IP: request for comments on US-Funded Academic Research and Patents (e.g., RSA)

[David Farber <farber () cis upenn edu>]

To: David Farber <farber () cis upenn edu>
From: Vin McLellan <vin () shore net>
Subject: US-Funded Academic Research and  Patents (e.g., RSA)
Date: Sat, 25 Sep 1999 19:18:18 -0400

G'day Dave,

         If the readers of IP could validate or correct me (before I get
chewed up too bad on the Cyberpunk list, where I just posted this note), I
would appreciate it.     Regards,     _Vin
-----------------

         After reading my comments about Russ Nelson's satire on RSA Data
Security, Inc. (9/19/99 in the C'punk archive at <www.inet-one.com>)
Carl Chatski <chatski () gl umbc edu> wriggled out of a hole and burped:

> > Wasn't the RSA technology, stolen from the american people who paid for
> > it, and fenced by RSA Corp.?

         Bill Stewart <bill.stewart () pobox com> replied:

> University research that's patentable often works that way,
> though corporate-funded university research doesn't have the
> ethical problems in doing so that taxation-funded research does.
> Get used to it.  The big difference in our field is that until
> about 20 years ago, math, algorithms, and software weren't patentable,
> so it was only people in the physical and sometimes biological sciences
> who could do that.
>
> On the other hand, corporate-funded university research often
> gets published and becomes available to the public.

         I wasn't going to reply to Mr. Chatski's troll until Bill Stewart,
whose comments I often appreciate, echoed Chatski's childish ignorance.
Rather than let any young folk who read this get misled by this whimsical
Communard sentiment, I decided to spell out what I understand to be the
logic by which government-funded research in the US is allowed to be
submitted for patent protection.

         For the record, Rivest, Shamir, and Adleman were MIT grad students
-- not employees of either the US Government or the University -- when they
invented the RSA public key cryptosystem.  Adi Shamir is an Israeli citizen.
Ron Rivest, however, was studying at MIT and doing research in algrorithms
(not crypto, per se) under a NSF grant.

         In gratitude -- not because he had to credit the NSF for the time he
and the others spent in their bull sessions debating approaches to the
asymmetric crypto challenge posed by Whit Diffie and Marty Hellman -- Rivest
acknowledged his NSF support in the initial publication of the paper on the
RSA PKC, and subsequently in MIT's patent application.  This acknowledgement
led to the US government being granted a royalty-free nonexclusive license
to practice RSA.

         The "American People," institutionally, have always had unfettered
access to RSA's PKC.

         It is *not* standard practice for government grants to require that
patents resulting from government-funded academic research to be placed in
the public domain (i.e., effectively not to allow patent on results of such
research.)  I'm sure this has been considered, but it was judged to be in no
one's best interest.

         A new technology turns out to be more effectively disseminated, to
the benefit of society as a whole, if the inventors are allowed to patent
their research.  This is because a patent is often a crucial factor in
attracting capital investment, so the technology can be developed, a market
developed, and plausible implementations explored. (E.g., the RSA PKCS
series, and the RSA-based protocols like SET, S/MIME, etc., etc.)

         Without some protective guarantee, capital is much more difficult to
put in place -- and without capital for market development, many  inventions
sit on the shelf.

         There is, obviously, a trade-off -- but it was the judgement of
those who designed federal support for basic science and applied technology
programs  that allowing patents to be issued on the results of
government-funded reseach is, by and large, the better and more productive
path.

         The federal programs developed to support scientific research after
WW II were notably savvy about the need for capital formation to exploit and
diffuse new technologies.   Agencies like ARPA were often guided by top
researchers who had probably seen many promising technologies lie dormant
because they could not attract capital investment to develop them.
 
         (The computer industry as a whole, a least through the late
1960s,was in large part the result of such federal investment strategy.  Up
through the late 1960s, the pace and direction of the infant computer
technology was guided by a long series of targeted grants and RFPs from the
NSA and its predecessor agencies.  From such awkward beginnings.... ;-)

         Taxpayers do not have to pay in order to give the US Government
access to RSA public key technologies, and the government runs better
because it can use this technology.

         Had the NSA not forced the federal government sacrifice much of the
efficiencies of PKI in order to impose a key-escrow system on federal
communication networks -- designing federal networks for "third-party"
surreptitous eavesdropping, in a futile attempt to bully corporate America
into the same wasteful "surveillance" model -- those efficiencies were
available years before the Gore Commission rediscovered them.

                         Suerte,
                                         _Vin
          --------
   "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good
and ill... yet basically an intellectual construct, an idea, which by its
nature will resist efforts to restrict it to bureaucrats and others who deem
only themselves worthy of such Privilege."
                   _A Thinking Man's Creed for Crypto  _vbm
 
      *    Vin McLellan + The Privacy Guild + <vin () shore net>    *