Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

PGP attracts litigation yet again

28 May 1997, Workgroup Computing Report:

PGP attracts litigation yet again

Users of encryption software from Pretty Good Privacy Inc (PGP) could find themselves using illegal products if rival RSA Data Security is successful in a new lawsuit against PGP. RSA accuses PGP of refusing an audit request. End users need not worry about a visit from RSA's legal team just yet, says Vic Wheatman, vice president of the Gartner Group, a market research and analysis firm. "I doubt anyone will try to sue an end user unless there is some outrageous abuse," Wheatman says. "The risk to users is that they may have to change products later on as a result of court action; something that takes years."

RSA accuses PGP of not opening files for audit as specified in a licence agreement between the two companies. RSA maintains that under its licence agreement with Lemcom Systems Inc of Phoenix, which merged with PGP in July 1996, RSA reserves the right to audit Lemcom (now PGP) files to ensure that a licensee neither gives away source code nor copies software illegally.

PGP accepted the licence agreement when it merged with Lemcom. PGP's encryption software is based on RSA's Digital Signature Algorithm. PGP has not violated the licence and has not missed a royalty payment, says Robert Kohn, general counsel and vice president for PGP. "All they have to do is show proof that they have paid for every copy of a program delivered to a customer and it will be over," says Jim Bidzos, RSA president. "Why do they refuse an audit? What are they trying to hide?"

PGP licenses encryption technology from RSA. Originally, PGP licensed the technology from Public Key Partners, a now-defunct partnership between RSA and Cylink Corp. Cylink sought a preliminary injunction in September 1995 to prevent RSA from licensing software to customers. As a result, Public Key dissolved but RSA won the case. Although the partnership dissolved, PGP still pays royalties into a Public Key account. RSA and Cylink divide the royalties. Lawyers managing the Public Key account were unavailable for comment.

Impact on the Messaging Market

Cylink sides with PGP in the latest RSA battle. "RSA has not discussed the matter with Cylink," says Robert Fougner, general counsel for Cylink and former general counsel for Public Key. "Until we hear more from RSA, our view is consistent with PGP's. RSA is trying to position itself, trying to put a stop to PGP before PGP is able to demonstrate the next step in the evolution of the industry, which is algorithm independence and using multiple public keys."

If a company were proven to be infringing a license, the situation "could have a serious impact on customers," said a lawyer specialising in intellectual property and licensing. If a developer or user is in possession of something that infringes a patent, they are also deemed to be infringing that patent. However, infringement of a licensing agreement by a consumer is difficult to prove because of the difficulty in identifying the exact nature of the infringement. Licensing agreement infringement could have bottom-line consequences because a company has dug into a competitoržs profits by selling technology or getting a product to market sooner.

Today's Encryption Scenario

In the early 1990s, the encryption industry slowed down as companies debated legal technicalities for licenses and patents. Today the messaging industry is ploughing ahead with new products instead of waiting for the legal battles to subside. Encryption is becoming a battleground as companies position themselves for a stake of the electronic commerce market.

Battles over encryption are more urgent as encryption vendors strive to make their algorithm the industry standard. For instance, just a few weeks ago, Netscape and Microsoft announced shipment of browsers integrated with secure multipurpose Internet mail (SMIME) extensions. Similarly, encryption products using the Elliptic Curve Crypto (ECC) algorithm are looming on the horizon. Certicom Corp, based in Toronto, is developing products using ECC in electronic commerce applications. IBM announced last week theoretical breakthroughs on new encryption algorithms, which may spur a new round of innovation, even though usable products are years away.

The rapid movement in the market may have sparked the conflict between RSA and PGP, Gartner Group's Wheatman says. The lawsuit could be part of RSA's jockeying for position in a crowded market. PGP is planning to release PGP 5.0 later this year, PGP's Kohn says. The new version of PGP will be algorithm independent, meaning it can support a variety of encryption algorithms. RSAžs tool kit is already algorithm independent.

Encryption software used to be free, but its rapid commercialisation lies at the heart of the current conflict, Wheatman says.



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved