Even though there's plenty of life left in 1991 -- including cold nights aplenty for many of you and months of rain (we hope) for us in drought-weary California -- we're anxious to get on with the coming year. No, it isn't that we're eager to file next year's tax returns. (After all, say statisticians, we just finished paying off the government this year). It's just that the topics DDJ will be covering in 1992 have us champing at the proverbial bit (or is that byte?). Here's the 1992 DDJ Editorial Calendar:
These aren't the only topics we'll be covering, of course. You'll also find embedded systems and real-time programming, encryption, memory management, data structures, biocomputing, and dozens of other articles presenting useful, interesting tools and techniques. Our fundamental approach remains the same: one programmer talking to -- and sharing ideas and techniques with -- other programmers. And you can be assured there will be lots of source code.
For questions about article submissions and author guidelines, contact Tami Zemel.
This being our annual C issue, it seems the perfect time to introduce a new, ongoing feature we call "C Language Q&A" that answers some of the most frequently asked questions that arise in the comp.lang.c newsgroup on the Usenet distributed conferencing system. Steve Summit compiled the questions and wrote up the answers.
A more complete version of this series (with references) is available from Steve at scs@adam.mit.edu or on Usenet. The questions here aren't in any particular order, nor will you find them on a regular page in this or subsequent issues -- they're scattered throughout, starting with page 78 this month.
If you have questions about C or about Steve's answers, drop us a note here, or contact Steve via net mail. Eventually, we hope to provide similar Q&As on other topics.
Since last month, there have been some developments concerning the Electronic Frontier Foundation, privacy, data encryption, and Senate Bill 266. To recap: SB266 was a Biden-backed bill proposing that government agents be provided a backdoor to encryption engines used for voice and data: "...providers of electronic communications services and manufacturers of electronic communications service equipment shall insure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications...."
After comments from the EFF and others, Sen. Patrick Leahy (D-Vt.), chair of the subcommittee on technology and the law, shelved 266. It was then resubmitted as Omnibus Crime Bill SB1241 -- without the onerous passage.
That's not to say the issue is dead. The FBI is still pushing for the proposal, and opponents worry it will find its way into law through conference committee, riders, or other laws. If you agree that the sentiments behind SB266 are villainous, let your elected representative know.
Coincidentally, the ink was hardly dry on last month's edition before Microsoft threw its hat into the encryption ring, announcing licensing of RSA Data Security's patented public-key encryption technology. Bill Gates himself attended the tiny press conference, noting that the most significant announcements sometimes come in the smallest packages. Hyperbole aside, it was an important turn of events -- for Microsoft, RSA, and millions of computer users.
RSA is the immediate winner. The small company got a big endorsement for technology that's on its way to becoming a de facto standard. (Lotus, DEC, Novell, and others also license RSA toolkits.) Although Gates didn't give a time frame, he did say Microsoft will build encryption technology and security features into future versions of its operating systems. The Bespectacled One added that encryption is central -- perhaps critical -- to Redmond's plans for the future.
Not that Microsoft has anything to hide. The company's interest is as much with authentication as privacy. With public-key encryption, you know the person who says he sent you a document did in fact send it -- not someone else. This is accomplished via a digital signature and public and private keys. In short, authentication is absolutely vital to the adoption and success of electronic messaging. Additionally, public-key encryption can be used for electronic software distribution.
All of this talk about de facto encryption standards may go up in smoke, however, because of the National Institute of Standards and Technology's recent announcement to develop a proposal for a standard based on the NSA-backed EIGamal public-key encryption algorithm. While it isn't compulsory for private business or government agencies to adopt EIGamal, many likely will if the proposal ever sees the light of day. There are holes galore in the NIST proposal, ranging from the lack of a prerequisite hashing function to the possibility of an open door for a backdoor. Public hearings before the House Subcommittee on Technology and Competitiveness are in the offing and I bet comments will be vociferous.
Because we haven't discussed software patents for a while doesn't mean the problem has gone away. The good news is that the Secretary of Commerce has convened a commission to investigate patent reforms. To this end, the Patent and Trademark Office published in the Federal Registry on May 15, 1991 a call for public input on a variety of patent issues, including software. The bad news is that comments were accepted only until July 15, 1991. (Two months hardly seems like enough time.) After July 15th, contact either the U.S. Patent and Trademark Office, Box 15, Washington, D.C. or the Senate Subcommittee on Patents, Trademarks, and Copyrights. The Secretary of Commerce is due to receive the final report in August, 1992.
In an effort to get more software expertise into the patent process, the PTO has loosened the requirements for patent agents -- those folks who present patents to the PTO (with or without the help of patent lawyers). Until recently, you had to have an EE or a similar background to be considered qualified to take the PTO patent exam that tests mastery of patent laws. Now a computer science degree, along with a passing score on the test, gets you into the thick of things.
More good news on the software patent front came from U.S. District Judge Michael Mukasey, who ruled that in New York, you can't beg, borrow, buy, or steal an interest in a patent merely to launch a patent-infringement lawsuit. The case revolved around Refac Development's 1989 suit charging that Lotus, Ashton-Tate, Borland, CAI, Microsoft, and Informix infringed upon Forward Reference Systems Ltd.'s patent. In 1989, Forward Reference turned over five percent of the farm to Refac on the condition that Refac sue the above mentioned vendors. That's a no-no in New York (and several other states), says Judge Mukasey. (New York's "champerty" laws say you can't help foot the bill for someone else's lawsuit simply for a slice of the pie.) There's nothing to prevent Forward Reference from coming back and launching its own lawsuit, however.
This isn't to say that software patents are a good thing -- I don't think they are. Copyright is a better way of protecting intellectual property. I'll root for the technologically astute David who develops and protects a unique technique, then fights and wins against a corporate Goliath who steals it away. But I suspect most software patents are being granted to large corporations that already hold hundreds of patents -- not to individuals working on their own.
It should come as no surprise that contentious, yet seemingly unrelated topics such as software patents and data encryption are at times related. If you don't think so, ask Phil Zimmerman, a software engineer and head honcho of Phil's Pretty Good Software in Boulder, Colorado, who wrote a freeware encryption program called Pretty Good Privacy (PGP) and distributed it across the networks. The rub is that Phil knowingly implemented the patented RSA encryption algorithm (U.S. #4,405,829) without first licensing it from Public Key Partners (PKP), a sister company of RSA Data Security. (MIT apparently holds the actual patent, while PKP holds the rights to license the patent. Interestingly, the algorithm is not patented in Europe, where it enjoys widespread use.) Phil states in his documentation that it is the responsibility of users to obtain proper licenses from RSA or PKP, even though PKP doesn't currently license to end users.
Network messaging was fast and often furious, as people -- including members of the EFF -- argued about encryption, patents, how they interact, and whether or not Zimmerman had the right to do what he did. Ultimately, at least one online system pulled PGP from its library. About then, PKP and Zimmerman began exploring ways of resolving the problem. The upshot is that Phil has agreed not to distribute updated versions of his software, and PKP has agreed not to sue.
RSA Data Security acknowledges there's a need for more information -- particularly source code -- about the RSA algorithm. Consequently, the company will within the next few weeks be distributing free of charge across the Internet, C code for PEM (Privacy Enhanced Mail), a program that implements RSA public-key encryption. We'll provide more information on PEM as it becomes available.
Copyright © 1991, Dr. Dobb's JournalJanuary Programming Advanced Architectures
February Protected-Mode Programming
March Assembly Language Programming
April Advanced Algorithms
May Data Communications
June Scientific and Engineering Programming
July Graphics Programming
August C Programming
September Debugging Tools and Techniques
October Object-Oriented Programming
November User Interfaces
December New Dimensions in Data
C Language Q&A
Encryption Update
Patent Update
PGP, PKP, and the Tie that Binds