From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Mon, 3 May 93 10:05:12 PDT
To: cypherpunks@toad.com
Subject: PATENT: A LEGAL way---maybe!
In-Reply-To: <9305031301.AA22009@toad.com>
Message-ID: <9305031701.AA05899@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I first wish to apologize for a bit of impreciseness in a previous
posting.  I had said that a personal use exemption was not legal.  I
should have stated that personal use is not a defense against a claim
of infringement, and that barring any other defense (e.g. research)
such use would not be legal.  I hope this clarifies.

Peter Honeyman references a law review paper arguing for an
experimental exemption to patent rights.  This is a good document for
us.  Perhaps one of the many members of the Information Liberation
Front (ILF, which also stands for Information Longs to be Free) which
are around the country might arrange for an electronic copy to be made
available.  I have not read the paper, but I do have some comments on
its usefulness.

I think that an experimental exemption will not work for wider goals,
and I state two reasons below.  I also think that the existence of the
exemption is a huge rhetorical win for distribution.

First, an experimental exemption does not touch commerce.  PGP is
stalled right now in two areas.  The first, distribution, is not the
major problem given the number of overseas sites carrying PGP.  Lack
of commercial availability, however, is.  There are business that
would like to use PGP, but cannot.  Phil has mentioned some specifics
to me; some of these are large companies.  PEM implementations are
available commercially right now; they are not yet in widespread use,
but given the positive economic feedback in markets where
compatibility is key, PEM could easily and quickly overtake PGP
completely.  

As far as I'm concerned, this issue is moot with respect to PGP.  The
development plans are already in place to put RSAREF into PGP in order
to legitimately license it.  But the same argument applies whenever
one might want widespread deployment of a system which infringes some
patent claim.  Digital money falls into this category squarely.

Second, even with a research exemption, you have to be doing _bona
fide_ research.  _Bona fide_ is Latin for "in good faith."  If you
merely claim you're doing research, that is not sufficient.  Bona fide
research certainly encompasses some academic research, but not all.  I
suspect that superconductivity researchers who used PGP to exchange
valuable technical information would be be consider to be doing
cryptographic research.  On the other hand, bona fide research need
not be confined to the academy.  The operators of remailers currently
could well be argued to be doing research, but when deployment becomes
widespread the defense of research becomes harder and harder to mount.

Both these concerns limit the extent to which a research exemption
could be used to promote the spread of cryptography.  This seems
entirely in keeping with the idea of an exemption for the purpose of
extending the state of the art, which is always conducted by very few
people.  The research exemption does not generalize.

The research exemption does have one extremely positive effect, and
that is on distribution from University sites.  Since the University
has a mission to research, distributing a research tool from an
anonymous ftp site is clearly within the purview or research.  The
question of bona fide research remains.  I would suggest that Peter
Honeyman simply start a research project "to study the distribution
mechanisms of public keys in a non-authenticated, highly networked
environment."  Peter, you could do this just by fiat, by creating a
document that says you're doing this.  This document could be handed
to the administrators at the University of Michigan ftp site, who
could then reinstate PGP with some measure of certainty that it was
legitimately there.

Yours in wiliness, but also in good faith,

Eric