[iwar] PGP withdrawn from market

From: Charles Preston (cpreston@sinbad.net)
Date: 2002-05-23 07:45:56


Return-Path: <sentto-279987-4708-1022165169-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 23 May 2002 07:50:08 -0700 (PDT)
Received: (qmail 21635 invoked by uid 510); 23 May 2002 14:46:38 -0000
Received: from n20.grp.scd.yahoo.com (66.218.66.76) by all.net with SMTP; 23 May 2002 14:46:38 -0000
X-eGroups-Return: sentto-279987-4708-1022165169-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.96] by n20.grp.scd.yahoo.com with NNFMP; 23 May 2002 14:46:09 -0000
X-Sender: cpreston@gci.net
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-8_0_3_2); 23 May 2002 14:46:08 -0000
Received: (qmail 76916 invoked from network); 23 May 2002 14:46:08 -0000
Received: from unknown (66.218.66.216) by m13.grp.scd.yahoo.com with QMQP; 23 May 2002 14:46:08 -0000
Received: from unknown (HELO mta-1.gci.net) (208.138.130.82) by mta1.grp.scd.yahoo.com with SMTP; 23 May 2002 14:46:08 -0000
Received: from mmp-1.gci.net ([208.138.130.80]) by mta-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id GWKJOV00.QGO for <iwar@yahoogroups.com>; Thu, 23 May 2002 06:46:07 -0800 
Received: from graywolf3.gci.net ([24.237.13.96]) by mmp-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id GWKJOV02.Q0J for <iwar@yahoogroups.com>; Thu, 23 May 2002 06:46:07 -0800 
Message-Id: <5.1.0.14.2.20020523064455.00ac31f0@127.0.0.1>
X-Sender: cpreston@mail.gci.net@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1
To: iwar@yahoogroups.com
X-eGroups-From: Charles Preston <cpreston@gci.net>
From: Charles Preston <cpreston@sinbad.net>
X-Yahoo-Profile: cpreston_2000
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 23 May 2002 06:45:56 -0800
Subject: [iwar] PGP withdrawn from market
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

If NAI is actually trying to eliminate or greatly diminish the use of PGP 
in the U.S. Corporate world, it seems likely they can do so.

Removing it from the market could mean:
1. It offers such good encryption, the only way to deal with it is to force 
people to quit using it; or
2. It's been compromised, and someone wants people to believe #1, so they 
will keep using it; or
3. It's been compromised, and there may be risk in allowing people to use 
it for important communications; or
4. It's a financial loser, and no company wants to be seen to "support 
terrorists" by selling it.

Because normal PGP messages have a header that says commercial PGP, maybe 
NAI could get a court order to require each ISP to screen email for signs 
of PGP use.

Some PGP licenses are for 1 year, some for 2, and some for an indefinite 
period.  Once the license term is over, however, the licensee is required 
to stop using the software and destroy all copies in their possession.  Of 
course, if the licensee violates the license agreement in any way, such as 
having more than one backup copy, they are also required to stop using it.

One unintended side effect of having "shrinkwrap" licenses is that the CD 
package inside the box warns that you are obligated by the license 
conditions if you open the CD.  I guess if anyone has an unopened PGP CD 
around, it could be held forever.

There is a broader issue of getting software that your business depends on, 
having a yearly license, and instead of a bug fix and upgrade next year, 
the distributor demands that you quit using the software at the end of the 
license period, possibly with little or no notice.  The distributor of the 
software controls it, according to many contracts with programmers, and if 
they want it out of use, the legal system is available to enforce that.

It would seem that if the software is not for sale at any price, unlicensed 
use could not "cost" them any money.  They could claim they have discovered 
a major bug, or a security flaw, that might expose them to damages in a 
lawsuit, and ask a court to stop use of the software.  Of course, the PGP 
license and most other packaged software licenses are written in a very 
one-sided manner, with their sole responsibility to replace bad media 
within a certain time limit, and absolutely no guarantee of fitness for any 
purpose.  So maybe that would shoot down their argument of financial 
exposure from flaws.

Supposing there were a major flaw, would NAI still have the right to 
prevent reverse engineering if they had no plans to fix or sell the 
software themselves?

If someone with really deep pockets bought the rights to a lot of software 
in daily use, and over a period of months starting withdrawing this 
software from legal use, how much loss would result to the users?  Or since 
some types of software have limited competition, could this be done to 
force all the users toward specific software with certain special features 
coded in?

cmp 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/sXBHAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT