Date: Sun, 4 Oct 1998 15:23:48 -0600 From: Richard Stallman <firstname.lastname@example.org> To: email@example.com The GNU GPL discourages the sale of proprietary software by prohibiting anything using code covered by the license from being proprietary, and that's right. The proposed Cypherpunks license discourages the distribution of software with key recovery (= government back doors) by prohibiting anything using code covered by the license from having key recovery, and that's wrong. Yes, exactly. To uphold freedom for all users is right; to impose your specific preferences on users who want to do something else is wrong, because it takes away their freedom. I don't like back doors, but I support users' freedom to install back doors, for the same reason I support your freedom of speech even when you say things I don't like. The crucial thing is that each user should be free to choose for perself; we must avoid giving a person, company or government the power to choose for others. The GNU GPL insists that everyone have the freedom to (1) see what is inside the software they use, and (2) change it if they don't like it. When everyone has this freedom, they can reject back doors, if they want to. If an otherwise-useful program has a back door, people can tell. (Most users would not have the training to recognize one, but someone will spot it, and will warn the public.) They can also remove the back door "feature", and distribute a modified version which has the same useful features but no back door. If instead you make a requirement of "no government back doors", but you permit proprietary versions whose source code is secret, what will be the result? If the person who makes a proprietary version obeys your terms, it will have no government back door, but it might contain something else bad, and no one could tell, including you. What if someone makes a proprietary version and adds a back door? That would violate your terms, but would you know? Let's suppose you do know that your code was used, either because person says so or because you figure it out. That does not enable you to tell that the back door was added. Thus, as a practical matter, you cannot enforce this requirement the way you can enforce the GNU GPL. (Once you know your code was used, a violation of the GPL is blatantly obvious.) Looking at the issue in a broader context, companies have the resources to avoid using your code. No matter how useful your package may be, they can write other code to do the same job. If you convince the users that government back doors are a bad thing, but they think that proprietary (non-free) programs are ok, they will always have to take it on trust that a given proprietary software product has no back doors. To be sure, if the product includes your code, any back door would violate your terms (if only you knew about it); but users will see no reason to insist on a product that uses your code. They may just as well choose a product that uses some other implementation of the same feature, and that alternative implementation may not have any prohibition on adding a back door. If instead we convince the users that non-free software is a bad thing, or even only that non-free crypto software is a bad thing, that does the job much more thoroughly. They may still choose a product that uses some other implementation instead of your code, but if that product is free software, they will be able to check its source for back doors just the same. The best way for the users to avoid *any* particular hidden misfeature in software is to insist on using only free software.