CNET también está disponible en español.

Ir a español

Don't show this again


RSA suit against PGP back on track

A suit between arch rivals RSA Data Security and Pretty Good Privacy is back on track now that a third party, Cylink, has withdrawn from the fight.

A suit between arch rivals RSA Data Security and Pretty Good Privacy is back on track now that a third party, Cylink, has decided to bow out of the legal battle.

RSA sued PGP in California state court in May seeking a ruling that the license PGP cites to use RSA patents is invalid. PGP says the suit is without merit.

But before the two parties could hash out their differences, Cylink joined the fray by claiming that RSA didn't have the sole authority to terminate PGP's license. Cylink cited a partnership it joined into with RSA in 1990. The two companies intended to use the alliance, called Public Key Partners or PKP, to license a suite of encryption patents to third parties.

"Cylink unfortunately cannot agree that RSA has a unilateral right to terminate a PKP license," Cylink's general counsel Bob Fougner wrote in a letter shortly after RSA sued PGP. "Since RSA's purported termination affects both parties' rights, it must be deemed ineffective without Cylink's consent."

It was by no means the first time Cylink and RSA had disagreed. In December, the two companies settled a patent dispute in which the companies agreed to a cross-licensing deal. Cylink's assertion essentially put the RSA suit on hold until Cylink and RSA were able to settle their differences.

Late last week RSA posted a new letter from Fougner announcing that Cylink had dropped its claims. "Pursuant to an agreement of the two partners of PKP...RSA has the sole and exclusive right to enforce such license agreement or the [RSA] patent," Fougner wrote in an August 19 letter. "RSA's exclusive right to enforce such license agreement includes, without limitation, terminating such license agreement."

With the dispute between Cylink and RSA resolved, the suit between RSA and PGP is likely to resume, attorneys involved in the case said.

"Now there's no real issues of our authority" to terminate PGP's license, said Jim Busselle, an attorney representing RSA. "What is going to happen now is that the PGP litigation will heat back up."

RSA's suit alleges that PGP's license is invalid. PGP obtained the license when it merged last year with Lemcom Systems. RSA claims that the merger resulted in Lemcom "assigning" the license to PGP, something forbidden by the terms.

The suit also claims that even if PGP's license were valid, PGP is still violating terms of the agreement by, among other things, allowing customers to make multiple copies of the software.

Robert Kohn, general counsel for PGP, dismissed RSA's assertions, saying the lawsuit was filed only after PGP posed a serious threat to RSA's business. The suit "has more to do with PGP's success than it does with any legal issue," Kohn said.

Indeed, PGP has made life more difficult for RSA. Just last week, the Internet Engineering Task Force said it was close to dismissing an encryption protocol submitted by RSA for consideration as an Internet standard and was instead taking up a technology submitted by PGP.

It remains unclear what effect RSA's lawsuit would have. Some industry observers say RSA has created the de facto standard and that PGP's ability to compete would be crippled if it were forbidden use of the technology.

Kohn discounted such claims, saying RSA's algorithm is not a key part of PGP's product and that RSA's attempts to lock others out of the market are backfiring.

"[The RSA] patent is only one of at least ten important algorithms used by the encryption industry," Kohn said. "RSA is simply becoming a legacy and part of the reason why is their proprietary stance."