Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)

New Message Reply About this list Date view Thread view Subject view Author view

Richard Stallman (rms@santafe.edu)
Sun, 4 Oct 1998 15:23:48 -0600


    The GNU GPL discourages the sale of proprietary software by prohibiting
    anything using code covered by the license from being proprietary, and
    that's right.

    The proposed Cypherpunks license discourages the distribution of software
    with key recovery (= government back doors) by prohibiting anything using
    code covered by the license from having key recovery, and that's wrong.

Yes, exactly. To uphold freedom for all users is right; to impose
your specific preferences on users who want to do something else is
wrong, because it takes away their freedom.

I don't like back doors, but I support users' freedom to install back
doors, for the same reason I support your freedom of speech even when
you say things I don't like. The crucial thing is that each user
should be free to choose for perself; we must avoid giving a person,
company or government the power to choose for others.

The GNU GPL insists that everyone have the freedom to (1) see what is
inside the software they use, and (2) change it if they don't like it.

When everyone has this freedom, they can reject back doors, if they
want to. If an otherwise-useful program has a back door, people can
tell. (Most users would not have the training to recognize one, but
someone will spot it, and will warn the public.) They can also remove
the back door "feature", and distribute a modified version which has
the same useful features but no back door.

If instead you make a requirement of "no government back doors", but
you permit proprietary versions whose source code is secret, what will
be the result? If the person who makes a proprietary version obeys
your terms, it will have no government back door, but it might contain
something else bad, and no one could tell, including you.

What if someone makes a proprietary version and adds a back door?
That would violate your terms, but would you know? Let's suppose you
do know that your code was used, either because person says so or
because you figure it out. That does not enable you to tell that the
back door was added. Thus, as a practical matter, you cannot enforce
this requirement the way you can enforce the GNU GPL. (Once you know
your code was used, a violation of the GPL is blatantly obvious.)

Looking at the issue in a broader context, companies have the
resources to avoid using your code. No matter how useful your package
may be, they can write other code to do the same job.

If you convince the users that government back doors are a bad thing,
but they think that proprietary (non-free) programs are ok, they will
always have to take it on trust that a given proprietary software
product has no back doors. To be sure, if the product includes your
code, any back door would violate your terms (if only you knew about
it); but users will see no reason to insist on a product that uses
your code. They may just as well choose a product that uses some
other implementation of the same feature, and that alternative
implementation may not have any prohibition on adding a back door.

If instead we convince the users that non-free software is a bad
thing, or even only that non-free crypto software is a bad thing, that
does the job much more thoroughly. They may still choose a product
that uses some other implementation instead of your code, but if that
product is free software, they will be able to check its source for
back doors just the same.

The best way for the users to avoid *any* particular hidden misfeature
in software is to insist on using only free software.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19