JTD> It is illegal to encrypt messages period. JTD> E-mail encryption is illegal
Depends on your network and where you live.
It is illegal to use PGP in the United States due to its use of a copyrighted algoritm. It is *NOT* illegal to use it anywhere else in the world. Other encryption methods are legal.
Jeez, talk about misinformation. If it were copyright, then a US copyright is indeed restrictive world-wide; that's the point of the Berne Convention. However, it's not copyright; it's pretty tought to copyright an algorithm, all one can do is copyright the exact expression of one implementation of that algorithm. What's involved here is a patent, which is (as you note) not binding outside the US. Finally, is it certain that PGP indeed infringes on a valid patent?
... Get the facts first - you can distort them later!
Ah. This explains much. Jason
JTD> It is illegal to encrypt messages period. JTD> E-mail encryption is illegal
Depends on your network and where you live.
It is illegal to use PGP in the United States due to its use of a copyrighted algoritm. It is *NOT* illegal to use it anywhere else in the world. Other encryption methods are legal.
Jeez, talk about misinformation.
If it were copyright, then a US copyright is indeed restrictive world-wide; that's the point of the Berne Convention.
However, it's not copyright; it's pretty tought to copyright an algorithm, all one can do is copyright the exact expression of one implementation of that algorithm. What's involved here is a patent, which is (as you note) not binding outside the US.
Finally, is it certain that PGP indeed infringes on a valid patent?
... Get the facts first - you can distort them later!
Ah. This explains much.
I hate to jump into the fray, but according to Public Key Partners, if you use RSA for educational, (etc.) purposes, you are not infringing on their patent. It has long been held that there is an exemption to 'patent infringment' for educational or other "non-commercial" uses. -- Ed Carp erc@apple.com 510/659-9560 If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
Ed Carp Said:
It has long been held that there is an exemption to 'patent infringment' for educational or other "non-commercial" uses.
Is this just for RSA, or for all patents? If PKP wanted to forbid academic use of RSA (or require a license for it), could they legally do so? Assume for now that the patent is valid, which it may not be... I ask all this because I often hear researchers looking for a cure for (insert your favorite aliment here) complain that they have to pay patent royalties on the gentically-modified animals they use in their work, and if, say, two patented rabbits produce offspring, they have to pay royalties on each of the offspring as well. This is academic use (to me anyway; I don't know about legally), but requires royalties. -- Dan Odom danodom@matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS PGP key by finger or request.
-----BEGIN PGP SIGNED MESSAGE----- The exemption is a part of the sections of the US code pertaining to patents. As I understand it, the exemption allows you to build _one_ instance of a patented item for your _own_ _personal_ research. If you as an individual want to keep a patented bunny as a pet, you're probably OK. If you want to use PGP, as an ividual, you're probably OK. If you want to use those patented items for anything else, you're probably not OK, thus the recent interest in a commercial-and-infringement-proof PGP. Witness the just-decided Litton-Honeywell patent infringement case. Litton obtained a $1.2G judgement against Honeywell, which used a method patented by Litton to manufacture its very successful ring laser gyros. Since damages in patent infringement cases are based on actual damages (with a 3x increase possible if the jury decides that the infringement was deliberate), the Litton-Honeywell case might give a manufacturer pause. I bet that PKP would be unable to show that my use of PGP has caused them _any_ actual (or even potential) damages. However, Apple (or Lotus, or any of the other RSA licensees) have obviously decided that they'd rather play {safe,fair} and license the patents directly. - -Paul - -- Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But perobich@ingr.com | watch your ass today." - aaron@halcyon.com Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLITm4iA78To+806NAQHUogP6AkrIf7+uyMehKosHi+qdeWz0POs7XHth PejJe3qflnxEUlFaUnJWKemj9iF6gwP6N90LBsY68gWaO5aUNqLM00UE996GutpV o5+AyzKST+cjJkC0p8P3N8K8tGe+llGJW9gSjRLmx61B+cdNQ/STjIMCSUevs8SZ n54glbaC56Y= =hkpg -----END PGP SIGNATURE-----
Date: Wed, 1 Sep 1993 13:44 EDT From: danodom@matt.ksu.ksu.edu (Dan Odom) Is this just for RSA, or for all patents? If PKP wanted to forbid academic use of RSA (or require a license for it), could they legally do so? Assume for now that the patent is valid, which it may not be... I ask all this because I often hear researchers looking for a cure for (insert your favorite aliment here) complain that they have to pay patent royalties on the gentically-modified animals they use in their work, and if, say, two patented rabbits produce offspring, they have to pay royalties on each of the offspring as well. This is academic use (to me anyway; I don't know about legally), but requires royalties. The exemption from patent protection applies only to research which attempts to improve or extend the patented idea. Thus, if you were breeding patented insulin-dependant rabbits with the intent to produce better ones, this would be acceptable. If, however, you wanted to test your new diabetic drug on the rabbits, then you owe the patent holder a royalty. Using PGP (as opposed to writing a new one, or improving it, or attempting to use it in new ways), even by academics, is probably questionable in the US under patent law. Developing new versions of RSA code or algorithms clearly is legal, even for private commercial firms. Patenting the improvements is legal and encouraged. Selling or using a patented invention, even internally, is prohibited. So it all depends. Are you a user or an improver? Can you make a legitimate claim to be testing new ideas, implementations, or applications, or are you just using someone else's implementation. A paper trail showing that you are thinking about ways to improve or further develop the ideas might be a powerful defense. Like, for example, messages to this forum.
Ed Carp Said:
It has long been held that there is an exemption to 'patent infringment' for educational or other "non-commercial" uses.
Is this just for RSA, or for all patents? If PKP wanted to forbid academic use of RSA (or require a license for it), could they legally do so? Assume for now that the patent is valid, which it may not be...
I'm under the impression that it's for any patent, but I'm not a lawyer (I just play one on the net [grin]).
I ask all this because I often hear researchers looking for a cure for (insert your favorite aliment here) complain that they have to pay patent royalties on the gentically-modified animals they use in their work, and if, say, two patented rabbits produce offspring, they have to pay royalties on each of the offspring as well. This is academic use (to me anyway; I don't know about legally), but requires royalties.
I think it's because they are using them to make $$$. I think. :)
Here's the README from the RSA folks that I got with RSAREF. Hope it answers
one or two of your questions. :)
--------------------------------- cut here -----------------------------------
RSAREF(TM):
A Cryptographic Toolkit for Privacy-Enhanced Mail
RSA Laboratories
(A division of RSA Data Security, Inc.)
April 20, 1992
This document copyright (C) 1992 RSA Laboratories, a division of RSA
Data Security, Inc. License is granted to reproduce, copy, post, or
distribute in any manner, provided this document is kept intact and
no modifications, deletions, or additions are made.
WHAT IS IT?
RSAREF is a cryptographic toolkit designed to facilitate rapid
deployment of Internet Privacy-Enhanced Mail (PEM) implementations.
RSAREF represents the fruits of RSA Data Security's commitment to the
U.S. Department of Defense's Advanced Research Projects Agency
(DARPA) to provide free cryptographic source code in support of a PEM
standard. RSA Laboratories offers RSAREF in expectation of PEM's
forthcoming publication as an Internet standard.
Part of RSA's commitment to DARPA was to authorize Trusted Information
Systems of Glenwood, MD, to distribute a full PEM implementation. That
implementation will be available this spring.
RSAREF supports the following PEM-specified algorithms:
o RSA encryption and key generation, as defined by RSA
Laboratories' Public-Key Cryptography Standards (PKCS)
o MD2 and MD5 message digests
o DES (Data Encryption Standard) in cipher-block chaining mode
RSAREF is written in the C programming language as a library that can
be called from an application program. A simple PEM implementation
can be built directly on top of RSAREF, together with message parsing
and formatting routines and certificate-management routines. RSAREF
is distributed with a demonstration program that shows how one might
build such an implementation.
The name "RSAREF" means "RSA reference." RSA Laboratories intends
RSAREF to serve as a portable, educational, reference implementation
of cryptography.
WHAT YOU CAN (AND CANNOT) DO WITH RSAREF
The license at the end of this note gives legal terms and conditions.
Here's the layman's interpretation, for information only and with no
legal weight:
1. You can use RSAREF in personal, non-commercial applications,
as long as you follow the interface described in the RSAREF
documentation. You can't use RSAREF in any commercial
(moneymaking) manner of any type, nor can you use it to
provide services of any kind to any other party. For
information on commercial licenses of RSAREF-compatible
products, please contact RSA Data Security. (Special
arrangements are available for educational institutions and
non-profit organizations.)
2. You can give others RSAREF and programs that interface to
RSAREF, under the same terms and conditions as your RSAREF
license.
3. You can modify RSAREF as required to port it to other
operating systems and compilers, as long as you give a copy
of the results to RSA Laboratories. Other changes require
written consent.
4. You can't send RSAREF outside the United States or Canada, or
give it to anyone who is not a U.S. or Canadian citizen and
doesn't have a U.S. "green card." (These are U.S. State and
Commerce Department requirements, because RSA and DES are
export-controlled technologies. Without the export-control
restrictions, RSAREF would be available by anonymous FTP.)
HOW TO GET IT
To obtain RSAREF, read the license at the end of the note and return a
copy of the following paragraph by electronic mail to
participants (5)
-
danodom@matt.ksu.ksu.edu
-
Jason Zions
-
khijol!erc@apple.com
-
paul@poboy.b17c.ingr.com
-
Tom Knight