software and 
mathematics, I've never heard an explanation of how R, S, and A _knew_ to 
apply for a patent, long before the first software patent was issued, and 
even longer before the first pure mathematics patent was issued.  (which, 
was, probably, on RSA!)

Were these guys psychic or what?  Who told them what, and when?  Patents 
have to be applied-for within a year of disclosure, which means they had to 
decide whether to pay the money for a patent application that by historic 
standards could not possibly be issued.  Yet they did it anyway.

What's wrong with this picture?

>> But history records that Zimmermann _did_, and he "got away with it."
>
>A combination of politics and law and timing.

Something tells me that given the unblemished history of non-patentable 
mathematics, RSA could never have withstood a patent challenge.  They had to 
have known this.


>> >That is, resist by what legal means are available, but ultimately depend 
>> >on the user to secure his or her own data.
>> 
>> Notice that Unicorn never gives useful specific suggestions about which 
>> "legal means are available."
>
>Notice that there are no checks in my mailbox from Mr. Bell.

Implying that he's unwilling to do anything useful for free, which raises 
interesting questions about why he's bothering to  send his notes to me.  Is 
he being _paid_ for this?

>> >Where I differ with Mr. Bell is that he seems to think the ISPs of the 
>> >world are going to rise and unite to quash the oppressive hand of big 
>> >government at their own expense in order to satisify some sense of 
>> >personal ethics or customer goodwill.
>> 
>> Cumulatively, they could do exactly this.  Spread among most ISP's, the 
cost 
>> per ISP could be quite low.
>
>Provided you could get "most" ISP's to sign on, provided that the 
>insurance provided for the very expensive proposition of seizure of ISP 
>equipment, and provided that this be the first insurance entity ever with 
>a stated policy of paying off policyholder for criminal sanctions which were 
>directly the result of overt illegal acts by the policyholder.

Yet another misrepresentation.  The purpose of the risk-pooling is obviously 
to set a friendly precedent, and it does not require any "overt illegal 
acts," merely challenges to an overly broad interpretation of subpoena 
power.  Any siezure of ISP equipment would simply result in another "Steve 
Jackson Games"-type decision that would be expensive for the jurisdiction in 
which it occurred, and would further cement the precedent that the 
government couldn't do anything about.

In fact, one of the most obvious precedents that needs to be set is that the 
government has no right to sieze equipment from an ISP (and thus shut the 
ISP down) if all it wants is _data_.  Clearly, that's exceeding the bounds 
of what the government is realistically entitled to.  I think the most any 
ISP should be required to do is to present an encrypted version of all the 
system's data, and then the appeals process can start.  The government won't 
be able to use the data until the process is complete, months or years down 
the line.  Naturally, the fact that the information on the system is 
subpoenaed should automatically become public knowledge, because the data is 
already fixed and immutable.

And an ISP should NEVER be required to act as an agent for the cops, and in 
fact should be prohibited from doing so if his contracts with his customers 
certify he won't be.  

Jim Bell
jimbell@pacifier.com