From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 20 May 1997 12:38:10 +0800
To: cypherpunks@cyberpass.net
Subject: RSA v PGP lawsuit
Message-ID: <3.0.1.32.19970519212159.008e1740@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



I drove down to the courthouse in Redwood City today and took a look at the
court file for RSA v PGP. The complaint is already online at
<http://jya.com/rsavpgp.txt>; there are two exhibits which accompany the
complaint in the file, Exhibit A is a 30-page patent license agreement
(which I didn't bother to have copied at $.75/page), the second is Exhibit
B, a letter from RSA's attorneys to Leonard Mikus of Lemcom Systems dated
4/16/97, which describes the basics of the dispute between RSA and PGP. I
copied the letter and have placed it online at
<http://www.parrhesia.com/rsapgp.html>.

The lawsuit itself is not for monetary damages, but for declaratory and
injunctive relief - RSA is asking the court to declare that the license
agreement's provision regarding arbitration did not survive the termination
of the license; that the royalty, payment, and accounting provisions of the
license agreement did survive its termination; and for an injunction
ordering PGP to comply with the agreement's terms for paying royalties and
accounting for sales.

What I find interesting is what is not included in the suit - a claim for
patent infringement. (Such a claim can only be filed in federal court, and
this suit was filed - at the plaintiff's choice - in San Mateo County
Superior Court, a California state court.) 

The letter identifies several areas of disagreement between the parties:

1.	RSA believes it had the right to approve or reject the PGP/Lemcom merger
2.	RSA says that PGP has licensed the patent to OEM customers, in violation
of the license agreement
3.	RSA says that PGP has licensed certain source code to some customers, in
violation of the license agreement
4.	RSA says that Lemcom has not made a royalty payment since the third
quarter of 1996. (But I'm sure I saw something - in the media? - where PGP
says they've been making royalty payments.)

And the letter says that RSA is immediately terminating PGP's license to
use/make software including the RSA public-key algorithm because of those
breaches. 

PGP hadn't filed a response yet - they'll have 30 days to do so from the
date of service, and I think they were served with the suit somewhere
around the 10th of May. (There was a proof of service document in the file,
but I didn't bother having it copied.) 
--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.