Bill Gates on Privacy
Monday, September 29, 1997 by Dave Winer.
Privacy should be as big an issue on the net today as free speech was in early 1996. I haven't written about it yet, because like many people, I'm confused. The core of my confusion comes from the difficulty of it.
After getting an email last week from Bill Gates (following) I decided to do whatever it took to get into the signed messages world, to learn about encryption, to catch up on the history, to understand the issues, and to have an informed opinion on where we should go.
First, the email from Gates.
From Bill Gates, firstname.lastname@example.org:
Since I last sent you email on this topic things have gotten a lot worse.
The FBI and the Administration have bills in both the Congress and the Senate that would force all software sold in the United States by 1999 to allow the government to get at the keys without the user knowing.
Besides the issues of this making it very difficult for us to sell software to countries like Germany and Canada who want strong encryption without any backdoor and the issue of how to have the old software work with the new, there is a huge issue of privacy here. The backdoors that the government is requiring would create a huge security hole that could be misused.
I am spending a lot of time on this - calling Congressmen and Senators. However the FBI and the administration are suggesting that restricting the software industry is key to fighting criminals. Of course they don't say that criminals will still find it very easy to pre-encrypt the information they send.
For some reason the public isn't hearing about this issue at all. I can't believe there isn't more of an outcry. When it went from an export restriction to a restriction on sofware in the US there should have been a lot of headlines.
I got an email from Bill Gates! That's exciting. Now...
Did it really come from him?
How can I tell?
Let's say you're sending an email to your stock broker, ordering the sale of 100,000 shares of Microsoft to be invested in a new high tech IPO.
Would you want your broker to accept the order from anyone? And, if the broker executed a bogus order, and you lost a lot of money, who would pay for the loss?
It's pretty clear that both the client and the broker have a strong interest in authentic communication.
OK -- let's say I'm selling a company. This is something I can relate to, because in 1987 I sold a company to Symantec. Microsoft was in the loop too. Their offer to buy my company was the trigger-pull that put our company, Living Videotext, into play.
Email goes back and forth between board members and the prospective buyers and their board members and execs. Accountants, lawyers, all kinds of consultants, are in the loop too.
Without thinking, we don't wonder who could be listening in to our conversation, and how damaging it could be to our interests if the negotiations weren't private.
We assume our electronic conversations are private, but what if they aren't?
Right now, in the US, we have a government that's legally commited to free speech, guaranteed by courts and protected by the Constitution. But we could have a revolution or a coup, a totalitarian government comes in, and decides to cleanse society of its opposition. It's happened before, it could happen here, it's certain to happen somewhere in the world, sometime soon.
Before the coup, a group in the FBI, with powerful surveillance software, captures the email streams of everyone they want to discredit after the revolt. With electronic technologies that exist today their net could be very broad. And with database and natural language software they could query huge amounts of email. Or they could archive messages, awaiting technology that would allow computers to really understand what people are saying in their emails.
Even dictatorships depend on the support of the people. Hitler went on campaign against Jews. Ethnic cleansing in Bosnia. A new cyberdictator could ask his MIS department to do a query against the email database. Find me six million people to kill, and give me a reason to kill them.
We like computers, but please understand that they could be used to hurt or kill people too. Perhaps we live in a benevolent society, but that could change.
What to do? It's really simple. Upgrade! It's confusing, but it's legal. If you're a US citizen, you have the right to sign your messages and make them private.
Once the software is installed you can use Eudora or Claris Emailer to send signed or private email by clicking on an icon in an email window and entering a password into a dialog box after you send the message.
To Bill Gates, and other software developers, let's embrace the expense of producing different versions of the software for the US and outside. Let's invest in making it trivially simple for people to send secure messages, with the absolute minimum of setup and maintenence.
Let's behave as if the laws that are under consideration in the US Congress won't pass. Set a direction now, while we still have our rights. Build an installed base that's educated and informed.
It's in all our interests to work together. The software industry, at its best, is about creativity and free expression. A bit of money, some extra effort, will pay off in goodwill and future profits.
Key point: today, both digital signing and encryption are legal and except for international rules imposed by the US government, unregulated. Once we've bootstrapped a large installed base of secure communicators, it will be more difficult for the goverment to interfere.
Bill, the anti-CDA effort was easier to organize because the issues were clearer. Millions of people were using the web when the government invaded. If millions of people used secure email, the issues would be clearer to more people.
PS: October 7 is the three-year anniversary of DaveNet.
PPS: We shipped the first public alpha of Frontier 5.0 on Saturday. Links on the Scripting News home page. Exciting times!
PPPS: Tomorrow is the live event in SF. 7:30PM. Moscone. Free and open to the public.
PPPPS: As an experiment I signed this email message.