Technology and Trends
 USENET Archives
  
Path: sparky!uunet!zaphod.mps.ohio-state.edu!caen!nic.umass.edu!m2c!
crackers!transfer.stratus.com!ellisun.sw.stratus.com!cme
From: c...@ellisun.sw.stratus.com (Carl Ellison)
Newsgroups: sci.crypt,alt.security.pgp
Subject: PKP/RSA comments on PGP legality
Message-ID: <1galtnINNhn5@transfer.stratus.com>
Date: 11 Dec 92 18:16:23 GMT
Organization: Stratus Computer, Software Engineering
Lines: 181
NNTP-Posting-Host: ellisun.sw.stratus.com

I went to the horse's mouth and asked some folks at PKP & RSA to comment
on PGP legality.  Here's their reply.  I have permission to post it.

This was inspired by my original question, to them, whether I could buy
an individual license to permit me to use PGP.  [I have since concluded
that I would like to get a copy of the PGP interface spec so that I could
write a program, using RSAREF, which interoperates with PGP.  I see PGP
as setting a kind of new standard format -- an alternative to PEM.]

So -- on to the reply from PKP (much from a lawyer there) and RSA:


- - -----------------------------------------------------

Risks of using pgp

One should be careful about assuming that the documentation in
electronically distributed software is accurate, especially where
law is concerned.  

There is much that the documentation for pgp does not tell you about
patent and export law that you should be aware of.  Some of the
statements and interpretations of patent and export law are simply
false. This note will attempt to offer some clarification and accurate
information.

pgp seems to be an attempt to mislead netters into joining an
illegal activity that violates patent and export law, letting them
believe that they run no serious risk in doing so.  

PATENTS

Patent law prohibits anyone from making, using, or selling a device
that practices methods described in a U.S. patent.  pgp admits
practicing methods described in US patent #4,405,829, issued to the
Massachusetts Institute of Technology, and licensed by Public Key
Partners.

Those who send signed or encrypted messages, post the pgp program, 
or encourage others to do so are inducing infringement. Under 
patent law, there is no distinction between inducement to infringe and 
direct infringement. You are just as liable.  

Being aware of the RSA patent makes infringement willful and
deliberate. Under patent law, a patent holder is entitled to seek
triple damages and legal fees from deliberate infringers.  While the
pgp documentation suggests you that you probably won't get sued, it
doesn't tell you what can happen when patent holders assert their
rights against infringement.

Free and legal RSA software is available. RSA Data Security has
released a program, including source code, called RSAREF. This program
is available free to any U.S. person for non-commercial use.
Applications may be built on RSAREF and freely distributed, subject to
export law.  An application that provides email privacy, based on
RSAREF, which uses the RSA and DES algorithms, called RIPEM is an
example. For information, send email to rsaref-i...@rsa.com or
rsaref-us...@rsa.com.  

NOTE: The pgp documentation states that PKP acquired the patent rights
to RSA "... which was developed with your tax dollars..." This is very
misleading.  U.S. tax dollars only partially funded researchers at MIT
who developed RSA. The U.S. government itself received royalty-free
use in return.  This is standard practice whenever the government
provides financial assistance.  The patents on public-key are no
different and were handled no differently than any others developed at
universities with partial government funding. In fact, almost every
patent granted to a major university includes government support,
returns royalty-free rights to the government, and is then licensed
commercially by the universities to private parties.

EXPORT LAW

pgp leads users to believe that it has circumvented export controls
when it says "...there are no import restrictions on bringing
cryptographic technology into the USA."  You are led to believe that
since you didn't import it, it's legal for you to use it in the US.
The "no import restrictions" claim has been made so many times, many
people probably believe it.

One would be well advised not to accept this legal opinion.  While
stated as if it were a well-known fact, the claim that "there are no
import restrictions" is simply false.  Section 123.2 of the ITAR
(International Traffic in Arms Regulations) reads:
 
"123.2 Imports. No defense article may be imported into the United
States unless (a) it was previously exported temporarily under a
license issued by the Office of Munitions Control; or (b) it
constitutes a temporary import/intransit shipment licensed under
Section 123.3; or (c) its import is authorized by the Department of
the Treasury (see 27 CFR parts 47, 178, and 179)."

Was pgp illegally exported? Was pgp illegally imported?  Of course.
It didn't export or import itself.  pgp 1 was illegally exported from
the U.S., and pgp 2, based on pgp 1, is illegally imported into the
U.S.  Is a license required? According to the ITAR, it is.  ITAR
Section 125.2, "Exports of unclassified technical data," paragraph (c)
reads:

"(c) Disclosures. Unless otherwise expressly exempted in this
subchapter, a license is required for the oral, visual, or documentary
disclosure of technical data...  A license is required regardless of
the manner in which the technical data is transmitted (e.g., in
person, by telephone, correspondence, electronic means, telex, etc.)."
                
What is "export?" Section 120.10, "Export," begins:

"'Export' means, for purposes of this subchapter: ...(c) Sending or
taking technical data outside of the United States in any manner
except that by mere travel outside of the United States by a person
whose technical knowledge includes technical data; or..."

Is pgp subject to the ITAR? See Part 121, the Munitions List, in
particular Category XIII, of which paragraph (b) reads, in part,
"...privacy devices, cryptographic devices and software (encoding and
decoding), and components specifically designed or modified
therefore,..."

A further definition in 121.8, paragraph (f) reads: "Software 
includes but is not limited to the system functional design, 
logic flow, algorithms, application programs, ..."

pgp encourages you to post it on computer bulletin boards.  Anybody
who considers following this advice is taking quite a risk.  When you
make a defense item available on a BBS, you have exported it.

pgp's obvious attempts to downplay any risk of violating export law
won't help you a bit if you're ever charged under the ITAR.

Penalties under the ITARs are quite serious.  The ITARs were clearly
designed to put teeth into laws that make exporting munitions illegal.
It's unfortunate that cryptography is on the munitions list. But it
is.  pgp is software tainted by serious ITAR violations.

These points on patent and export law are straightforward and can
easily be confirmed with legal advice. However, there are other
statements in the pgp documentation that should not go unchallenged.

In pgp 2.0, the author says, "I did not steal any software from PKP."
(PKP is the patent holder for the RSA patent.)  Of course not; PKP
doesn't make any software. However, not mentioned is a software
product by RSA Data Security called MailSafe.  This product was first
shipped in July of 1986.  Features such as a digital signatures on the
program itself for verification, internal self-check for virus
detection, compression of plaintext and ASCII recoding of encrypted
binary files, direct and extended trust of public keys through
certification, including the publisher's public key in the
distribution, display of a message digest, security and password
advice, and many others are in MailSafe and are carefully documented
in the user manual.  The authors of pgp have had a copy of MailSafe
and the user manual since 1987.

There may be nothing illegal about using ideas from another product,
but there's something dishonest about misleading people into believing 
these ideas were your own in the interest of recruiting "fans."

pgp calls itself "public-key for the masses." Even this isn't
original.  The September 12, 1986 issue of the Christian Science
Monitor contains a page one story on cryptography, and discusses
MailSafe. In that story, an RSA spokesman is quoted as saying
"MailSafe is public-key for the masses." Reprints of this story were
widely circulated in RSA press kits, and received by the pgp authors
in 1987.

The documentation to pgp would have readers believe that pgp was the
result of a noble desire to save everyone from an evil government
threatening to deny rights to privacy; that users and distributors of
pgp have little or nothing to fear from the patent holders, who, it is
implied, are probably dishonest anyway; and that one shouldn't be
concerned about export controls because pgp beat the system for
everyone by having been developed overseas and imported legally.  The
facts simply don't support these claims.


- - -----------------------------------------------------

-- 
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison						c...@sw.stratus.com
-- Stratus Computer Inc.	M3-2-BKW		TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298	FAX: (508)624-7488

Newsgroups: sci.crypt,alt.security.pgp
Path: sparky!uunet!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!
uchinews!lucpum.it.luc.edu!lucpul.it.luc.edu!hmiller
From: hmil...@lucpul.it.luc.edu (Hugh Miller)
Subject: Re: PKP/RSA comments on PGP legality
Message-ID: <hmiller.724397340@lucpul.it.luc.edu>
Sender: r...@lucpum.it.luc.edu (System PRIVILEGED Account)
Organization: Loyola University Chicago
References: <1galtnINNhn5@transfer.stratus.com>
Date: Tue, 15 Dec 1992 05:29:00 GMT
Lines: 178

    Mr. Bidzos gives the appearance of being a very effective lawyer,
representing the interests of his company, RSADSI/PKP, well.
    Consider the post via Carl Ellison.  By not making it under his own
name, but under Carl's headers, he achieves a double purpose.  First, he
veils his threat.  A veiled threat, of course, works better than a naked
one, since it leaves a greater measure of uncertainty in the mind of
potential end-users.  And, after all, that is one of the principal aims
of the posting: to scare off potential end-users of PGP, currently the
world's most popular public-key encryption program.  Second, he presents
the spectacle to the Net of an intimidated potential end-user, to wit,
Carl.  This is also psychologically quite effective, as we in the
Internet community have the tendency to identify with Carl, being like
him.  There has been a rush of postings on alt.security.pgp lately
urging the dropping of PGP for RIPEM.  How very convenient.  Success, so
far.
    The issuance of credible and effective threats constitutes a large part
of the work of a lawyer.  Threats are much less expensive than actual
lawsuits, and less risky (one can lose a lawsuit; one cannot `lose' a
threat).  It is a cardinal rule of actual legal practice that one should
postpone as long as possible going to court over a situation which is
already favorable to you _in re_.  Mr. Bidzos's company makes a modest
income from the (few) licenses it has issued to software developers, and
it wouldn't be prudent, as they say, for him to risk going to court and
subjecting the RSA patent (and his investors' capital) to the glaring
light of a public trial, when he can achieve his ends by intimidation
and innuendo.  But this does not means that we, the readers and targets
of his threats, need to take them at face value.
    Mr. Bidzos claims that we should avoid using PGP because it is
"tainted by serious ITAR violations."  If it has fallen to the likes of
Mr. Bidzos to prosecute PGP developers, distributors, and users under
the ITAR, then the Reagan Revolution's privatization-of-government
schemes have gone farther than we thought.  Mr. Bidzos does _not_ speak
for the federal government, although he may well have been speaking _to_
that government's agents about PGP.  Some branch or other of the federal
government may well be bothered by the existence of PGP, but it would be
unlikely that any prosecution would be mounted by a federal agency
without a prolonged consideration of the political risks this would
involve.  The Feds are still smarting over the Phasorphone and DES
debacles, not to mention NSA's failed attempt to wangle control of
crypto funding from the NSF, and the current bad publicity over the
FBI's "digital telephony" scheme.  I hardly think they would be eager to
climb back into that saddle just yet, knowing the public outcry that
would greet such an attempt.
    As to Mr. Bidzos's claim that by simply posting PGP on a BBS, "you
have exported it," this is laughably absurd.  There are literally
hundreds of "data security" programs floating around the Internet and
the BBS world.  Some employ DES; some their own `miracle' proprietary
schemes.  All are examples of "privacy devices, cryptographic devices
and software (encoding and decoding), and components specifically
designed or modified therefore."  For all the years these little
file-scramblers have been making it into the public domain, Mr. Bidzos
has managed to keep his zeal for the law in check. But ah, all of a
sudden up pops a public-key cryptosystem with source code supplied and
he is filled with patriotic elan.
    Is Mr. Bidzos actually trying to goad the federal government into
launching some kind of major criminal prosecution against everyone who
has had a hand in the development or distribution of PGP?  ITAR statutes
are criminal statutes; if you're convicted under them, you're looking at
hard time in Leavenworth.  Is he seriously advocating prison sentences
for these persons, or for end-users of PGP? Is such a position really in
the best interests of his company, from any standpoint, since he is
actively promoting the same technology himself? If such a prosecution
actually were to go forward, cryptography in general would suffer, and
RSADSI/PKP along with it.
    But what about the protection of the patent rights held by Mr.
Bidzos's company -- which it is his true and only aim to protect, ITAR
burblings being a side issue?  What, then, are we to do, if we wish to
avail ourselves of the powerful assymetric cryptosystems which,
RSADSI/PKP claims, are all covered by their patent?  It appears that we
cannot just go to the library, Xerox up Rivest, Shamir, and Adleman's "A
method for obtaining digital signatures and public key cryptosystems"
(CACM 21(2), 120-6, Feb. 1978), and devote a few hundred hours to
banging up an C implementation.  The RSA algorithm is covered by a
patent, #4,405,829 (issued 20 Sept. 1983).  RSADSI/PKP is the sole
assignee of the patent, held by MIT.  They also have acquired the rights
to three other PK systems and are apparently claiming patent rights to
the very idea of public-key cryptography, which, unless I read the
literature wrong, was first published by Whit Diffie and Martin Hellman
("New directions in cryptography," IEEE Trans. Info. Theory, IT22,
644-54, Nov. 1976).
    Mr. Bidzos advocates adoption of "a program, including source code,
called RSAREF," from RSADSI.  Yet RSAREF is, to my knowledge, not a
complete program, but a set of subroutines which do a specific, limited,
and inflexible number of mathematical operations on given input data.
It is by no means a full program, and it would require a great deal of
work to build it up into one.  (I have never seen any "rsaref" compiled
object code for any machine, any platform; only source code.  And it is
my understanding that we would not even have RSAREF in the public domain
had it not been crowbarred out of RSADSI/PKP by the terms of one of
their federal grants. So RSAREF represents an algorithm for which we, the
taxpayers, have paid _twice_.  Mr. Bidzos claims that it is being
offered for "free.")  Even if one were to build a PK system upon RSAREF,
it would lack much of the flexibility and functionality of PGP, which
utilizes quite different data structures for its keys, key certificates,
keyrings, etc. etc. RIPEM, built upon RSAREF, from the beta version I
have seen (and which I downloaded by anonymous ftp from scss3.cl.msu.edu
two weeks ago, before the ftp archive there was closed to anon-ftp
access), is a slower program with fewer options and much less
functionality than PGP, especially on a non-Unix platform.  It keeps
both the plaintext and encrypted text in memory together, and thus
imposes limitations on many end-users with small memory allocations.
Unlike PGP, it cannot do symmetric (private-key) encryption.  It lacks
the ability to sign public keys.  It relies heavily upon a centralized key
distribution authority (although it can be used without such), which PGP
does not.  For its single-key cipher it utilizes, ahem, DES.  Unlike
PGP, there is no current version for Macintosh and compatible computers.
And the docs for 4.2(beta) indicate that even its own author, Mark
Riordan, is unsure that "the current RSAREF license allows free personal
use of RIPEM by citizens of the United States and Canada."  He _thinks_
it does. "However," he notes, "this personal interpretation has no legal
standing, and RIPEM users are urged to read the RSAREF license agreement
themselves."  And Mr. Bidzos would like us to be reassured by this?
    Mr. Bidzos urges us to avail ourselves of MailSafe, RSADSI's
proprietary end-user package (for Mess-DOS environments).  Apparently
MailSafe is obtainable only by direct mail order from RSADSI.  A call
this morning to the biggest local retailer of PC hardware and software
in Chicago, Elek-Tek, revealed that they had never heard of MailSafe,
and none of their distributors carries it.  The same with CompUSA, in
Skokie.  A call to Egghead Software, one of the biggest national chain
software retail dealerships, revealed that they had never heard of
MailSafe, and none of their distributors carries it.  One could go on
and on.  This is hardly the aggressive marketing one would expect from a
firm with a lock on a patent of critical importance to Americans in the
Information Age.  Albert Einstein worked in a patent office, but it
never occurred to him to patent the theory of special relativity.  If he
had, and had assigned the patent to Bidzos & co., the world's first
cyclotron would still be nothing but drawings in a grant proposal.
    Mr. Bidzos and his co-workers at RSADSI/PKP may feel that, at some
point, they must go to court to protect the patents they claim.  But as
prudent lawyers they must not relish the prospect.  They risk a lot: not
just the patent(s), but the immensely bad publicity they would get from
such an action.  Any victory they would win would be Pyrrhic, given the
immense fund of ill-will towards the issue of algorithmic patents
generally and these ones in particular evident in the computing
community.  The ACM recently adopted a code of ethics which includes
among its "General Moral Imperatives" the stipulations that, "As an ACM
member I will... 1.5 Honor property rights including copyrights and
patents, ... 1.6 Give proper credit for intellectual property."  These
stipulations are already generating heat among ACM members.
(Ironically, "General Moral Imperative" # 1.7 obliges ACM members to
"Respect the privacy of others.")  I cannot believe that RSADSI/PKP
would think it worth their while to pursue a suit like this against a
freeware product produced by a worldwide group of relatively penniless
but widely admired computer professionals.
    In the Information Age, in which we have been living for a long time
now, innovations like PK cryptosystems and David Chaum's untraceable-
transactions techniques will become crucial to the protection of our
rapidly diminishing privacy.  They afford end-users the ability to take
effective control of the security of their communications and of the
availability of information about them, without having to trust to the
benignity of government agencies.  In this new world, they ought to be
freely and widely available.  To bar their use, or the dissemination of
knowledge concerning them, would be to deprive citizens of effective
means of preserving their own privacy.  Privacy means nothing if
effective means to preserve it are lacking.
    Consequently, I for one am not afraid to stand up and be counted as
a supporter of the fine work of the PGP development team, and especially
of Phil Zimmermann, who got the ball rolling with version 1.0.  The
program currently has far more users and admirers than any other
public-key encryption system, and for good reason.  It is an elegant
piece of work, made more elegant with each revision.  Nor am I afraid to
put myself on record as a principled opponent of the RSA patent (and of
algorithm/software patents generally), and as an opponent of the
regulation by the government of cryptographic import/export/use in any
form.  If my doing so creates any legal exposure for me, then that is a
risk I am prepared to take for the sake of the proverbial `eternal
vigilance.'  If it actually ends up costing me or other like-minded
American citizens, then, in my view, this country's Constitution will
have suffered yet another humiliating debasement.

    Hugh Miller
    Department of Philosophy
    Loyola University Chicago
    Moderator, Info-PGP Digest
    info-pgp-requ...@lucpul.it.luc.edu
-- 
Hugh Miller         | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 |  FAX: 312-508-2292  |    hmil...@lucpul.it.luc.edu

Path: sparky!uunet!noc.near.net!transfer.stratus.com!ellisun.sw.stratus.com!cme
From: c...@ellisun.sw.stratus.com (Carl Ellison)
Newsgroups: sci.crypt,alt.security.pgp
Subject: Re: PKP/RSA comments on PGP legality
Date: 15 Dec 1992 20:34:57 GMT
Organization: Stratus Computer, Software Engineering
Lines: 82
Message-ID: <1glfhhINNbia@transfer.stratus.com>
References: <1galtnINNhn5@transfer.stratus.com> <hmiller.724397340@lucpul.it.luc.edu>
NNTP-Posting-Host: ellisun.sw.stratus.com

In article <hmiller.724397...@lucpul.it.luc.edu> hmil...@lucpul.it.luc.edu 
(Hugh Miller) writes:
>    Mr. Bidzos gives the appearance of being a very effective lawyer,
>representing the interests of his company, RSADSI/PKP, well.
>    Consider the post via Carl Ellison.  By not making it under his own
>name, but under Carl's headers, he achieves a double purpose.  First, he
>veils his threat.  A veiled threat, of course, works better than a naked
>one, since it leaves a greater measure of uncertainty in the mind of
>potential end-users.  And, after all, that is one of the principal aims
>of the posting: to scare off potential end-users of PGP, currently the
>world's most popular public-key encryption program.  Second, he presents
>the spectacle to the Net of an intimidated potential end-user, to wit,
>Carl.  This is also psychologically quite effective, as we in the
>Internet community have the tendency to identify with Carl, being like
>him.  There has been a rush of postings on alt.security.pgp lately
>urging the dropping of PGP for RIPEM.  How very convenient.  Success, so
>far.
	[etc.]

My posting was instigated by me.  It was written by a group at PKP and RSA,
including the corporate lawyer(s), I believe.  [I tell lawyer jokes like
anyone else, but do happen to have a number of lawyer friends (and one
relative) so I don't write off lawyers totally.  I'll listen and make up my
own mind.]


I don't see what RSA and PKP wrote as a veiled threat.  I believe their
intentions are well known.  They want to continue making money off their
patent.  They, like us, would probably like to see the export laws become
more rational (although I don't speak for them).  They have even more
reason to fear those export laws than we do since their very existence
depends on not being shut down.  I really believe that they need to keep
their noses especially clean -- so I accept the argument that possible ITAR
violations by PGP are enough for them to keep their hands off.

No one at RSA used me in this posting.  I had originally asked (months ago)
if I could buy an individual RSA use license from them in order to make it
legal for me to use PGP.  I was turned down.  From there, I continued the
discussion and heard over several mail messages substantially what was in
the posting.

As I kept reading sci.crypt, I felt it was time to say something and was
about to post from what I had learned in those exchanges but instead I
wrote to RSA asking them if they'd like to post something.  I would rather
let them word it than do it all myself.

They didn't want to post directly but were willing to write something
which I could post.  I agreed so that's what happened.

I do not speak for RSA.  I am not their employee.  I do choose to honor
their patent and obey the ITAR (I think/hope).  [I use company computers
and have been strongly advised to behave this way by my company's lawyers.]



If I were to buy a PC for myself (which I've never bothered doing because
the ones I get at work are so good, and I have free use of them in my own
time :-), I don't know what I would use for security.  I have RSAREF.  I'd
probably roll my own or use RIPEM (once it's finally released).  Or, I might
even buy a commercial package like MailSafe -- although I believe that PGP
will set the worldwide standard for mail interchange just like UNIX set
standards -- and for the same reason:  it's free and therefore ubiquitous.



What I use today is my own secret-key algorithm together with scripts which
let me conveniently interface with Sun's Mail (or the VMS MAIL command).
[I have versions for Sun, VAX VMS, Stratus VOS and soon to be MIPS.
I'll probably port it to HP-UX soon.  But this is just historical accident.
If I were starting over today, I'd use

	compress|des|tran|des|tran|des

and transmit the keys with RSA, using RSAREF.  This would take a special
modification to RSAREF, but I believe it wouldn't be hard to get.]

--Carl

-- 
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison						c...@sw.stratus.com
-- Stratus Computer Inc.	M3-2-BKW		TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298	FAX: (508)624-7488

Newsgroups: sci.crypt,alt.security.pgp
Path: sparky!uunet!spool.mu.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!usc!
sol.ctr.columbia.edu!news.columbia.edu!cunixf.cc.columbia.edu!em21
From: e...@cunixf.cc.columbia.edu (Eben Moglen)
Subject: Re: PKP/RSA comments on PGP legality
Message-ID: <1992Dec17.150409.17696@news.columbia.edu>
Sender: use...@news.columbia.edu (The Network News)
Nntp-Posting-Host: cunixf.cc.columbia.edu
Reply-To: e...@cunixf.cc.columbia.edu (Eben Moglen)
Organization: Columbia University
References: <1galtnINNhn5@transfer.stratus.com>
Date: Thu, 17 Dec 1992 15:04:09 GMT
Lines: 79

I have been following with interest, and distress, the conversation
about legal risks in using PGP set off by Carl Ellison's posting of
a document said to reflect the legal position of PKP.  Perhaps a
Columbia Law professor's views on these questions may be helpful.  I'm
going to discuss the realities of the situation, without jargon,
rather than the legal technicalities.  Those who want to discuss the
legal detail should feel free to contact me, but for legal advice I
usually get paid.

PKP says that any user of PGP is "inducing" infringement.  Here's the
reality of the situation.  PKP is the licensee of a presumptively
valid US patent, which it claims PGP 2.1 infringes.  If the patent is
valid, and PGP infringes, every user is not just inducing
infringement--he/she/it is infringing the patent.  This is not a
crime; it's a civil wrong, for which, as the PKP statement says,
damages are available at law.  But this is true every time a
manufacturer sells or distributes an infringing article.  As you may
recall, for example, an inventor recently won an enormous damages
judgment against a major US auto company for infringing his patent for
intermittent windshield wipers.  Theoretically, under the patent law,
he could instead have notified all Ford buyers in the past decade that
they were personally infringing his patent.  But it is grossly
impracticable to do that, and a suit against the manufacturer
accomplishes exactly the same result, since the total amount of the
damages available is the same either way, while the litigation cost is
not.  PKP can test the validity of its patent and recover its damages,
if any, in a suit against the developers and distributors of PGP, if
it cares to.  Without any knowledge of their thinking, I predict the
partners won't want to do that.  It would be expensive, the damages to
be recovered would be slight or none, and they would risk having the
only patent anywhere in the world protecting their technology declared
invalid.  But in any event, it is virtually unheard-of to sue
individual end-use consumers of allegedly infringing technology.  If
PKP's investors had $100 million or so they wanted to waste in
litigation anything could happen, but they don't, and it won't.

In any event, in such a situation a lawyer certainly might advise her
client to wait for the patent-holder to assert his rights directly. 
When PKP sends you a personal letter claiming that you are infringing
its patent, and asking you to take out a license, you can decide what
you want to do about it.  In the meanwhile, the patent claim against
end users is mostly, probably entirely, just noise.

The Munitions Act bluster contained in the post is not even that
important.  It's just ridiculous.  Others have said some of the most
important things well, so I'll be brief.  First, even if PKP believes
its own arguments interpreting the ITARs, PKP doesn't have squat to do
with ITAR enforcement.  This is a question addressed to the discretion
of the Treasury, the Department of Justice, and local United States
Attorneys.  ITAR enforcement against distributors of PGP would require
a decision by all those agencies that the highest-priority Munitions
Act enforcement problem at some future moment is the prohibition of
IMPORTATION of a CONSUMER SOFTWARE PRODUCT embodying TECHNICAL
INFORMATION IN THE PUBLIC DOMAIN.  I challenge PKP, or anyone else, to
show any past example of such an approach to ITAR enforcement by any
Administration.  I cannot myself imagine any United States Attorney's
office wanting to bring such a case, which is of nightmarish
complexity, would be politically unpopular, and does nothing whatever
to stem the global arms trade or increase the national security of the
US.  I very much doubt that PKP really believes that the domestic
circulation of PGP violates the ITARs, since PKP itself terms as
"unfortunate" the application of the Munitions Act to cryptographic
technology.  But even if that's really what PKP or its officers
think, so what?  The chances that the United States Government will
ever agree, and put weight behind agreement, are within fuzz of zero.

UseNet serves many social purposes.  One, apparently, is the no-cost
distribution of negative advertising and legal chest-pounding,
intended to frighten people away from experimentation with a piece of
interesting freeware.  Myself, I would just put the PKP temper tantrum
in the bitbucket.  But since other people have taken it seriously
(much more seriously than it deserves) I thought a few more sober
comments might be warranted.
_______________________________________________________________________________
               Fiat Justitia,         "Quoi que vous fassiez, ecrasez l'infame,
                ruat Coelum.                           et aimez qui vous aime."
 Eben Moglen                       voice: 212-854-8382
 Professor of Law & Legal History    fax: 212-854-7946          moglen@lawmail.
 Columbia Law School, 435 West 116th Street, NYC 10027          columbia.edu