From: aba@atlas.ex.ac.uk
Date: Fri, 22 Dec 1995 22:33:49 +0800
To: cypherpunks@toad.com
Subject: PGP timeline FAQ... comments requested
Message-ID: <297.9512221337@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



There seems to be much confusion amongst some of the newer users of
PGP who frequent alt.security.pgp, and recently whilst delving in to
give my version of how it happened my post got longer and longer,
until it grew on the spur of the moment into a sort of FAQ.  I got a
few comments, and corrections from that post, but I thought there are
likely to be people who know more annecdotes and were around at the
time that RSA was being published in the face of NSA opposition, etc.

Let me have your comments on the accuracy, plus any annecdotes which
you think really should go in to give the correct feel for the
historical timeline.

Thanks,

Adam

======================================================================
PGP timeline and brief history
======================================================================

contents:

0    Definitions of acronyms

1    History of crypto as it applies to PGP

2    Birth of PGP

3    USG decides they don't like PRZ

4    PRZ, MIT and RSA sort out earlier patent issues

5    Current legal status

6    ITARs viewed from inside the US

7    ITARs viewed from outside the US

======================================================================
0    definitions of acronyms
======================================================================

PGP = Pretty Good Privacy

PRZ = Phil R Zimmermann, internet folk hero, author of PGP

RSA = The RSA public key algorithm as used in PGP

RSADSI = rsa.com, RSA Data Security Inc, patent holders of some public
         key stuff, which they claim means that no one can use RSA without
         getting a license from them.

PKP = public key partners RSADSI plus Cylink (plus others?) (now disbanded)

ITAR = International Traffic in Arms Regulations controls export of
       controlled munitions from the US, things like military
       aircraft components, biological and chemical weapons, and also
       (very strangely) cryptographic software.

PK = public key (crypto)

NSA = US National Security Agency, US govt's largest spook agency.
      whimsically known as No Such Agency, because until recently the US
      govt tried to deny they even existed.

OTDC = Office of Defense Trade Controls, USG group charged with
       enforcing ITAR.  They consult with the NSA, the NSA has the
       last word on what gets export approval.

======================================================================
1    History of crypto as it applies to PGP
======================================================================

1.1  The year is 1976 a cryptographer, and privacy advocate named
     Whitfield Diffie, together with mathematician named Martin Hellman
     discovers public key cryptography.  (DH key exchange is still a
     commonly used key exchange protocol -- DH = Diffie-Hellman).

1.2  1977 Ron Rivest, Adi Shamir, and Len Adleman discover another more
     general public key system called RSA (after surnames Rivest,
     Shamir, and Adleman).  R, S & A were researchers at MIT
     (significant later, because MIT had part ownership of patents.)

1.3  NSA tells MIT and R, S & A that they'd better not publish this or else.

1.4  Amusingly Adi Shamir (A from RSA) isn't even a US citizen, he's an
     Israeli national, and is now back in Israel at the Technicon (is
     he, anyone know his current affiliation?)  Who knows what the NSA
     would have done about him if they had succeeded in supressing RSA
     - not allowed him out of the US?

1.5  MIT and R, S & A ignore NSA and publish anyway in SciAm July
     1977. Comms ACM (feb 1978, vol 21, no 2, pp 120-126 in case 
     you want to see if it's in your library - it's in Exeter Univ
     (UK) library).

1.6  Because the publication was a rush job due to the NSA, R,S & A
     and the later formed PKP and RSADSI lose patent rights
     to RSA crypto outside the US.  This is because most places
     outside the US, you have to obtain a patent *before*
     publication, where as in the US, you have one year from the
     publication date to file for patents.  This also had implications for
     PGP later

1.7  IDEA was developed by Xuejia Lai and James Massey at ETH in Zurich.
     (Relevant to PGP because IDEA is the symmetric key cipher used
     together with RSA in PGP).  Also crypto politics relevance in
     that it is another (of many) examples of the fact that crypto
     knowledge and expertise is worldwide, ie why export restrict
     something which is available both sides of the ITAR fence, or
     even originated *outside* it?  (Strangely, ITAR applies to
     importing and then re-exporting a crypto system, even if no
     modifications are made).  There are lots of other symmetric key
     ciphers, IDEA is one with a good reputation (no known practical
     attacks better than brute-force to date, and a good key size), and
     is just referenced here because of its use in PGP.

(some years pass...)

======================================================================
2    Birth of PGP
======================================================================

2.1  PRZ wrote PGP

2.2  PRZ gave PGP to some friends

2.3  some friends up loaded onto a few bulletin boards (US only)
     One friend (allegedly Kelly Goen) went around pay-phones with a
     portable, an acoustic coupler, and a list of BBS phone numbers
     uploading and then driving on to another area.  This cloak and
     dagger stuff was because at the time the USG had some draconian
     sounding proposed law on the books which sounded like it was
     going to outlaw crypto.  The intention was to ensure that PGP was
     available before this law came into effect, and to avoid being
     stopped if the USG took interest.

2.4  somehow PGP leaked outside the US via the internet.  Information
     wants to be free, as someone said: `trying to control the free
     flow of information on the internet is like trying to plug a
     sieve with a hole in it'.  Also Tim May's quote 'National borders are
     just speedbumps on the information superhighway' expresses the
     point very nicely.

2.5  people all over the world (yeah outside the US too) start using PGP

2.6  RSA complains to PRZ that PGP violates their PK patents

2.7  PRZ tells RSA to get stuffed, says its the users problem to get a license

2.8  PGP is considered potentially patent infringing because of 2.6

2.9  Illegality taint increases the spread of PGP, generates news, more
     people get a copy to see what the fuss is about

(some time passes, PGP gets real popular...)

======================================================================
3    USG decides they don't like PRZ
======================================================================

3.1  US govt decides that they don't like PRZ because the NSA can't
     tap all those internet mail messages anymore.  (the NSA part is
     speculation, but in my opinion likely true).

3.2  US govt begins investigating PRZ for alleged aiding with ITAR
     violation.

3.3  Phil Zimmermann legal defense fund set up to cover his legal
     expenses

3.4  still on going...

(concurrently...)

======================================================================
4    PRZ, MIT and RSA sort out earlier patent issues
======================================================================

4.1  MIT and PRZ work with RSA to sort out patent issue.

4.2  A solution is obtained in that RSA agree that PGP can use RSA
     provided that their RSAREF library is used.

4.3  PGP2.5 is written which uses RSAREF in place of MPILIB (also
     has backwards compatibility with older versions impaired to discourage 
     use of older allegedly patent infringing versions - to keep RSA happy)

4.4  RSAREF may be slower, but at least with some negotiating by PRZ
     and MIT, PGP is now 100% legal in the US

4.5  MIT begins acting as official US distributor of PGP

4.6  As usual, a few milli-seconds (well okay, minutes) after the
     official release of a new version of PGP, it gets exported from
     the US.

4.7  The deal with RSA over RSAREF has fixed the patent related
     problems in the US, but it has created a copyright related
     problem outside the US, (recall 0.6).  RSAREF is a software
     package copyrighted by RSA, and RSA is not allowed to export it
     because of ITAR, and their license agreement says as much (ie it
     says that you must not export it, and if you do export, you, and
     the subsequent users of it, are in breach of license).  It is
     therefore supposed that RSA could if they wanted complain about
     this (who knows that they would want to, or what conceivable
     benefit it would give them if they did).  This isn't enough to
     bother most people, but commercial users, and big organisations
     have lawyers, and are wary of such things.

4.8  Staale Schaumaker put together pgp26i to avoid this problem.  Main
     difference between pgp26x and pgp26xi is that pgp26xi uses PRZs
     original big integer library MPILIB, which is any case faster than
     RSADSI's RSAREF, and the lack of the legal kludge noted in 3.3.

======================================================================
5    Current legal status
======================================================================

5.1  PGP is legal both inside and outside the US.  You just need to use
     pgp26 versions inside the US, and pgp26xi versions outside the US.

5.2  In the US if you are using PGP in a commercial setting, and care
     about patents, you should purchase a copy of ViaCrypt pgp2.7

5.3 Commercial use outside the US: RSA is free, in the PGP docs (pgp262i
    & pgp262) Ascom-Tech are quoted as saying that currently no license 
    is required for commercial use of PGP outside the US as far as they
    are concerned.  Ascom-Tech are the patent holders of IDEA (see
    1.7), the symmetric crypto system used by PGP.

======================================================================
6    ITARs viewed from inside the US
======================================================================

6.1  ITAR means that if you are in the US you should not export PGP.
     (Yeah it's already available on a few thousand ftp sites around the
     free world, so another export isn't going to make any difference, but
     the NSA and the ODTC might not see it in that light).

6.2  Even though controlling the export of freeware software available
     worldwide might seem incredibly stupid (not to mention
     pointless), you should bear in mind that the penalties for
     getting successfully prosecuted for violating ITAR are rather
     steep.  Up to $1,000,000 (US$) fine, and and up to10 years
     imprisonment per count of export.

6.3  They'd probably never do anything to you, PRZ is just a scape goat
     (someone they can symbolically persecute to discourage others).
     I have personally seen several people from US sites post crypto
     source and binaries (nautilus, PGP itself even).  Plus of course
     this:

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)

     has probably been exported a few hundred thousand times by now.
     (It's an implementation of RSA encrypt and decrypt in perl and dc
     - a real crypto system, which has every right to claim ITAR
     status if anyting does, and yet benefits from being more
     convienient to use as a .sig than a uuencoded PGP binary)

======================================================================
7    ITARs viewed from outside the US
======================================================================

7.3  If you are outside the US, ITAR probably doesn't apply to you. 
     You could, if you could be bothered, down load PGP from a
     US site, and short of attempting an extradition for violating a
     regulation which only applies in the US, there would be nothing
     the NSA, or USG could do about it.  Most extradition treaties tend
     to rely on the action being prosecuted being illegal in both
     countries.

7.4  Yeah, I know `tell that to Manuel Noriega' (a Panama citizen who
     was kidnapped by a USG undercover agents and brought to the US to
     face trial for importing/exporting drugs from Panama into the US.
     He broke no Panamanian laws, he is a citizen of Panama, and was in
     Panama when he committed his crime, and he is now languishing in
     a US jail).

     However, he was kidnapped for a number of reasons:

	1. the USG thought they could get away with it (Panama owed
           them a few favours)

        2. politically easy to pass of acts of aggression (kidnap by
           civilised countries in this day and age?) in the name of
           the `War on Drugs'

        3. they thought it was worth it.

     Some of these criteria are likely to be missing if there was an
     attempt to extradite a non-US citizen outside the US for breaking
     ITAR.  One big problem is that crypto is not controlled as much
     in most of the free world.  Also the fact that the USG haven't
     bothered other people within the US who have similarly exported
     crypto software (examples cited in 6.3) would make the whole
     situation look rather silly.

7.5  A more important consideration is that although a non-US
     downloader of PGP from a US site would be effectively immune to
     the ITAR nonsense, the owner of the (US based) ftp/www site may
     not be.  You might get the site owner in trouble for not taking
     adequate precautions.  So politeness demands that you don't do
     it.  

7.6  Indeed why bother anyway, because PGP is available from
     literally thousands of ftp sites, there is bound to be a closer
     (and hence likely faster download) copy, without any hoops to
     jump though.

======================================================================

Long live the Pretty Good revolution,

Adam Back <aba@dcs.ex.ac.uk>