On January 11 the U.S. Attorney in San Jose announced the closing of the grand jury investigation of Philip Zimmermann. Since 1993 the Justice Department had been looking into whether Zimmermann exported PGP (Pretty Good Privacy), a program he wrote and gave to friends in 1991. PGP was the first freely available program that allowed ordinary people to encrypt messages sent over the Internet. PGP uses "strong cryptography" and so is officially classified as a munition under US law: the Munitions Control Act of 1954, commonly called "ITAR." Strong crypto is defined as any that uses a key length greater than 40 bits (the PGP key with which I sign these issues is 1024 bits long). It is illegal to export strong crypto from the US in digital form without a license from the State Department; the penalties are severe.
In 1991 someone posted PGP to the Internet. Zimmermann has maintained from the first that it was not he. The program quickly appeared on FTP sites around the world. PGP causes problems for other governments than that of the US; a few nations, including France, Iraq, Russia, and Iran, outlaw any use of encryption by their citizens.
The Federal case had been opened in 1993, but Zimmermann's legal troubles started earlier, when the president of RSA Data Securities phoned the Commerce Department and requested that they prosecute Zimmermann for theft. RSA held patents on some of the basic algorithms used in public-key cryptography and Zimmermann arguably had used these algorithms without obtaining a license. Now, patent infringement is not a federal crime but a rather a matter for the civil courts; and Zimmermann didn't appear to have enough resources to make a civil suit worthwhile. Cypherpunk opinion holds that RSA literally "made a Federal case out of it" in order to frighten any other would-be infringers into compliance. (PGP also makes use of the IDEA algorithm, for which a worldwide patent has been granted in Switzerland.)
Privacy advocates, cypherpunks, and opponents of software patents have been
watching this case closely, and not only for its mythic resonance (can you
say "Prometheus"?). The US courts have consistently chosen not to interfere
with the ITAR regulations, but the Zimmermann case presented a veritable forest
of legal hairs ripe for splitting. Does the act of posting a program to
the Internet constitute "exporting" it? Assuming you can prove who posted it,
can you prove unequivocally that this person at the time of posting sufficiently
understood the workings of the Net to know that this act made the program
available to non-citizens? What might a clever lawyer not make of the
ITAR provisions that outlaw exporting a program in binary form but allow it
if the algorithm is printed on paper? How about if it is printed on a tee
shirt (see TBTF for 1995-06-07) or
tattooed onto a body?
Thus PGP and its author, users, and distributors have existed under several
clouds since its inception. In June 1994 MIT dispelled some of the clouds
when it took over distribution of PGP. MIT negotiated with the patent holders
of both RSA and IDEA and arranged for distribution to US nationals only. The
PGP 2.6 distribution removed all legal controversy from the use of PGP in the
The US Attorney for Northern California, as a matter of policy, did not say why the case was dropped. There has been much speculation on the Net as to the reasons, but no-one who actually knows has weighed in. A theory that the government no longer cared about the case because the NSA had cracked PGP was debunked by crypto experts. The best estimate of the amount of effort needed to break a 1024-bit key remains at 2.8 x 10^15 MIPS-years, or 200,000 10-MIPS computers running flat out for the estimated age of the universe to date.
My own guess is that the Justice Department foresaw difficulty in proving
that Zimmermann had done anything to violate ITAR. The passage of time had
rendered some of the complaints moot (for example, RSA no longer has rights
to the public-key patents, which have reverted to Cylink -- see
TBTF for 1995-09-24). And
the ITAR regulations themselves are coming under fire from the commercial
On the same day that the prosecutor dismissed the PGP case the Commerce Department released a study showing that American firms are being hurt by restrictions on the export of encryption software; a news report claimed that Commerce plans to recommend easing the export controls. The study was carried out with the help of the National Security Agency. One week before this the Computer Systems Policy Project had released a study claiming that as a result of export restrictions American companies stood to lose billions in computer system sales by the year 2000. (The CSPP is an association made up of the CEOs of 13 US computer and software manufacturers. See their page at <http://www.podesta.com/cspp/>.)
German censorship of the Net
See also TBTF for 1999-12-16, 1997-04-04, 1996-08-08, 05-31, 02-04, 01-31, 01-22, 01-14, 1995-12-31
The German law that attempts to assure the protection of minors from influences pornographic is called Jugendschutzgesetz.
Here are some developments since the last issue:
The German magazine Stern reported a rumor that Compuserve's restrictions
were enacted in response to legislation pending in the US Congress against
"indecent" digital content, rather than in reaction to complaints from German
authorities. As a motive Stern guesses at a desire boost Compuserve's
reputation as a morally responsible online service provider.
The most light shed in public on the history of this murky affair has come from Michael Kunze, who is on the editorial staff of Spiegel Online (run by the German magazine der Spiegel). His posting to alt.censorship has been reposted widely; I received no reply to my request to archive the article on TBTF, so instead will point you elsewhere.
The Alta Vista search engine
See also TBTF for 1997-10-20, 08-11, 04-04, 1996-12-24, 01-14, 1995-12-18
Flash Crowd: In three weeks the Alta Vista search engine went from 300,000 hits per day to 2M hits/day, making it one of the most visited sites in Cyberspace. I noticed no degradation in performance during Alta Vista's nosebleed acceleration in popularity. (To make searches even speedier I use the text-only interface at <http://altavista.digital.com/cgi-bin/query?text=yes>.) After its launch on 1995-12-15 (TBTF covered it on 12/18), Alta Vista won the "Too Cool" site award on 12/19 and the "Cool Site of the Day" award on 12/20. On 1996-01-10 Digital announced plans to commercialize Alta Vista, licensing the technology and possibly offering advertising. The search engine that many of us have come to depend upon will remain free, Digital said.
The following profile of the five servers that constitute Alta Vista is summarized from the Alta Vista About page.