1995-12-01 - Re: Netscape gives in to key escrow

Header Data

From: JR@ROCK.CNB.UAM.ES
To: cypherpunks@toad.com
Message Hash: b0e0d220b8e98c8e129ec60ab383e57673547fd0b1d705340766f34430a8c6f1
Message ID: <951201140557.20a03b98@ROCK.CNB.UAM.ES>
Reply To: N/A
UTC Datetime: 1995-12-01 11:59:20 UTC
Raw Date: Fri, 1 Dec 95 03:59:20 PST

Raw message

From: JR@ROCK.CNB.UAM.ES
Date: Fri, 1 Dec 95 03:59:20 PST
To: cypherpunks@toad.com
Subject: Re: Netscape gives in to key escrow
Message-ID: <951201140557.20a03b98@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


From:	SMTP%"tcmay@got.net"  1-DEC-1995 12:26:55.99

>With the assumption that this is not a troll, and giving the writer some

	No, it isn't.

>At 10:45 AM 12/1/95, JR@ns.cnb.uam.es wrote:
>>With regard to all this waving about Netscape giving in to key scrow...
>
>Key _escrow_, though "scrow" is perhaps just as accurate as the
>improperly-named "key escrow" (hint: escrow is something done voluntarily,
>not the situation here with GAK).
>
	Yup. I should have said "mandatory key scrow". Sorry for using a
shorthand.

>Having said this, I think all of the shareholders, either of issued shares
>or as-yet-unissued shares, are interested in maximizing share value. Not
>surprising.

	That's the point. They look after *their* interests, not after
"public" interest, specially where "public" is a local (as big as local
to US may be) interest in a global economy.

>Importantly--and maybe this is the real point JR is making--we on the
>Cypherpunks list are probably *not* interested in Netscape's stock price.
>But who cares? Our role is not to maximize Netscape stock price, but to
>talk about what is "right" and what is not right. And GAK is definitely not
>right, to the vast majority of us.

	Right. What I wanted to say was exactly that.

>They were "criticized" not because they went public with their stock but
>because of their security mistakes, made more important by their sudden

	The point is not why they were chased but the fact they were. It
reflects on further reticences by crypto-interested people to get involved
and opens more field to crypto-unaware or uninterested people to gain
control of the company.

...
>Well, this is the point, isn't it? I doubt there are such things as "tax
>reliefs" for Netscape--these things are done pretty much out in the open in
>the U.S., and any special tax treatment would be widely noticed--but there
>may indeed have been "discussions" with senior management at Netscape.
>Several of us have already speculated in broad terms on this.

	Well, I don't know about what kind of compensation could be
offered. Tax reliefs was just a suggestion. What about saying "hey
guys, if you comply with our demands we'll set Netscape as the standard
browser for the administration. If you don't you won't sell a copy".
In any case, the point is that a Government (anY) can make strong pressure,
specially one as big as USA's Gov. And facing it is a risky position.

...

>First, a viable strategy is to simply do nothing. Ignore the goverment's
>protestations, drag one's feet, shrug, etc. Jim Clark could simply have
>said nothing. (Recall that Bill Gates came out recently saying that strong
>encryption is inevitable...Clark could have either said nothing, or said
>something similar to what Gates said.)

	That may be a very bad move from their point of view. If the Gov.
pushes hard, and it is an important customer, it is in their interest
to satisfy them. As long as anyone else wants to follow the Gov. it is
also good for them to follow those lines, and to be the firsts ones.

	What about foreign customers? If the Gov. can restrict export of
your technologies, they'll move to other providers. It is better for
you to pay hommage to the Gov. requests and get to overseas markets
faster and sooner than anyone else.

>Second, the issue is not "satisfying" a "bunch of cypherpunks." If Netscape
>truly pushes for GAK, and people reject GAK and Netscape, then this will
>surely hurt shareholder value. (Frankly, I expect one or more stories to
>appear in the next few days about the budding "Friends Don't Let Friends
>Use Netscape" and "Just Say No to Netscape" movements. Whether this will
>hurt the stock is unclear.)

	The "just say no" movement is OK as long as you don't append
"to XXX". It could work if it is only Netscape... But as soon as anyone
else gives in (e.g. Microsoft) it will become a burden. It's much better
IMHO to ask "say yes to privacy". It's much better to say "this page is
optimized for good safety and may not be reliable under non-crypto
browsers -e.g. Netscape-" than saying "your browser is bad". Which
BTW, may be OK in the USA, but is not in other places. Belgium comes
to mind for forbidding negative advertising. And surely others. 

...
>I say that the ideas being discussed are in fact "constructive" ideas.  I
>won't reiterate them all here, but they clearly involve concrete action
>(e.g., modifying server software to issue warnings to Netscape users, or
>encouragement of alternatives to Netscape).

	Some of them are. Others are not. Others are destructive (like
denying access to Netscape users), or unpracticable (like saying "Mozilla
is not the best thing" in some places), or unrealistic (like saying "quit
your job"), or plain silly.

	If you deny access to a user, you'll make him/her angry. And not
angry with Netscape. They'll be angry with you. We need people on our
side. That's basic psicology. I'd go for more pages explaining what
crypto is and can do for Joe Random.

	Many people has said "I can do this or that with my server or
whatever". How many people is offering an alternate safe crypto service 
and making it interesting and desirable for Joe Random? And making it 
well known? I'd say that not enough. 

	If you can offer an attractive service, protected with another
crypto method, and make it popular, people will demand it. If you just
add a note saying you use that crypto 'cos Government-enforced crypto is
not good enough, people will feel happy and will learn.

	In general, people prefers positive presentations to complains
or problems. Have a look at TV ads. How many of them say "Don't use
that stuff, it's shit" instead of "Use my stuff, it's better".

	That's what I advocate: a positive course of action, offering
a better alternative. Not just a storm of complains or "bad karma".

>What more are you expecting? Have you been reading what people are actually
>discussing doing and actually already doing?
>
	Yes, I've read all along. As I hope will be more clear now. And
I have found lots of people saying "I won't support Netscape", "I will
say no", "I will deny access to Netscape", "I'll add a complain to my
page", "Jim should retract", "Netscape should go back", "Netscape better
changes its money-making policy and becomes a political activist", 
"This or that guy must quit job"...

	What I was expecting is people to be more realistic, not to forget
that the main goal of a company is to make money instead of defending public
freedom (which indeed is bad for business), and start promoting better (or
not) alternatives.

	And, to finish, note that I have also seen some very good answers,
on which I don't coment since I agree and have little to add to.

>--Tim May
>
				jr






Thread