[Cryptography] Darpa wants a secure messaging app based on blockchains

Wed Apr 27 16:54:10 EDT 2016

At 12:24 PM 4/27/2016, Jerry Leichter wrote:
>>> There's nothing in the SBIR proposal that calls for back doors.  That was Henry's cynical comment.
>> Cynical, yes, but...
>> 
>> If perchance the proposer comes up with something interesting, the govt can:
>> 
>> * classify the whole thing
>> * take over the code
>> * issue an NSL to keep everyone quiet
>> 
>> or
>> 
>> * force installation of backdoor
>> * issue an NSL to keep everyone quiet
>> 
>> Yes, this would be a violation of the spirit of SBIR, which is intended to incentivize commercialization, but good luck suing...
>
>And what, exactly, in this litany of "maybe"'s couldn't happen *if the SBIR didn't exist at all*?  Just what is it you're concerned about?
>
>The SBIR doesn't even pretend that it's funding the building of a product for normal users - it's funding the creation of a product for the USG to use, and in particular for the military and intelligence communities.  If they want a back door ... well, that's their call - though I very much doubt the NSA would want a back door in something built for USG use.  They know the liabilities just as well as anyone outside - and they can get what they need because they control key distribution.
>
>As for classification ... this one looks to me like an engineering project more than a research product.  The basic techniques are all out there - it's a matter of putting them to use toward a particular end.  *Maybe* there's a need for something new for scalability; maybe not.  If they classify it, someone else can do the same work.
>
>> So the only hope is that the project becomes open-source, so that any user can examine all of the source code.
>
>Actually, I think it's great that the *proposal* is out there!  Its a nifty-sounding idea and it may inspire *someone else* to go build an open source version along similar lines.

www.sbir.gov/sites/default/files/sbir_pd_with_1-8-14_amendments_2-24-14.pdf

"In general, each SBIR agency must make these awards for R/R&D through the following uniform, three-phase process:

"(1) Phase I awards to determine, insofar as possible, the scientific and technical merit and feasibility of ideas that appear to have ***commercial potential.***

"(2) Phase II awards to further develop work from Phase I that meets particular program needs and exhibits potential for ***commercial application.***

"(3) Phase III awards where ***commercial applications*** of SBIR-funded R/R&D are funded by non-Federal sources of capital; or where products, services or further research intended for use by the Federal Government are funded by follow-on non-SBIR Federal Funding Agreements."

...

"(2) Proposals will be evaluated on a competitive basis.  Agency criteria used to evaluate SBIR proposals must give consideration to the scientific and technical merit and feasibility of the proposal along with its ***potential for commercialization.***  ...

"(3) Agency benchmarks for ***progress towards commercialization.***"

...

"(3) The SBIR Phase II award decision process requires, among other things, consideration of a proposal's ***commercial potential.***  ***Commercial potential*** includes the potential to transition the technology to private sector applications, Government applications, or Government contractor applications."

"Phase III work is typically oriented towards ***commercialization*** of SBIR research or technology."

-----
SBIR isn't supposed to be used for programs that don't have "commercial potential", because you can't get on the first rung of the SBIR ladder ("Phase I") without "commercial potential".  Now "commercial potential" includes follow-on non-SBIR sales (including classified sales) to the govt, but it's next to impossible to raise investment funds based on govt/classified sales to a single customer.

"(i) commercial application (including testing and evaluation of products, services or technologies for use in technical or ***weapons systems***)"

I'm at a bit of a loss to understand to whom -- other than the govt -- an SBIR company is allowed to sell its SBIR-financed "weapons system".