From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 77ef6cf55f884ccf4ca0aecc2d2bdcaeb0846888184fc61dd2d2f887172f676b
Message ID: <199512031730.SAA06145@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-12-03 17:29:56 UTC
Raw Date: Sun, 3 Dec 95 09:29:56 PST
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 3 Dec 95 09:29:56 PST
To: cypherpunks@toad.com
Subject: Re: Talking to Jim
Message-ID: <199512031730.SAA06145@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Jim Clark was quoted as having written:
> I made some pragmatic comments.
> I said that if we are to use this encryption technology in
> business, we must have a better solution than to limit
> keylength or put keys in escrow. All governments of the world
> have a valid concern about terrorism and other activities of
> concern to the security of their nations.
So what? If their position were (as it has long been in some countries) that their "concern" is best addressed by wholesale eavesdropping and informant networks, would you cave to that, too? This is an absurd foundation.
> All of them will continue to restrict our ability to provide
> products to their markets unless we build in some mechanism
> that allows them to legally access information that is in the
> interest of their national security.
Whoa! You're giving away the store without a fight! You've been able to capture what, 60-70% of the browser activity "market" and get a huge amount of capitalization from the public market, and you're whining that the world's going to end if government "restrictions" continue, just because those restrictions might slow down your commercial world conquest? Give me a break!
LET THEM CONTINUE to restrict! That will take care of itself quite handily. You're just afraid you'd miss some opportunities, or be one of the commercial casualties, isn't that right? Isn't that what this is really all about? And a valid concern, too, but not at the expense of my freedom! It seems clear from the way you put this that world standardization at ANY level of security would satisfy your commercial objectives.
> (We obviously cannot be involved in determining what is legal
> by the laws of that country.)
Oh? Since when? Commercial interests have long had a heavy influence on government policies, up to and including laws and wars. Your own U.S. government doesn't hesitate to attempt to influence other governments in their enactment and/or modification of laws, even constitutions. Do you think for a moment that the Caribbean Basin Initiative (to mention just one) has anything remotely to do with the U.S.'s altruistic interest in helping Basin countries' economies? Its OVERRIDING purpose is to influence their tax laws and effectively extend U.S. jurisdiction to those countries.
In any case you're writing as if you were selling screwdrivers, not the new wave of IT. You are riding the crest of a technological revolution that is going to make some laws, some governmental policies, even some governments, MOOT. Those it doesn't bypass it will certainly not leave untouched. To be sure, there is awesome power in the hands of governments, but it is also a fact that governments can be very fragile things. Many have fallen in the history of humankind, and modern "free" societies are supposed to have governments that serve, not dictate.
Governments, geared to human processes that proceed at human speeds, unable in their inefficiency even to keep up with ordinary humans, will be completely unable to stay ahead of IT. Governments that get in the way will disintegrate. Governments that embrace the future will survive. For you or anyone else to run around to the rear and stick their tongue firmly up government's ass is exactly the wrong strategy for the future.
> This is not just a US government problem. Until recently,
> France did not even allow us to sell products with 40-bit
> keys, much less 128-bit keys.
And some of us think that such idiocy, like celibacy, is a self-correcting phenomenon in this information age. If the French government wants to keep France behind the curve, that's fine. The French people will eventually put fire to their politicians' feet as their economy is increasingly bypassed and slides down the tubes. It's not YOUR problem to solve by going into agreement with the totalitarian objectives of Stone Age governments.
> A lot of ordinary citizens are rightly concerned about their
> own privacy.
No shit!
> I am one of them.
You could have fooled ME!
> I do not want the government to snoop on me,
It seems you really don't care, as long as you can firm up your billion and maybe roll it up to ten. Money buys a lot of things in this world, and as long as Jim can buy HIS privacy some day, hey, that's cool! But give a bit of thought to whether your children's privacy and safety will be able to be bought in a world made safe for Big Brother by commercial interests willing to give away the freedom store.
> but in fact the government, through the FBI, can now tap my
> phone without my knowing it by simply getting sufficient
> evidence that I am conducting illegal activities, then
> presenting this evidence to a court to get permission. I have
> no say in the matter.
So, therefore, nothing matters, right? Don't fight for the right to put locks on your doors, because if the government really wants to get in your house, they will. Here's a flash bulletin, Jim: That's not the kind of thinking that secured the freedoms Americans like to think they have. It is, though, the kind of thinking that can end them.
> If we as a company were to take the position that in no case
> will we allow a government to get access to our encrypted
> messages, or refuse to allow key escrow with our products,
> the governments of the world will quickly put us out of
> business by outlawing the sale of our products in their
> countries.
Obviously specious, because Netscape came into existence in a world of controls over which it had no influence. Having thus come into existence, and quite successfully so far, it is absurd to claim that if you don't cave and become supine enough to slide under the barriers that already existed, you will be put out of business.
I believe you have underestimated the power of a leading-edge 21st-century information product that is "Not available where regulated." I think you're copping out and looking for the easier, "Now with the best encryption available! (because no one is allowed to offer better)"
> The fundamental issue is how do we accommodate the
> requirements of governments, while protecting our
> rights as citizens.
No, Jim, that is not nor has it ever been the fundamental issue for business or individuals, least of all in the last few centuries in the free world. The issue for free people is how to secure the blessings of freedom, shaping government as necessary, so they can get on with their lives, which in turn is, after all, what everything is ultimately about. Your statement is more suited to the European authoritarian mindset, which has never quite come to grips with the idea of natural rights originating in individuals and flowing, WHEN AND IF THEY FLOW, by delegation to governments.
The legitimate purpose of government is not to tell you what your boundaries and constraints are. The Declaration of Independence correctly states that the legitimate purpose of government is to secure freedoms which do not themselves originate in government.
> None of this represents the position of Netscape with
> respect to what we will do.
Oh, garbage! You've just set forth the viewpoints of one of the key people who determines what Netscape's positions will be, and further, that you agreed in this with a bunch of other commercial interests!
> But if we do not come up with a solution to this problem
> that is acceptable to each government,
There it is: Supine, prostrate, submissive. Jim, there are some alt. newsgroups where you could make a bit hit with that approach. A few thousand Mistress X's in leather await a man willing to obey their every command.
> we will not be able to export our products,
Whiiiiine!
> except with a short key length (e.g. 40 bit keys), and that
> will not be acceptable to corporate customers in other
> countries. They will create their own solution, and we will
> not be able to sell to a larger world market.
This is the heart of the matter. Dominating the U.S. market is in no way sufficient to your appetite. Maintaining a clear technological lead here, with consequent pressure on controlled markets to lift their controls and to pressure the U.S. to lift its export controls, is not what you see as the better strategy. You fear losing momentum, you covet those foreign markets, perhaps you even fear the emergence of superior foreign technology given clear incentive over time.
Your choice, then, is to be an instrument in furtherance of totalitarianism in order to improve what you perceive to be your shorter-term odds, and to justify it on the basis that it is inevitable anyway. Bad. Very bad.
> In fact, we could even be ordered by our own government to
> establish a key escrow system for its use inside the US.
You seem to have walked so far down the road of saluting government that you've forgotten that there is a Congress. This is supposed to be a government of laws, not orders. It's an entirely different issue, though, than the one of embracing GAK in a bid for world browser conquest. If U.S. GAK comes to pass, it will not be without discussion and debate, some of it no doubt quite heated. Everyone will have to deal with it as they see fit. That's not the same thing as a cow offering itself for genetic engineering in order to slither a new, longer neck under the bottom strand to reach that greener grass at the expense of its legs (that's tortured, but I think it makes a nice image).
Your manner of expression supports my impression that someone has innoculated you with GAK juice. The power of influential people to do that, and to follow through on their veiled or not so veiled threats depends entirely on their remaining unseen to the public. I'd STILL like to know who got to you and what they said.
> Ironically, anyone in the US may import unbreakable
> encryption technology from another country -- we just
> cannot sell it back to them. No one ever accused the
> government of being rational.
This is the clearest thing you've written in the whole piece (though it sheds no light on Netscape's position). Makes you want to kick yourself for not having set up shop in some other country in the first place, doesn't it?
You can BET that other people ARE setting up shop in other countries, even as we write. The logistics of information over distance are collapsing at an astonishing rate. What would have been difficult or prohibitively expensive five years ago is feasible today. What seems too much trouble today will be a piece of cake next year.
What you *could* have done early on, had you or anyone else clearly seen where this was headed (and hey, who did?), would have been to contract with a resource in a crypto-unregulated jurisdiction, perhaps even one where constitutional or legislative bars to such control exist or could be construed, to license the necessary parts your company in the form you need them. Done right, this could have positioned you to import the crypto as it could be imported into any supposedly free country, penalizing thereby only the thoroughly clueless countries. You would never have been in the position of exporting it. If the dotted line in your product can't be at the "hooks" level because of restrictions, there is some level higher than that and lower than "run netscape" at which the dotted line CAN be drawn and still pass muster, or all software in the world would be stillborn.
Too late now, eh? Maybe. Maybe not.
> I chair an industry group called the "Global Internet
> Project", with members from almost twenty companies,
> including companies from Asia and Europe. This was the
> central issue we all agreed upon this morning, and we
> are putting together a policy statement whose purpose
> is to educate lawmakers on the importance of quick
> resolution of this matter.
That's scary. You'd be better advised to hang around with people steeped in the rugged individualism of America's genesis. If you put your efforts into creating irresistible forces in the marketplace you could leave the process of educating lawmakers to their constituents, who would do it by putting political fire to their feet, something to which politicians respond better and faster in any case.
How many of the people who pay your bills do you think will be comfortable with the idea of you cuddling up with a bunch of other self-appointed world planners (some of whom no doubt come from countries where freedom is a quaint notion that has never quite been fully grasped), dividing up their freedoms and handing them to governments on a silver platter, presumably in exchange for injections of grease to your money machine?
> Thanks for your concern.
You're welcome.
> Let me know what you like and don't like.
Now you know.
One of the great values in the new information paradigm is that you can, if you choose, read messages no one would have dared bring you in the insular past. Executives who get to hear only what they want to hear usually fail, often spectacularly. Any executive in a publicly-discussed business today who wants to take the pulse of real people has only to tune in and see for himself. It takes courage, though.
We Jurgar Din
(that will have to suffice: I do not yet live in a free country)
+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now +
+too late to retire from the contest." -Patrick Henry 1775 +
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBMMHTCUjw99YhtpnhAQFq8gH+Kr2QhcP7wWh0jdOM+2UBWldm0jDgcR5p
HTXsoHbYVc8Q8LRwpcV33T4Jq+z7OTFGBX7RuyIRDkGSmloZ6NGbag==
=Skic
-----END PGP SIGNATURE-----
Return to December 1995
Return to “nobody@REPLAY.COM (Anonymous)”