Chapter 1
The End of the Export Restrictions
In 1999, the US finally relaxed the export laws covering cryptography. Under License Exception TSU pursuant to 15 C.F.R. Section 740.13(e), cryptographic software could now be exported freely to anyone in the world, with the exception of the Usual Suspects (Iran, Iraq, Cuba, and a few other countries). It allowed the publication of cryptographic software on the Internet, even if it meant that people from those blacklisted countries could download it as well. But there is an emergency break. Formally, to this day, the President of the United States can still at any time issue a decree that limits or bans the export and use of cryptography.
Though this seems a great concession, it was merely the formalization of the existing situation. A new phenomenon had given rise to an immense amount of cryptographic software being available on the Internet, following something started in 1984 by a former MIT graduate, Richard Stallman.
Free Software
Richard Stallman wanted to share his software with others. He wanted to continually improve the software, and share these improvements. However, no vendors were interested in giving away their software; they wanted to sell many copies to everyone. In 1982 Stallman began to write alternative software from scratch—software that everyone was allowed to copy and modify as they saw fit. He wrote various key tools that we now take for granted, as part of his 'GNU: Gnu's Not Unix' project. He wrote the GNU C compiler, GNU make, Emacs, and much more. In 1985 he founded the Free Software Foundation.
He had rewritten most of the tools that came with the commercial Unix operating systems; all he needed was the core of the system itself, the kernel. As it turned out, Linus Torvalds from Finland had just written that part and released his Linux kernel on 25 August 1991. The GNU project tools, together with the Linux kernel, provided a completely free operating system for the first time ever. In parallel with that, another Unix operating system, the AT&T BSD code, was being rewritten. Though the source code was available, it still came with restrictions, and you needed to buy a license from AT&T. NetBSD released its first distribution in April of 1993, which contained no AT&T code. Around the same time, another BSD variant, FreeBSD, was also released.
The GPL
The BSD variants allowed anyone to do whatever they wanted with the code, with the provision that an acknowledgment in the form of a copyright statement be visible in all products that used BSD code, a requirement that was eventually dropped as well. However, GNU software came with a strong philosophy. Though both the BSD people and the GNU people wanted to share their software with others, and collectively improve software and allow everyone the freedom to run, distribute, and change that software, the fundamental difference was that those in the GNU camp wanted to ensure that these freedoms would not be lost in the future. They wanted to prevent someone taking their code, and releasing an improved version that was licensed under non-free terms.
For this purpose, Richard Stallman created the GNU Public License (GPL), which applied copyright in a completely different way than usual. Normally, people use copyright to prevent their works from being distributed without their consent. The GPL copyright statement, also called
15
Introduction
copyleft, aimed to ensure that freely available source code could only be used in programs that also offered the same freedom to use, modify, and redistribute the source code. As they explain it in the preamble to the GPL:
To copyleft a program, we first state that it is copyrighted; then we add distribution terms, which are a legal instrument that gives everyone the rights to use, modify, and redistribute the program's code or any program derived from it but only if the distribution terms are unchanged. Thus, the code and the freedoms become legally inseparable.
This is usually expressed within the community in the phrase, "Free as in freedom, not beer", referring to the difference between free and gratis. Free beer is great, but it's a different kind of free to free as in freedom. It is perfectly legal to sell software covered under the GPL. In fact, GPL software now powers many small appliances, ranging from wireless access points, to phones, to specialized industrial computers. Sometimes, vendors take GPL code, use it, and refuse to give the source code to someone asking for it. Several court cases have now upheld the license conditions of the GPL, and most infringing vendors quickly settle out of court because they know they would lose. Vendors that have produced source code in response to lawsuits on GPL violations include Cisco/Linksys, TomTom, Fujitsu-Siemens, Asus, Sitecom, Edimax, and Belkin. Another huge court case, between the SCO group and IBM, is ongoing, with SCO claiming that IBM stole code, which IBM then released under the GPL. To date, all of SCO's claims have been disproved by both the free software community at large, and more importantly, the court. However, the case is still underway and SCO has yet to come up with verifiable proof. The outcome of this court case is expected to firmly confirm the legal standing of the GPL in court.
Free as in Verifiable
Especially for cryptography, it is essential that the code is free. One can never trust a cryptographic machine whose internal workings are unknown. Because it is impossible to detect whether such a black box is doing something subtly bad, such as leaking key information, or using a set of bad or predefined random numbers, either of which would fundamentally undermine the security of the encryption in a completely undetectable way.
One should never, under any circumstances, trust cryptographic software without having the source code of the software to verify the absence of insecure or malicious code.
Even now, many governments do not even have the source code of their own digital tapping rooms, and they are at the mercy of certain vendors and the governments of those vendors.
The Open Source Movement
The term open source software is often used when talking about free software. It was coined by Eric Raymond to make free software more appealing to corporations. It was believed that the term free was misinterpreted by commercial companies to mean gratis, which was believed to be a reason why many companies shied away from such free software. It was also thought to have an image of being free and unsupported. A myriad of free and open source licenses have now appeared, as each vendor's lawyers want its license to be phrased slightly differently for a certain legal reason.
16