IP: How to Compete under Clipper-3 (2 items)

[Dave Farber <farber () central cis upenn edu>]

Date: Thu, 03 Oct 1996 11:36:38 -0700
From: John Gilmore <gnu () toad com>




> * Even if some industry participants fall for it, the majority will not.
>   The "deal" is simply not any good for anyone but the Administration.
>   Expect the same opposition to Clipper III as we saw with Clipper I and II.


The difference is that some weak companies will decide to fall for it.
These companies may think that two years of 56-bit un-escrowed
products (with promises of key escrow in future releases) will be
competitive against 40-bit un-escrowed products.  They're right, but
that's not the competition they will be facing.


The right competitive strategy is to build strong crypto using 168-bit
Triple-DES, in a country that has a sane government and a respect for
privacy.  Such products would sell well against 56-bit products or
key-escrowed products produced by the weak companies that tried to
lean on the government for a competitive edge.


If the US government ends up ever imposing import restrictions on
crypto, it will be completely clear to everyone that their goal all
along has been to restrict the availability of privacy to AMERICANS.
The export laws, their continual announcements that "Americans are
free to use any crypto they want", and all their preaching about
impacts on foreign intelligence would be known as an obvious sham all
along.


Import restrictions would not be any more Constitutional than export
restrictions.  The Constitutional right to receive information (in the
form of source code) from outside the US will enable companies to
bypass any import restrictions that survive Constitutional scrutiny.
They can do their crypto development in a free country, ship binaries
to most of the world from there, ship source code to the United
States, and compile that source code to binaries for local US
distribution.  None of these actions will violate any US export or
import controls that can be Constitutionally imposed.  Such
development can be done in dozens of countries.  Some countries who
aren't afraid of their citizens having privacy will find it
economically advantageous to remain free, despite US pressure to
suppress privacy.  A small industry of good cryptographers will grow
into a large industry there, as the US pressures the rest of the world
to become less free.


        John


Date: Thu, 03 Oct 1996 15:25:45 -0400
From: "Perry E. Metzger" <perry () piermont com>
Sender: owner-cypherpunks () toad com




John Gilmore writes:
> The right competitive strategy is to build strong crypto using 168-bit
> Triple-DES, in a country that has a sane government and a respect for
> privacy.


You mean, like SSH's product?


For those that don't follow this, people who don't want to have their
communications listened in on are free to buy high quality
communications security products from SSH Communications Security, Ltd.
Their stuff is distributed internationally by Datafellows, and
includes 3DES, 128 bit IDEA, and plenty of other high quality crypto
products -- you configure it for the cipher of your choice. Key
management is handled with arbitrary key length RSA -- you, the user,
tune the length of the key, not the NSA.


The software is available free for noncommercial use and can be
downloaded on the net. Commercial users must pay a license fee.


This is only one such company. Most such companies are doing fine, and
aren't playing along with stupidity propagaged inside the beltway.


Perry