cypherpunks-legacy
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
- 130025 discussions
Atlantic was largely not a complete disaster because of signals
intelligence work? A few people know.
What is signals intelligence? Why does the government care so
much about this? Signals intelligence, put simply, is the busi-
ness of reading other peoples' mail. That's it, most baldly.
It's the interception of communications, whatever form those
communications take. And it's a very, very big thing with the
government. The National Security Agency basically has two
jobs. One of them is to be this gigantic ear out there
that listens to all the communications that it can unearth.
Period. Now one of the problems is that lots of foreign
governments don't like having all their communications listened
to. I don't know why. [LAUGHTER] And lots of private
individuals don't like having all their communications
intercepted. So they tend to use cryptography. So one of the
other big things that the National Security Agency spends
billions of dollars a year on is research in code breaking
-- how to break cryptographically protected messages.
The other half of what the N.S.A. is try to keep foreign
governments from doing the same thing to us. They're also in the
business of developing codes and trying to protect the United
States government and government contractors from having their
communications intercepted. Naturally there's a small conflict
here, because the people who spend their days trying to break
other countries' codes and foreign companies' codes and American
citizens' codes, they're not supposed to do that anymore. At
the Congressional hearings in the Seventies they promised to
stop doing that.
Anyway, the people who spend their days monitoring, you know,
cellular telephone calls in Moscow would prefer that the
technology developed by the people who are developing ways to
keep the United States government's communications secure not
get into the hands of the people who are trying to make cellular
telephone calls in Moscow, because they want to be able to listen
to all of this stuff.
So we've got this conflict between the two halves of the National
Security Agency, and the side that wins is almost always the
people that slurp up traffic. They never talk about any of the
techniques they use, and they try to keep them as secret as
possible. And until the early 1970s there was almost no private
sector research on cryptography done in the world. The National
Security Agency had a monopoly on information about cryptography,
and to this day they never have said -- they still have a great
reluctance to declassify things from the Second World War. Put
it that way.
By the way, the National Security Agency is truly huge. They
have at least ninety thousand employees that we know of. They
occupy the entire Ft. Meade military base just outside of
Washington. It really is bigger than all the other intelligence
agencies put together. It's of course an agency that's extremely
secretive, and until the 1970s they did not even admit that the
N.S.A. existed. N.S.A. was said to stand for "No Such Agency."
Something rather interesting happened, however, in the early
Seventies, which is that a few computer scientists and
mathematicians, specifically Whitfield Diffy, Ralph Merkel and
Martin Helman, came up with the first major discovery in
cryptography outside of the government sector in about fifty or
sixty years, which was this notion called "public key
cryptography." It's an idea that was so feared by the National
Security Agency that they actually attempted to quash all open
research and publication on the subject. They discovered that
it was not possible to do so, much to their chagrin. This little
thing called the First Amendment gets in the way. But to this
day they attempt with every means possible that they can to try
to deter research in the public sector.
Now what was it that Diffy, Helman and Merkel came up with that
they considered to be so dangerous? I have to explain a little
bit more about cryptography than I like to in order to explain
this. The reason it's more than I'd like to is because frankly
unless you're really interested on an intimate level cryptography
gets rather boring. It's like discussing the details of auto
mechanics. It doesn't make for interesting talks. But I'll talk
about it for a minute anyway.
All modern cryptosystems have two components to them. There is
an algorithm and there is a key. The algorithm is basically
your recipe for saying how you're going to take your message in
on one end, scramble it up and spit it out the other end. But
the algorithm is not a complete recipe. It's missing a portion.
That portion is the key. The idea is that by having this thing
called a key, that's -- it's just like a key to a lock in a door.
Thousands of people can own exactly the same model of Yale lock
all over this city, but because each of them uses a different
key on their lock two people who own the same brand of lock can't
open each other's doors. Well, it's exactly the same idea. By
separating out this small piece of information -- it's usually a
large number these days -- two users of a system can -- different
people can communicate using the same cryptographic system without
being able to read each other's messages, and indeed one of the
rules for designing cryptosystems is that the cryptosystem should
only depend on the key for secrecy.
You should be able to tell people exactly how you're encrypting
things, but just not tell them what the key is. And they should
be unable to decipher your traffic no matter how hard they try.
Now most people know that -- you know, your ordinary door, you
walk up to it, you unlock it, use a key, you lock it again, you
use the same key. This is actually the way that most
cryptosystems used to be before Diffy, Helman and Merkel. Now
this causes a problem. Let's say that I want to communicate with
Dave. Okay. Now we have to exchange a key securely. I can't
just call him up on the phone and say, "Hey, Dave. This is the
key we're going to use," because someone can be tapping the
phone line. I have to actually go up to Dave, you know, hand
him the key, and then go off -- or send a courier and then go
off and later on communicate with it. But let's say that I want
to then communicate with, say, you. I can't use the same key I'm
using with Dave, because then you could read the traffic and I
wouldn't necessarily want you to be able to read the traffic.
So okay, now I have two sets of keys. Well, let's say I'm
communicating with several hundred people regularly. Well,
I have to exchange keys with all of them. This is an enormous
pain in the ass. What Merkel, Helman and Diffy came up with was
something called the public key concept. It's a really neat idea.
Imagine for a moment -- imagine a mailbox for a moment that has a
mail slot in it. Okay? And once something's been stuck in the
mail slot it's inside the mailbox and the only way to open the
mailbox is with this key. But anyone can stuff things into the
mail slot. Anyone can put things in, but only the owner of the
key to open the mailbox can get things out. The idea that they
had was this. Let's say that we had cryptography systems in which
there were two keys, two keys that cannot be determined from each
other. I cannot figure out what one of the keys is based on what
the other key is. One of the keys encrypts things: takes them,
scrambles them up, makes them look like gibberish. You cannot,
however, unscramble things with that key. You need the second
key in order to descramble things.
The scrambling key is the encryption key, or the public key. It's
called a public key because I can give it away. I can put in the
phonebook or in an ad in the New York Times or anywhere else I
want, "this is my public key." Anyone on earth can use that,
because you cannot determine from that key what the decryption
or private key is, the key that I keep to myself, that I don't
tell anyone, and which is the only way to read things that have
been scrambled up with the public key. Now this is a real
revolution.
Now I can just give thousands of people the same key to send mail
to me or to have phone conversations with me or what have you,
and all I have to do is keep one key private and I'm secure.
I no longer have any problem with key distribution. Now this
might not sound terribly revolutionary, but consider that we live
in the modern age and we've got lots of computers and computerized
telephone systems and things like that. Because of public key
cryptography -- and this is not practical without public key
cryptography -- I can build a telephone system where, every pair
of phones in the country have public keys associated with them
and the public keys are published off somewhere and when you pick
up the telephone and dial a number, your telephone asks a
database somewhere what the public key is for the number I'm
calling, finds it out and scrambles the entire telephone conver-
sation using that public key.
So instead of having to worry about and sweat over distributing
keys to everyone I talk to, I can afford to encrypt my conver-
sations with the corner store, or the pizza parlor that I'm
calling to give an order to. I can encrypt absolutely everything.
This wasn't practical before public key cryptography was invented.
Public key cryptography makes cryptography really cheap and easy
to use. This is something that the N.S.A. doesn't like, obviously,
and that's why they tried to keep this information from being
published to the point that N.S.A. officials who were apparently
not acting under official orders sent letters to lots of
publications telling them that if they published any information
on this they'd be violating acts about the publication of
classified information, and they tried to contend that all
research in cryptography was born secret and that once you wrote
a paper you couldn't read it again unless you had a security
clearance.
Unfortunately, as I mentioned, they were forced to back off of
this. There were lots of reasons for this, one of which is that
the courts didn't agree with them. One of them is that lots of
the research goes on in foreign countries, which, believe it or
not, are not run by the U.S. government, at least not all of them,
not yet.
But anyway, what happened was that in the early Seventies these
people came up with this new concept. This spurred an interesting
revolution, because suddenly lots of people in academia saw that
there was interesting research to be done in cryptography and that
they could do it outside of the N.S.A. Before the early 1970s all
the cryptographers in the United States for the most part who had
any degree of serious interest in the subject worked for the
N.S.A. That was it. That was your only career path. Now there
are thousands of people who work on cryptography in academia in
this country and in countries around the world, and it's a real
serious subject of study. There are conferences several times a
year, people publish this stuff in the open literature.
So there is now this thriving field of study, which the N.S.A.
really doesn't like -- because as I mentioned, the people who are
basically that big ear trying to listen to all the conversations
around the world -- and by the way, when I say they try to, I
really mean it. They've got listening posts all over the world
to try to intercept every possible radio transmission,
microwave-transmitted telephone call, every satellite-based
communication, everything they can get they tap-- you know,
cables going between foreign countries -- everything they can
possibly do to listen to as many conversations as they can.
MALE: Supposedly they monitor every overseas phone call in
this country.
PM: Yeah. Whether or not they actually do is a matter of speculation,
but it's thought by many that they do.
FEMALE: Well, they do sample.
DM: We don't know what they do for sure.
FEMALE: No, trust me.
DM: Okay.
FEMALE: So if you say, "Bomb the World Trade Center," they pick
up on those words.
DM: Possibly. Anyway -- while all of this was happening in the mid-
Seventies and early Eighties with cryptography developing as a
field of study, at the same time the computer revolution was
happening. Now computers -- I know that everyone on earth by
now has heard about -- has seen their People Magazine or Time
Magazine or Schlock Magazine No. 525th article on the Information
Superhighway, and the Internet and how wonderful it all is -- and
you probably all want to fall over and gag when you hear any more
hype from people who don't know what they're talking about.
Well, I'm going to give you some more hype, but at least I do know
what I'm talking about. The Internet is a really amazing thing.
I can sit in my office in New York and I can collaborate with an-
other person who's working in Australia and I can send mail to
friends of mine that gets there instantaneously who happen to be
in Finland -- or communicate with tens of thousands of people
that I've never met. If it wasn't for the Internet, I never would
have met Dave. In fact if it wasn't for the Internet the
Cypherpunks Movement would never have started, because all the
people involved in it found each other over the Net. Now in the
future, whether you like it or not, the Net's going to be where
you do your catalog shopping ...
DM: Perry, I just have to mention. There are about 700 plus
Cypherpunks today. I've met I think three of them in the flesh
in a year and a half.
PM: I've met more, but it's amazing how many people you get to know
and be friends with and you've never seen. But you know, I --
in the future it's possible for many kinds of work to be done
remotely thanks to these technologies. If you're a writer you
don't need to be anywhere in particular, do you? I mean you can
write your books in Fiji for all you care.
And if you're a reporter, unless you're a beat reporter and you
go out to interview the fireman at the fire or what have you, if
you're someone who, say, covers wider issues you can do your
business from almost anywhere that you've got a telephone and a
computer.
The Internet makes that an even bigger thing. In the future I'm
probably going to be able to send a little message down to the
pizza parlor around the corner and have a pizza delivered over
the Internet. Everything you do is going to be done over the Net.
MALE: Isn't it going to taste a little funny sucking through that wire?
PM: Well, no.
MALE: No worse than Domino's, I guess.
PM: It tastes fine once you encrypt the pizza. Anyway -- the thing
is that the Internet -- now when Dave said that the Internet is
an anarchic thing, this is not a lie. This is literally the
truth. The Internet has no central control, no central planning.
It's operated basically on the premise of, "Okay. I've got a
connection. Oh, you want to connect up? Okay. Connect up to
me." There is no such thing as a central Internet management
office. There is -- yes?
Q: What's the Internet Naming Authority?
PM: The I.A.N.A. is -- to the extent that there is any sort of central
organization, that can be said to be it. But what do they do?
They give out Internet numbers. If they stopped doing it, people
would probably start routing in NBGP domains, you know, on their
own and assigning their own numbers. It's not like you can exert
control over the Net that way. But never mind. I don't want
to...
COMMENT: It fits most people's definition of God. The circle whose center
is everywhere, whose circumfrence cannot be found.
PM: The Net is organized basically without any -- the Net has no
knowledge of what borders are. Okay? I can communicate with a
machine in Finland as easily as I can communicate with a machine
in New York. One of the results of this is that when people in
one country are told, "Oh, you can't put this sort of information
up on your computer," well, generally speaking someone in another
country will offer to put the information up for them. And at that
point the attempt to control the flow of information is completely
meaningless.
Does everyone know -- there's this court case now in Canada where
the Canadian press has been forced not to say anything about the
court case. Well, of course anyone who's in Canada and is
connected to the Internet can read all the details that they want
to. Borders are completely meaningless. The U.S. government has
this interesting rule that you cannot export cryptographic
software from the United States. I'll get into that more later.
But one of the interesting results of this is that when people
have built large packages -- large pieces of software that
involve cryptography -- what they've generally done is to just
specify how the cryptographic pieces have to fit in, and people
in foreign countries have written a dozen or couple of dozen
lines of computer software to implement those things and put them
up on computers in Finland. For some reason putting this stuff up
on computers in Finland is really popular. I don't know why.
[LAUGHTER] Really, it is. The Network traffic between the United
States and France is dwarfed by a factor of five compared to the
traffic between the U.S. and Finland. It doesn't make any sense,
but that's the way it is.
But, you know, the Internet has changed the way many people who
are computer professionals now live. For instance, the chairman
of Autodesk, which is this very successful computer company,
decided that he didn't like living in the U.S. So he moved to
Switzerland, got an Internet connection and managed his company
from then on from there. I think recently he decided he wanted
to retire and hired another manager, but never mind; the point is
that the Net really breaks down barriers to information. You can
not restrict information to one country, you cannot keep
information from flooding around the world almost instantaneously
to any place that's on the Net.
Everyone is on the Net. The Russians are on the Net. People in
Singapore -- where the government of Singapore thinks that they're
exerting control over what books can be sold in the country, I
have news for them. Stuff going over the Net is far racier than
anything that they think that they're censoring at the border.
So here we have this wonderful Internet, and the problem with it
is it's completely insecure. The way it's been built right now,
anywhere I tap a line I get enormous amounts of traffic going by
and it's all conveniently already computerized so I can use
computers to listen in on it. If the N.S.A. wanted to build a
computer system to watch all the electronic mail going between
two countries, it would be nice, easy, feasible. There'd be no
problem.
This is a problem. Now the problem is of course easily solved
with cryptography. If you encrypt all your communications,
suddenly it's impossible to tap them. This is of course something
that the National Security Agency doesn't like, so they try to
do things like restricting the export of cryptographic software
from the U.S.
Well, I have news for you. Software is just information. Software
is no different from any other kind of information, and if I put
software up on the Net suddenly it's in every country in the world
within hours. Mysterious how this happens. This has happened
with cryptographic software several times. There's a fellow by
the name of Phil Zimmerman who wrote a nice public key
cryptography package called PGP, put it up on a machine in the
United States. Well, wouldn't you know it -- available in Italy
-- oh. By the way. Duncan has about ten copies of PGP for
anyone who wants them. [LAUGHTER] We're having trouble
controlling the distribution of cryptography software here.
[LAUGHTER]
Anyway. Sorry. Flying disks. Yes. But seriously, that's as
easy as it is to get your hands on cryptography software these
days. It's all over the Internet. People can download it from
Finland, from Italy, from France and England. It's everywhere.
And the N.S.A. doesn't like this, either.
Now stepping back from that for a moment, I'll mention that we've
talked about ordinary applications for cryptography up to now:
how to keep your communications secret using cryptography. We
touched earlier on the fact that you can do banking using crypto-
graphy. Now why would this be particularly interesting? Well,
this guy David Chaum, in Holland, came up with a system -- and
I'll just ask you to take this on faith -- you can read a book
like Bruce Schneider's book [Applied Cryptography] later if you
like and figure out why this would be so -- but it is possible
to construct a money transfer system in which it is guaranteed
that all parties are anonymous and no parties have to trust each
other. Now that's a really neat feature, isn't it? You don't have
to trust the other parties, and you don't necessarily have to know
who they are.
Now remember that the Internet allows communications to go all
over the world now. So let me give you the following little
scenario. Let's say that I had a little pocket computer in my
-- you have an Apple Newton, don't you? Is it with you? Let me
hold that for a minute. Now I don't know if people are aware, but,
you know, this is as small as computers have gotten and in fact
this is large compared to the HP100. There's a very powerful
computer here.
It even has a communication link so it can talk to other computers.
Right here. I can keep it with me. Let's say that I'm sitting in
a cafe in the East Village, say, and I'm going to meet up with
this guy who has promised to give me this contraband I've been
really interested in -- nude pictures of Nancy Reagan. Okay?
So he shows up in the cafe. You know, I've never seen the guy
before. Never mind. I look at the pictures. Yes, I want them.
We both get out our little computers, put them in front of each
other. Each of us presses a button and suddenly I've paid him
$10,000 which I've extracted from my offshore bank account over
the Internet, handed to him and lord knows what he's done with
it. He might have sent it for all I know to the same bank or to
one on the other side of the world. No way to know. No way to
trace it.
Now U.S. banking law says that I can't do business with foreign
banks inside the U.S., but it's very difficult in the presence of
strong cryptography to know whether or not I am communicating with
a foreign bank. Or to regulate the transport of money.
If you're living in the underground economy and you're dealing
with cash all the time it gets very cumbersome, you know? You're
carrying around $10,000 in cash. It's a big wad of bills.
Keeping cash in your home is inconvenient, moving cash around is
inconvenient. It's dangerous. You can't get interest paid on
your cash. So what you really want is offshore banking, but
offshore banking has been inaccessible to people. Well, this
might very well blow that wide open, and I'm certain that the
I.R.S. and the N.S.A. dislike this possibility.
Imagine what happens if half the population finds itself able to
function in the underground economy with all the ease with which
they can function in the above-ground economy right now. They've
got their bank, they've got -- you know, they can make investments
if they want. They can transfer money. Hell, it's more conven-
ient. It's much more convenient than the way we do things right
now, and I can clear and transact -- right now if I wanted to,
say, a credit card transaction, you know, a merchant has to be
set up to do a credit card transaction and it's really risky.
Someone can steal the credit card numbers, etc. This is
extremely secure, and I can exchange information with anyone and I
can do it using ordinary equipment that I can buy off the shelf.
That's another thing that I want to point out here. Every computer
is dangerous to them. Every single computer in the world is an
extremely high quality cypher machine if it has the right
programs, and programs are really easy to copy. They're as free
as air. They move very fast. I can throw one -- pretty
inaccurately, but never mind. Anyway -- flying software, faster
than the internet... [OVERLAPPING COMMENTS AND LAUGHTER]
The people in Fort Meade, you know, at the N.S.A. --their offices
are known as the Puzzle Palace to some people, largely because to
a large extent what they do is they spend their days worrying
about really intricate mathematical problems. And there's -- I
suspect not much that makes the people in the Puzzle Palace more
nervous than the notion that equipment that anyone in the world
can buy for a couple of hundred dollars can make it impossible for
them to tap some communications.
It's incredibly cheap -- cryptography software is virtually free
right now. Almost anyone can get software that's really good for
free. And computers are cheap. And you can't keep the software
from moving around. This is probably the stuff of their
nightmares.
You know, remember that their mission is to listen in on every-
thing, and they're faced with the threat that they may be able to
listen in on nothing. Compound that with the fact that then we
have these science fiction scenarios of people able to conduct
untraceable, unwatchable transactions without the I.R.S.'s all-
seeing eye being able to detect it -- or FINCEN's.
How many people here know what FINCEN is? I'm curious. Okay, we
have two or three people who know what FINCEN is. Do you know
what FINCEN is, sir?
MALE: No, I don't.
PM: FINCEN is the government agency that collects information on all
of your large bank transfers and tries to note if you are engaging
in a pattern of criminality with them. Right now it can only watch
all of your transfers over $10,000, or things that are
suspiciously close to $10,000. They would like to watch all of
your bank transactions. This is all in the name of...
Oh, by the way. Does everyone knows what the Four Horsemen of the
modern governmental Apocalypse are? The excuses for virtually
every civil rights reduction that's happened in the last few
years. The Four Horsemen are: terrorists, drug dealers,
pornographers and child molesters. Okay. Now all the time
you're told, "But what if terrorists got their hands on
cryptography technology?"
By the way, the answer to this is that anyone who wants to get
their hands on it -- let's put it this way. This book [Applied
Cryptography] can be purchased in any bookstore. Explains
everything about the state of the art in modern cryptography.
Any of you who knew enough about computers could pick this book
up and write software probably good enough that the government
could not listen in on your communications. Trying to keep
this stuff out of the hands of anyone is rather difficult. The
horse is already long out of the barn.
1
0
But unfortunately, the Four Horsemen of the Apocalypse are still
there and the government is trying to use them as an excuse right
now. How many people saw the articles on the front page of the
New York Times about Clipper? Okay. A bunch of people have.
How many people saw the front page article in the New York Times
about the F.B.I. Digital Telephony Bill? Ah. Fewer people. I'll
start with the F.B.I. Digital Telephony Bill, because it's much
easier to understand.
The F.B.I. is not satisfied with the fact that our phone system
is not like the phone systems in Eastern Europe, and wants it to
be that way. [Laughter] They want the capacity to be able to
push a button in Washington at any time they like and tap any
telephone in the country at will. That's basically it in a
nutshell.
They claim that they need this capability because modern digital
telephone systems are becoming increasingly difficult to listen in
on. Computer Professionals for Social Responsibility did an
F.O.I.A. [Freedom Of Information Act] request on the F.B.I. and
managed to get documents which said, "By the way, we know this is
a lie but we're trying to get this bill through. So please lobby
for it." In fact no one has ever found that they have any
difficult tapping the existing telephone systems, but never mind
that. They are saying that because of advances in technology
they need the capacity to be able to sit in Washington, push a
button and listen to any telephone conversation in the country
at will. This is of course in order to stop the terrorists, drug
dealers, pornographers and child molesters. If they can find some
one who is all of those at once I am sure it will make their day.
Anyway, at the same time the National Security Agency has been
having these nightmares about cryptography so they've gotten the
Clinton Administration to front for them on a really, really
stupid idea.
MALE: Ten copies of the Justice Department announcements, the five
press releases from a week ago.
PM: Okay. Well, basically what's happened -- maybe we'll pass these
out in a minute -- is that this has been in the works for some
time and people have been fighting it, and so many people have
been fighting it that we thought it was dead, but it seems to
have come back from the dead. The government wants you to use
their cryptosystems.
What they want is they want to give you a little cryptography box
called "Clipper" that you can use, so that you don't have to
complain that all of your communications are insecure. But
Clipper has a built-in bugging feature in it, so that if the
government wants to listen in on your communications they can do
so.
Isn't that special of them? And they expect that everyone in the
country will want to use this.
MALE: And each one's got a serial number.
PM: Yes, yes. The way this basically works is that they store
basically the equivalent of a master key to the cryptography
system inside -- I'm trying to keep this from being too technical
-- essentially every time you use the Clipper chip to communicate
with something that also contains a Clipper chip, well, what it
does is it includes information about the key you are using in
the data stream that it sends to the other machine, and it's
encrypted with an encryption key that is known to the government
-- to keep everyone nice and honest. You know, we don't want to
keep those terrorists, child molesters, pornographers, drug
dealers from being able to encrypt things.
(Ie: "We're your government. Trust us, we know what's good
for you; but we don't trust you.")
However, they say that this standard is voluntary. Now if you
were a card-carrying terrorist would you use the government's
cryptography system, especially if it's voluntary to use it?
No. What you're probably going to do is go out and get yourself
a decent cryptography system. Hell, if you're actually being
armed by the Libyans they probably have nice KGB crypto equipment
that they can hand to you. You don't have to worry about going
to the store to buy your cryptography equipment.
So in general the notion that they can impose this as a voluntary
standard for encryption, which you're not compelled to use, is
ludicrous, and almost everyone in the community thinks that what
they're doing is preparing to try to ban all forms of encryption
other than the ones that they specifically approve. So we've got
these two interesting government movements right now, the one to
make tapping all of your telephones easier and the one to make it
easy to decrypt the communications on the telephones that they've
made it very easy to tap.
I thought that the Berlin Wall had fallen and the Stazi was out
of business, but apparently they've all just moved to Washington.
[Laughter] It's kind of annoying. But on the other hand, ignoring
all of this, they're -- by the way, I'll mention that every
industry group, groups like the Electronic Frontier Foundation
and Computer Professionals for Social Responsibility, all the
trade magazines, everyone on earth has come out saying this is a
stupid idea.
DM: The 700 Club did a ...
PM: The 700 Club actually did a story about how evil the government's
cryptography plan is. It's amazing. Everyone and their mother
has come out against this, but it doesn't seem to matter.
According to an article that's going to be published in next
month's "Wired" several administration officials have admitted
that this might be their Bay of Pigs, something really stupid that
they inherited from the previous administration, which they did,
which they're going to push forward anyway full steam ahead.
MALE: So whose head's going to explode like a flying -- you know, in
Dallas -- as a result of this thing?
PM: I don't know. Well, anyway, so -- now ignoring what the
government is trying to do to stop cryptography, I'll point out
that all is not rosy with cryptography. You can encrypt your
communications, you can try to be really careful about all of the
dealings you do, and if you try to live, say, purely in an
underground economy one day you sit in a caf with the wrong guy
and he pulls out his I.R.S. credentials and says, "Can we do an
audit, please?"
Now it might be difficult for them to be able to spend the
resources necessary to try to track lots of people down for
abusing this sort of thing. In fact, I would argue that there's
no way that they have all the resources necessary to do that.
But nonetheless, let's point out you can't do everything in
cyberspace. You can't live in cyberspace. You have to live in
a home somewhere. You have to go to the corner store to eat.
You have a physical body. They can still get you. They
can still pass laws to try to restrict your freedoms.
Cryptography, however, does make them much weaker in many ways.
One of the things that's been pointed out repeatedly is that
government feeds on money. The lifeblood of government is money.
If they don't have money -- what traditionally happens in a Third-
World country that's experiencing hyperinflation? At some point
the soldiers discover that their pay no long will buy them food,
and they start revolting. Government workers are like everyone
else -- well, sort of like everyone else, but [LAUGHTER] --
government workers do have families, they do have mouths to feed.
They need to be paid. And when the government tries to print
money to pay them the money becomes less worthwhile. So they
depend on taxes in order to be able to control people.
In an environment where it becomes increasingly difficult to tax
activities, it becomes increasingly difficult for the government
to exert control over the population. In fact, the more people
move into some sort of cryptographic black market, the more
difficult it becomes for the government to try to stop it because
the fewer resources the government has. It's sort of a vicious
cycle for them. They need to have money in order to try to get
money, and the less resources they have to -- actually, Duncan,
you know this off the top of your head. How many millions of
Americans are thought to evade taxes right now?
DUNCAN: The Feds say officially there are ten million nonfilers who should
be filing, and at least another ten million filers who file
incorrectly on purpose. That's out of 114 million personal tax
returns filed last year, down from 117 million predicted. They
undershot by 4 mil.
FEMALE: They had like 900 convictions out of ...
PM: How many convictions were there for tax fraud last year?
DUNCAN: It's only about three or four hundred a year.
PM: In spite of this -- it's very, very difficult for them to expend
the resources to try to get a tax fraud conviction.
DUNCAN: It costs $50,000 bucks, or -- and then you got to imprison 'em. I
mean it costs half a mil or a mil.
MALE: Usually there's one other factor, and that is that there's only
one Treasury agent per 900 filers. So the enforcement bureaucracy
is actually very small. This came up in the debate over the gun
issue, where there's a mention of 240,000 gun dealers and about
one enforcement bureaucrat for every 240. That's a highly
regulated field by comparison with general tax filers.
PM: Anyway -- Dave points out that I'm kind of dragging this on, and
we should open it up for questions.
MALE: ... one other factor that hampers the I.R.S.?
PM: Yes?
MALE: They've got infiltrators.
PM: Oh?
MALE: There are people in the I.R.S. who are on our side.
PM: Okay. Anyway, if we're done with the major, initial part of the
talk -- I think we made some of the interesting --I've missed
talking about a bunch of things, like the fact that you can put
-- there are all sorts of neat things people have discovered
about cryptography over the years. You can play poker with people
by computer without having to trust the dealer or any of the other
players, and you can mathematically prove that no one has cheated
in the course of the game.
There are all sorts of neat tricks that cryptographers have come
up with over the last few years, and if people -- anyone with a
mathematical background, I strongly encourage you to go out and
buy a copy of one of the books on the subject. Actually the best
book on the subject right now is Bruce Schneier's Applied
Cryptography. This is a technical text. If you're not interested
in cryptography on a technical level, if you stopped with math
before algebra or something -- I'm not trying to denigrate anyone.
Some people are not interested in math. There's nothing wrong
with not being interested in math. But this is a math book,
basically. It's full of math. If you want to know the details,
however -- published by John Wylie & Sons.
There are some very good books -- it'll be up here. If you're
interested in the history of cryptography, David Kahn wrote an
extremely good book that only covers the world up to about 1970.
He mentions the N.S.A. These were the days before they admitted
that they existed, but he has chapters discussing them. The book
is called The Code Breakers, by David Kahn. It is still an
interesting book to read, because it gives you some idea about
how hard it is to produce good codes and how important it has
been in history. Most people are completely unaware of the
historical importance of secret communications and breaking
secret communications.
MALE: The British government for about seventy years claimed they
weren't breaking any telegrams, and in fact they were taking
every one into a room and trying to ...
MALE: The N.S.A. lied about it for years, also.
PM: The so-called Black Chambers. All through the 19th century
virtually every government in Europe had something called a
Black Chamber, which was the room into which all diplomatic
correspondence coming into and out of the country was brought to
be read. Most of it was encrypted, but some countries had pretty
good cryptographers. This has been going on for centuries.
There is nothing new about this. The only thing new about this is
that suddenly world-class cryptography is in the hands of
everyday people.
Lastly, there's a great book about the N.S.A. that Lou mentioned
a moment ago, called The Puzzle Palace by ...
DM: Bamford.
PM: The Puzzle Palace is, again, about ... (Inaudible; overlap)
DM: It's available in cheap paperback. Very good book.
PM: Oh, by the way. If you get a copy of The Codebreakers by David
Kahn, do not get the paperback. Get the hard-cover. The text is
different. The text of The Puzzle Palace in softcover is exactly
the same. It's a really good book. It's unfortunately about a
decade old, but it covers them in an enormous amount of detail.
Most people are completely oblivious to what the largest
intelligence agency in the U.S. is. You should inform yourselves.
DM: So let's open it up ...
PM: For questions.
* * *
Q: I don't understand the details of Chaum's method of electronic
banking, but I thought it required that the bank would issue
essentially denominations of bills that were public keys.
PM: Are they publicly keys? I could go into the details, but I don't
know ...
Q: My point is, how do you get this going without the cooperation of a
bank?
PM: Form your own bank. That's basically the answer. You have a digital
bank that issues digital money, basically.
MALE: If you have a couple of hundred people you can form your
own credit union.
PM: In fact there are some people in Texas who are now forming a credit
union on the premise that the credit union is going to permit people
to make electronic cryptographic transactions.
MALE: The problem with this digital bank and any other under-ground economy
is that if your digital cash is stolen or if this digital
underground economy collapses you will have no recourse in law
enforcement, in civil suits or FDIC insurance.
PM: Well, first of all -- I don't want to claim that the FDIC is a
wonderful thing here, but even assuming that it was I honestly trust
AAA-rated Swiss banks far more than I trust any bank in the United
States -- or the full faith and credit of the United States
government.
MALE: Here, here.
PM: Which is going down every day as the deficit increases.
Q: But who issues digital cash?
PM: No, the point is that you cannot steal digital cash. It doesn't
work that way. You can -- now the bank can defraud you. You
admittedly have to trust your bank. However, you cannot really
steal digital cash. It doesn't work that way.
MALE: It's protected using encryption. It's very complicated.
Q: Are you claiming that Virtual Virtue has been invented?
PM: No. I'm claiming cryptography has been invented. It does not --
the bank can defraud you. Someone cannot steal your digital cash.
Q: Why wouldn't this be an attractive notion to most Americans, and
subsequently why would this seem to be a scary notion to the
government?
PM: I will explain it to you right now. In this city, most people think
that most people comply with the tax regulations and with Federal
regulation. New York City is one of the most fascistly-run places
in the United States, so it would not be surprising that we have the
most thriving underground economy. Go downtown to Chinatown and you
will find building after building after building of off-books
businesses: clothing manufacturers, import-export businesses,
everything you can imagine, being run in a completely underground
manner.
The garment industry would not exist in New York City if it was not
for the underground economy in New York City. Okay, forget what
middle-American people will do. The underground economy already
exists, and this sort of thing is going to move forward and there's
probably going to be demand from people who are already in it.
As for the question of "virtue", as I said I would go into the
cryptographic protocols in detail, but -- you cannot be robbed of
your digital cash from your wallet the way that you can be robbed of
real cash.
MALE: They can't rob you any more than a regular bank can.
PM: It's not actual cash. It's really an anonymous transfer.
Q: Doesn't digital cash (?) to the maximum capitalists and fascists,
too, or are we just catching up with things?
MALE: This is a problem.
PM: Whether you like it or not, it's there. The computers are out there.
The technology has been invented. It cannot be uninvented. It can't
be put back in the bottle. There are tens of thousands of people in
this country who understand how to build these things. At this point
it's impossible to stop it. So whether you like capitalism or don't
like capitalism, whether you like technology or dislike technology,
this is a reality. I would advise personally that you try to use it
to your benefit. Perhaps other people have different opinions.
That's what I would think.
Q: A two-point question. First of all, have you seen the article in the
Humanist(?) about digital cash?
PM: I'm afraid I have not.
Q: Have you?
DM: Can't say I have. No.
Q: Okay. Secondly -- now the promo for this talk says it'll make the
State a thing of the past.
PM: I think that's something of an exaggeration.
DM: Basically what we're talking about, and it remains to be seen how far
it's going to go, is the withering of the State in the sense that
governments can no longer say -- now they can say we won't let this
book cross our borders, you can't do certain kinds of financial
trans-actions, you're not allowed to read this stuff, you're not
allowed to make bootleg copies of this record. All this stuff is
going to be going on more and more, and it's unstoppable by the
government. So in other words, a lot of these laws are just
unenforceable, superfluous, as this stuff starts travelling over the
Net in encrypted forms.
MALE: That's victory to some extent.
DM: Right.
PM: Oh, yes. It is very much -- it's sort of the exponentiation of (?).
As soon as you allow in -- the Chinese discovered this at Tiennamen
Square. Fascists and totalitarian governments and Communist
governments have known this for a long time. You want to keep the
copy machines in your country as difficult to get to as possible.
You want to keep the telephones difficult to get to, and make them
bad and tap them all the time.
You want to restrict the flow of information. One of the things that
happened after Tiennamen Square were these informal fax networks came
into existence all over China, and within hours people all over the
country knew the truth about what was going on.
Information from satellite broadcasts and from foreign radio stations
got in and swept over the country. This just compounds that problem.
If you're going to take part in the modern world, if you're not going
to be like Albania, you're going to have to allow in the Internet.
As soon as you allow in the Internet, people are going to start
exchanging data. As soon as they start exchanging data some of that
data might be encrypted, and you have no way of knowing what it is
that they're bringing in or putting out. You can't control it, not
short of controlling every single computer that exists in your
country.
Q: Has there ever been a case where the government has broken the code
and ... (Inaudible; overlap)
PM: In the thirties all the time. Bootleggers would use primitive
cryptographic systems to communicate with each other and would get
hauled into court. In fact Kahn's book, The Codebreakers, talks a
lot about this. You bring up a very important point. Not all
cryptography is good cryptography. The program WordPerfect is really
popular out there. It has a little function that will let you save
an encrypted version of your file. It's totally useless. With a
couple of milliseconds' worth of work, another program can just
break that wide open.
You need strong cryptography. Just any cryptography won't do.
Insist on -- but in the past very often people using secret codes
for communication have been hauled into court by the United States
government. It's happened.
Q: Were they drug dealers?
PM: In Prohibition they were drug dealers. Yes.
Q: Recently.
PM: Recently, no. It has not happened recently. One of the things
that's very strange is that more of them are not using cryptography.
There are companies in the U.S. that will sell you commercially phone
scramblers that are really, really good.
MALE: [INAUDIBLE]. I'm not sure who is reading my mail. It takes a lot of
effort to do something, to cause anarchy to happen, and everyone
would have to be involved, and I don't see that there's any payback.
PM: I disagree for the following reason. First of all, the people who
know these programs are reasonably smart, and most of them are
actually talking to each other right now. And there are real
attempts made to try to make sure that they all communicate with
each other fairly well. This is intentionally so that people do
not face the question of having: "Well, I've got Encryption
Program A and you've got Encryption Program B. Yes, we can talk."
One of things also by the way in public key is that it makes it easy.
Just so long as I know that you're -- Duncan can give you two disks.
If you want you can just throw one at one of your friends. Hopefully
he'll catch it and it won't hit the floor. And you don't actually
have to communicate with each other in advance or communicate with
any of your other friends in advance in order to exchange information.
You just have to have compatible software. And the marketplace is
taking care of that, because people want to communicate with each
other.
MALE: But it is not anything the government can't regulate. I know you
say that it can't, but you can regulate it that kind of stuff.
PM: They can try to stop it.
MALE: I don't see any way [INAUDIBLE] ...
MALE: It also benefits me. I may consider that I benefitted from breaking
Midway(?) codes or Atlantic codes or whatever it is. [INAUDIBLE].
PM: Well, there might be benefits to you, but unfortunately it's --
whether this is fortunate or unfortunate in fact, it's not your
choice. It's not up to me, it's not up to you, it's not up to
anyone. The cat's out of the bag.
MALE: It's not.
PM: Oh, yes, it is. Anyone can buy a copy of this book.
MALE: I can get anything I want off your computer. Anything I want.
You send any kind of electronic mail, I can get it (?).
PM: How?
MALE: There's always a way.
PM: No. I'm an electronic mail administrator. There are ...
MALE: I can use a rubber hose cryptosystem.
PM: Yes. Admittedly. I can come up to you and I can beat you up. At
which point what does it matter?
MALE: I can change your computer so it doesn't -- I can monitor your
keyboard, watching you type. I mean there's all these ways. It's
not a question of [INAUDIBLE].
PM: It becomes very rapidly prohibitively expensive ...
(Inaudible; overlap)
DM: There's a question of how much it'll cost the government. There are
estimates that if the N.S.A. used every computer they have and they
ran it for eighty years nonstop, they'd be able to break -- you know,
it's like angels on the head of a pin. I mean ...
PM: He points out very correctly that if they're willing to spend enough
money they can monitor -- they can break you. On the other hand,
it's extremely expensive for them to do that and cryptography is
really cheap. In fact if you have a computer already cryptography
is absolutely free. Now admittedly, computers are not absolutely
free. But anyone who has a computer right now, anyone who has a
computer right now can communicate with anyone else who has a
computer right now securely, securely enough that what they spent a
couple of hundred dollars setting up the government will have to
spend tens of thousands of dollars trying to go after.
MALE: It's actually millions probably.
PM: Not necessarily. If they come after you with rubber hoses it might
be relatively cheap ... [LAUGHTER]
MALE: Forty dollars.
PM: You say things like, "Well, I have to coordinate these things, and I
have to come up with..." Yes. Admittedly you have to have standards.
But remember, most people in the world who do technical stuff very
naturally try to follow standards. You won't go to the average
telephone store and buy a telephone that does not plug into your wall,
and that's not because they particularly like you or they
particularly like modular jacks; it's because they want to make sure
-- because they know that if you buy a phone that doesn't plug into
your wall -- well, you won't buy a phone that doesn't plug into your
wall. Put it that way.
DM: Perry, you know, keep in mind that a lot of this stuff is the
ground floor. It's square one, whatever, and the idea is to let
people know what's going on, let people know what the problems are,
let people know what the solutions are now, and maybe five years
from now -- again, the problem I sort of hinted at before was that
because it's still early the government's trying to do things like
slip in the Clipper chip and stuff to prevent these things before
they happen. It's just important for people to know about this
stuff. As time goes by new systems, new software, will have all
this stuff built into it and ...
MALE: You won't even know you're encrypting.
DM: Yeah.
Q: What about the falling price of processing power?
PM: Well, this has two interesting effects. There is an extent to which
this makes it easier to crack codes. However, not as much as you
would think.
Q: What about lengthening the number of digits in the prime that you ...
PM: We won't get into these details, but basically one of the features
of things like public key cryptosystems is that if you have twice as
much computer power lying around you can encrypt things much more
securely using the same amount of time and it takes exponentially
longer for the people who are trying to break what you've done.
MALE: Not only -- as processing power falls -- it is cheaper...
PM: It becomes faster.
MALE: As the specific cost of processing falls, of processing power falls,
it becomes progressively cheaper to use longer and longer keys,
which cost more and more time ...
FEMALE: Witfield Diffy says to use three crypto scans ABA.
PM: Well, that's DES. Never mind. We're getting into details that we
shouldn't, probably.
MALE: The point is the cheaper ...
PM: As computers get cheaper, it will become harder for them to break
codes using non-rubber hose techniques. That's true.
MALE: Decryption becomes more costly.
DM: Steve, in the back.
STEVE: First of all, it's been very interesting subject, thanks but I'm
goin to rain on your parade... A couple of things come to mind.
[INAUDIBLE]. One thing of course is the issue of acces. Most of
the population doesn't have access to the equipment, and certainly
if they have access to the equipment have very limited knowledge,
and really it winds up ... [INAUDIBLE] ... being a very small group
of individuals. [INAUDIBLE] ... If we're talking about this in the
context of -- this is creating a new, nonauthoritarian society, that
can't be done by a small group of individuals acting through an
Internet or electronic data process. It requires a [INAUDIBLE]
social organization. You know, you mentioned Tiannemen Square.
Well, the efforts [INAUDIBLE] ... You get an Army that is willing
to repress the rest of the population for the resources of the rest
of the population. As long as that happens ... [INAUDIBLE] ...
One other thing I should mention, when we talk also about the issue
about people pulling out, about the underground economy -- one you
mentioned, the underground economy of Chinatown. I'm not sure
[INAUDIBLE] ... exactly a model we'd want to impose for the rest of
society. Suppose you get a lot of people to stop paying taxes
[INAUDIBLE] ... without an overt social organization when
sanitation services collapse and social services collapse -- unless
you're [INAUDIBLE] ... It comes back to ultimately what anarchy
1
0
is about is it's a new form of social organization. [INAUDIBLE]
The umbrella is that I think it can be an important tool, but ...
PM: Answering your points -- I don't entirely disagree with them, but
I'll point out that the technology is actually very cheap. It's
not free, but it's cheap enough that people we would consider to
be extremely poor can afford it at this point. You can get a
computer that can link you up to the Internet for maybe something
on the order of $100 if you try hard right now.
MALE: I could do it for $5. A VIC-20 and a VIC-20 modem are essentially
free.
PM: Well, you have to find one. That takes some time.
MALE: It's in somebody's closet.
PM: The other thing is Internet service is actually fairly cheap right
now. For about $10 a month -- actually, if you count the cost of
having to have a phone line around, call it $20 a month -- you can
be on the Internet. And the price is only going to fall with time.
It's admittedly not free, but it's not out of the capability of
ordinary people to pay for. You're right that most people don't
know this is an issue -- which is why we're here. It's not -- and
I'll also agree with you that so long as the government has the
capacity to shoot people en masse if it so desires, the State will
continue to exist.
This is not a panacea. It's just a tool. There are people out there
who are extremely enthusiastic about it. It might be a really neat
tool; a really good tool. But it is just a tool. However, if
people did in fact pull out of the economy in a big way, at least
out of the above-ground economy, or as De Soto refers to it, out of
the formal economy -- as opposed to the informal economy, because
after all, you know, why should you refer to it as a black market?
It's a market for honest people, not a market for dishonest people.
As more people enter the informal economy, being able to pay for the
tanks and pay for the people to stand behind them becomes more and
more difficult. Admittedly though, you're going to need to be able
to provide alternate means of society organization.
There are all sorts of issues that come up. This is not the answer
to everything. It's just a really, really important tool you should
know about. Yes.
FEMALE: Just to get back to the issue of digital cash. When Leonard(?)
talked to Chaum(?). What he wants to do is develop a card reader
for your PC, so you can download cash onto your card in your home
from your bank, wherever it is.
DM: Citicorp already offers that service.
PM: But it's not terribly secure.
DM: It's admittedly not secure, but they do offer it.
PM: It's also not anonymous.
FEMALE: They have a debit card, do they?
DM: They have a debit card. If you go to their Queensboro center in
Long Island City you can see -- there are sample machines up there.
They use it for all electronic transactions.
FEMALE: And so they give you a sort of -- they charge you ...
DM: It's like five dollars a month.
FEMALE: You have to rent this? [INAUDIBLE; OVERLAPPING VOICES]
PM: It's not purely abstract money in the sense that digital cash is not
a form of currency. It's really just a way of doing anonymous
transactions. You can be doing anonymous transactions against bank
accounts backed in dollars or yen or gold or whatever else your
heart desires. It's really just a way of simplifying the concept of
doing anonymous digital transactions. It's not really in and of
itself a currency.
MALE: Right. That's the part that's hard to imagine. [INAUDIBLE]
PM: It could not be. That's not the way that it's designed to work.
FEMALE: How do you generate such a system without trust to begin with? I
mean -- I've got $10,000 in my Swiss bank account, Perry, and --
alright, here you go. Turn it into digital cash for me. But --
I mean you have to act as a banker for me, right? And there's
just...
PM: Someone has to act as a banker for you. I suspect very soon it will
be your Swiss bank, whom you already trust. Or it will be some --
you already have to trust someone. People ...
FEMALE: But you've got the FDIC behind it in CitiBank... [Inaudible]
PM: But there are people who trust their money to Swiss banks right now,
and Swiss banks don't fail. And they don't, generally speaking,
commit fraud.
MALE: People lost money on FDIC-insured accounts because of inflation, so
you can lose money on insured accounts.
PM: Well, anyway, the point is yes, you're right. There is a question
of trust involved. You have to trust some of the people that you
are doing transactions with. If you have a banker, for instance...
MALE: Use several banks.
DM: We may develop methods -- protocols -- which will allow you -- I
can't get into this, because it hasn't been done yet, but it's
possible. You may be able to deal with a financial institution that
has wide-open books. The books are published in electronic form,
kept on the Nets, so that anybody can check their account and they
can even check everybody else's account -- except they can't check
the balance. They can just tell that nobody's screwing around with
it -- in a way that cannot be easily defeated.
PM: There are some neat protocols people have come up with for doing
anonymous cryptographic auditing. Again, however, there are ways
of committing fraud -- say, that the bank is actually dealing with
something being backed by gold. You know, one day they could bring
up trucks, take all the gold and leave everyone hanging.
DM: There's always a way to do that.
PM: You could do that with banks right now. If you go to the super-
market you can hand the guy your dollars, he can pull back the
groceries behind the counter and just refuse to give them to you.
You know, you can go to the park and you can give the guy your money
and he can fail to deliver what people go to parks for these days.
Look. There are always issues of trust involved. I'm not going to
address that. That's a wide open issue. It's a huge issue.
FEMALE: There's no paper trail involved. If I make a deposit and you give
me the goods, what record do we have that this ...
PM: I can -- there are paper trails. There are receipts.
DM: No, there are. It's complicated.
MALE: It's not paper.
PM: They're not paper, but I can demonstrate to an independent auditor
that I did in fact deposit the money and that these have been the
transactions I've done.
FEMALE: But then in fact does it not eliminate the beauty of ...
PM: No. I would have to reveal -- only -- if I want to go to an
auditor, I can choose to reveal my identity to some limited extent.
I could for instance -- I could have an anonymous account. There
can be nothing recorded on the account in terms of name or address.
But I could show someone all the records for the account to
demonstrate that the bank is lying and that there is a certain
amount of money in that bank account and that they've not been
telling the truth. There are audit trails possible. Yes, ma'am.
Q: How can we sure that the software we use does not already have
master keys included? Or get included as time goes on?
DM: Because you can look at a PGP for example -- I don't know how much
you know about computers, but there's source code. I mean you can
look at PGP, this program that's public domain that's distributed
all over the world. You can look at the program itself and see
exactly how it works. It's well documented.
PM: The program is distributed in source code. You can recompile it if
you want. You can read all the codes.
DM: You can. You can look at the codes.
PM: Many people have read it. In fact the code is fully available.
Many people have read it. You can compile the code yourself.
However, I'll point out that there was an ACM Turing Award talk by
Ken Thompson where he proved that there is no way ultimately to
completely trust your computer systems. There is also no guaranty
that when you lie down next to your lover this evening that they're
not going to take out a huge steak knife and plunge it right into
you. There are no guaranties, folks. However, to a reasonable
degree of confidence you can be sure that the software is free of
holes.
DM: We only have a couple more minutes, so -- a couple of quick
questions.
Q: [INAUDIBLE]
PM: Well, I don't know. So far as I know, the United States government
has never brought a prosecution against a foreign bank for doing
overseas transactions. They can't. It's not their jurisdiction.
Presuming that you are doing your transactions with a bank in the
Bahamas, I don't think that the government -- the government can
charge you with RICO violations. It's unlikely that they can
charge anyone else with them. Any other questions?
Q: [INAUDIBLE]
PM: You can start -- it's likely you're not, but if you were interested
in started a digital bank and having a digital bank that, say,
backed its currency using a basket of commodities or wheat or gold
or anything else you wanted, you can do that. It's just a mechanism
for conducting funds transfer. Admittedly, it's abstract, and people
are probably never going to go up to a gumball machine and stick in
their computer in order to get a gumball out. And in fact people
are probably very unlikely to use it for everyday ordinary
transactions. But I'll point out one thing. If you have an
offshore bank account you can get an ATM card for it and you can
walk into an ATM machine anywhere in New York, stick it in, withdraw
cash -- your name, your true name, is not necessarily recorded
anywhere. You can walk to an ordinary supermarket and pay in
ordinary cash if you like.
MALE: [INAUDIBLE]
PM: Well, it is legal.
MALE: [INAUDIBLE] You come into issues of how -- as the money forms
develop towards that, how other things that were previously stable
may become more and more unstable, you know, which suggests to me
that the further this thing goes the higher level there is going
to be of barter.
PM: This is more an economics question than a question about crypto-
graphic technology. I'll agree that there will be interesting
effects as a result of the advent of digital cash, and that we can
probably not predict what all of them will be. At the same time,
we probably can't stop it.
DM: I think we have to wrap it up in about two seconds.
MALE: May I risk of delying the obvious -- at one time you were told that
the only secure crypto was the one-time pad. What we're saying now
is that here's a form of crypto that you can use all the time,
every time, and that you should encrypt.
DM: One-time pads are impractical, and you don't need -- you don't
necessarily ...
MALE: They're ancient history now.
PM: They're still in use.
DM: Well, maybe, maybe not necessarily. They're still used. I feel like
I have to make just one comment to save my ass here before we break
up, and that is -- Perry -- I've tried to avoid this because we
probably agree on more or as much as we disagree. Perry considers
himself an anarcho-capitalist. I am an anticapitalist. I have
problems with the whole idea of digital cash, with the whole idea of
money. I'm against money. I'm against cash. I don't like banks.
We don't have time to get into that now, but I just wanted to
mention that, and also -- for all my friends here who think that
I'm a traitor -- also, that ...
PM: They'd never think that about you, Dave.
DM: That stuff is all controversial and you can debate about it, but
-- I mean the basic -- I hope that we got the basic ideas across.
The whole business about digital banks, digital cash and whatnot,
you know, do what you want with that, but -- that's gonna vary with
your particular political slant. I think that's probably it.
Q: Do you want to share?
DM: Yes, I do.
[APPLAUSE]
--------------------------------------------------------------------------
1
0
Forwarding message by scmayo(a)rschp2.anu.edu.au
--------------------
From: scmayo(a)rschp2.anu.edu.au (Sherry Mayo)
Subject: What motivates Crypto-folk?
Date: 29 Jun 1994 08:14:16 GMT
Organization: Australian National University
The question in the subject of this thread may seem dumb to
some people in this group, but I'm curious about how varied
the motivations of crypto-using people are.
I got PGP running on my machine a few weeks ago because I liked
the idea of being able to communicate privately if I wanted,
as I felt that email was much more insecure than other forms
of communication. I started reading some of the crypto stuff
on WWW and noticed a political trend in the motivations of many
of the people who are 'big' in the crypto scene in the US. The
motivation for these people's interest in cryptography seems
to stem from a strong libertarian viewpoint, which
incidentally often seems to coincide with strong views about
the right to bear arms.
It may seem that I am being particularly naive in being
surprised by this but I am from the UK where libertarian views
of this kind are not so widely held. I have never held a hand
gun and have no desire to do so. Similarly my motivations for
using cryptography come simply from a desire for privacy from
Govt. and other snooping but NOT from the 'cyber-survivalist'
inclinations that seem to motivate some in the US at least.
I read some stuff on Vince Cate's WWW site by Tim May about how
crypto was going to bring down governments due to (legal?) tax
evasion by those who are computer literate . I have to say that
I think this is highly unlikely (and to be fair, Vince's site
included an article by Hal Finney agreeing with my view). I
know that Tim May's views are considered to be extreme by
some, but more moderate people seem to hold the view that
crypto and also cyberspace (god I hate these buzzwords) in
general herald an age of 'survival of the fittest' where those
clued up about computers will be able to take advantage and do
better due to paying less taxes etc.
Personally I have no desire to evade tax since I quite like
being able to drive on tarmac without holes, and having
schooling and health care provided for all with the richer
folk subsidising the poorer folk. I realise my views are
anathema to the libertarian and I'm curious to know if there
are other crypto users (I would NEVER call myself a cypherpunk
:-) who's interest stems from a left-wing rather than
right-wing viewpoint. I should point out that I consider tha
libertarian/crypto-anarchist views I've outlined above to be
an extreme form of the (right-wing) philosphy of individualism.
I'd never come across a right-wing anarchist before reading the
crypto groups - weird!
Your thoughts please,
SCM
1
0
Forwarding message by gtoal(a)an-teallach.com
--------------------
From: gtoal(a)an-teallach.com (Graham Toal)
Subject: Re: Bidzos life threatened?
Date: Thu, 30 Jun 1994 17:29:30 +0000
Please post who else NSA -- and its like -- has threatened
besides Bidzos
and PRZ.
Several years ago lots of British scientists died under
mysterious circumstances. They were generally described as
'defence scientists' but what a significant number of them had
in common was work in the area of surveillance. Several of
them were connected to UK's system X. I posted a long piece
at the time (now lost, sorry) hypothesising that what was
going on was internecine warfare betweem the UK and USA
governments departments responsible for fitting surveillance
assistance to their telephone exchanges for contracts with
foreign countries. (One UK govt official was found dead in
his hotel room in an arab country while there at a trade fair
in an unofficial capacity helping to promotye system X). At
that time the UK govt had a clear lead in selling bugged
exchanges because complete surveillance capability was designed
in to system X - the USA doesn't have it everywhere yet - just
in exchanges from co-operative suppliers. (Hence the 'wiretap'
FBI bill, to get everyone else to play ball too). The ability
to remotely monitor all the phone system of a foreign country
would be *extremely* valuable to an agency like the CIA or
GCHQ. Personally I don't doubt it's worth killing for, in
their view.
It was also my view when I suggested this hypothesis some years
ago that the phone systems were being sold to these countries
by telling the respective governments that *they* could use
them for surveillance purposes. My suspicion was that there
would be extra code buried in the switches that the customers
did not know about which would enable remote callers to use
the surveillance options too, without the host country or
telco being aware of them. This latter capability being top
secret and the risk of it being made known by disaffected
employees perhaps being the reason why some of them were
killed by our own security agencies. Hence why the multiple
suspicious deaths were never properly investigated (or at
least the investigations made public - MI5 couldn't expose the
USA dirty tricks without exposing their own.)
This is all highly speculative and I don't stand by it, I just
offer it as a hypothesis.
1
0
Association for Computing Machinery
PRESS RELEASE
__________________________________________________
Thursday, June 30, 1994
Contact:
Joseph DeBlasi, ACM Executive Director (212) 869-7440
Dr. Stephen Kent, Panel Chair (617) 873-3988
Dr. Susan Landau, Panel Staff (413) 545-0263
COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY
"CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL
WASHINGTON, DC Â A panel of experts convened by the nation's
foremost computing society today released a comprehensive report
on U.S. cryptography policy. The report, "Codes, Keys and
Conflicts: Issues in U.S Crypto Policy," is the culmination of a
ten-month review conducted by the panel of representatives of the
computer industry and academia, government officials, and
attorneys. The 50-page document explores the complex technical
and social issues underlying the current debate over the Clipper
Chip and the export control of information security technology.
"With the development of the information superhighway,
cryptography has become a hotly debated policy issue," according
to Joseph DeBlasi, Executive Director of the Association for
Computing Machinery (ACM), which convened the expert panel. "The
ACM believes that this report is a significant contribution to the
ongoing debate on the Clipper Chip and encryption policy. It cuts
through the rhetoric and lays out the facts."
Dr. Stephen Kent, Chief Scientist for Security Technology
with the firm of Bolt Beranek and Newman, said that he was
pleased with the final report. "It provides a very balanced
discussion of many of the issues that surround the debate on
crypto policy, and we hope that it will serve as a foundation for
further public debate on this topic."
The ACM report addresses the competing interests of the
various stakeholders in the encryption debate -- law
enforcement agencies, the intelligence community, industry and
users of communications services. It reviews the recent history
of U.S. cryptography policy and identifies key questions that
policymakers must resolve as they grapple with this controversial
issue.
The ACM cryptography panel was chaired by Dr. Stephen Kent.
Dr. Susan Landau, Research Associate Professor in Computer Science
at the University of Massachusetts, co-ordinated the work of the
panel and did most of the writing. Other panel members were Dr.
Clinton Brooks, Advisor to the Director, National Security Agency;
Scott Charney, Chief of the Computer Crime Unit, Criminal
Division, U.S. Department of Justice; Dr. Dorothy Denning,
Computer Science Chair, Georgetown University; Dr. Whitfield
Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony
Lauck, Corporate Consulting Engineer, Digital Equipment
Corporation; Douglas Miller, Government Affairs Manager, Software
Publishers Association; Dr. Peter Neumann, Principal Scientist,
SRI International; and David Sobel, Legal Counsel, Electronic
Privacy Information Center. Funding for the cryptography study
was provided in part by the National Science Foundation.
The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges. For
general information, contact ACM, 1515 Broadway, New York, NY
10036. (212) 869-7440 (tel), (212) 869-0481 (fax).
Information on accessing the report electronically will be
posted soon in this newsgroup.
1
0
U S A C M
Association for Computing Machinery, U.S. Public Policy Committee
* PRESS RELEASE *
Thursday, June 30, 1994
Contact:
Barbara Simons (408) 463-5661, simons(a)acm.org (e-mail)
Jim Horning (415) 853-2216, horning(a)src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling(a)ics.uci.edu (e-mail)
COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER
COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR
SECRET DECISION-MAKING
WASHINGTON, DC ÂÂ The public policy arm of the oldest and
largest international computing society today urged the White
House to withdraw the controversial "Clipper Chip" encryption
proposal. Noting that the "security and privacy of electronic
communications are vital to the development of national and
international information infrastructures," the Association for
Computing Machinery's U.S. Public Policy Committee (USACM) added
its voice to the growing debate over encryption and privacy
policy.
In a position statement released at a press conference on
Capitol Hill, the USACM said that "communications security is too
important to be left to secret processes and classified
algorithms." The Clipper technology was developed by the National
Security Agency, which classified the cryptographic algorithm that
underlies the encryption device. The USACM believes that Clipper
"will put U.S. manufacturers at a disadvantage in the global
market and will adversely affect technological development within
the United States." The technology has been championed by the
Federal Bureau of Investigation and the NSA, which claim that
"non-escrowed" encryption technology threatens law enforcement and
national security.
"As a body concerned with the development of government
technology policy, USACM is troubled by the process that gave rise
to the Clipper initiative," said Dr. Barbara Simons, a computer
scientist with IBM who chairs the USACM. "It is vitally important
that privacy protections for our communications networks be
developed openly and with full public participation."
The USACM position statement was issued after completion of a
comprehensive study of cryptography policy sponsored by the ACM
(see companion release). The study, "Codes, Keys and Conflicts:
Issues in U.S Crypto Policy," was prepared by a panel of experts
representing various constituencies involved in the debate over
encryption.
The ACM, founded in 1947, is a 85,000 member non-profit
educational and scientific society dedicated to the development
and use of information technology, and to addressing the impact of
that technology on the world's major social challenges. USACM was
created by ACM to provide a means for presenting and discussing
technological issues to and with U.S. policymakers and the general
public. For further information on USACM, please call (202) 298-
0842.
=============================================================
USACM Position on the Escrowed Encryption Standard
The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto
Policy" sets forth the complex technical and social issues
underlying the current debate over widespread use of encryption.
The importance of encryption, and the need for appropriate
policies, will increase as networked communication grows.
Security and privacy of electronic communications are vital to
the development of national and international information
infrastructures.
The Clipper Chip, or "Escrowed Encryption Standard" (EES)
Initiative, raises fundamental policy issues that must be fully
addressed and publicly debated. After reviewing the ACM study,
which provides a balanced discussion of the issues, the U.S.
Public Policy Committee of ACM (USACM) makes the following
recommendations.
1. The USACM supports the development of public policies and
technical standards for communications security in open forums in
which all stakeholders -- government, industry, and the public --
participate. Because we are moving rapidly to open networks, a
prerequisite for the success of those networks must be standards
for which there is widespread consensus, including international
acceptance. The USACM believes that communications security is
too important to be left to secret processes and classified
algorithms. We support the principles underlying the Computer
Security Act of 1987, in which Congress expressed its preference
for the development of open and unclassified security standards.
2. The USACM recommends that any encryption standard adopted by
the U.S. government not place U.S. manufacturers at a disadvantage
in the global market or adversely affect technological development
within the United States. Few other nations are likely to adopt a
standard that includes a classified algorithm and keys escrowed
with the U.S. government.
3. The USACM supports changes in the process of developing
Federal Information Processing Standards (FIPS) employed by the
National Institute of Standards and Technology. This process is
currently predicated on the use of such standards solely to
support Federal procurement. Increasingly, the standards set
through the FIPS process directly affect non-federal organizations
and the public at large. In the case of the EES, the vast
majority of comments solicited by NIST opposed the standard, but
were openly ignored. The USACM recommends that the standards
process be placed under the Administrative Procedures Act so that
citizens may have the same opportunity to challenge government
actions in the area of information processing standards as they do
in other important aspects of Federal agency policy making.
4. The USACM urges the Administration at this point to withdraw
the Clipper Chip proposal and to begin an open and public review
of encryption policy. The escrowed encryption initiative raises
vital issues of privacy, law enforcement, competitiveness and
scientific innovation that must be openly discussed.
5. The USACM reaffirms its support for privacy protection and
urges the administration to encourage the development of
technologies and institutional practices that will provide real
privacy for future users of the National Information
Infrastructure.
1
0
Hi all,
Does anyone have any hands-on experience with:
Contemporary Cryptology: The Science of Information Integrity
Gustavus J. Simmons
656pp., 1992
ISBN 0-87942-277-7
It is listed in a catalog of books carried by Omega. I was wondering if
anyone has read it (or even looked it over peripheraly for that matter)?
Thanks.
2
1
>From: khijol!erc(a)apple.com (Ed Carp [Sysadmin])
>Date: Fri, 1 Jul 1994 08:55:30 -0400 (EDT)
>
>> shamrock(a)netcom.com (Lucky Green) wrote:
>>
>> No, but you can use AT&T's test number - 1073214049889664
>
>Too bad it doesn't work from Canada :(
Doesn't seem to work for me in Cleveland, either. Maybe you have to have
AT&T long distance for it to work.
tw
3
2
--------------------------
In order to preserve anonymity and thwart traffic analysis in
chained remailings, it would seem useful to include a very BUSY
remailer in the chain, and try to ensure that the message arrives
at the busiest time of the day for that remailer, from a traffic
standpoint. Hitting a remailer at a slack time when, let's say,
only one message arrives over a period of several hours would
seem most unwise.
Can some of the major remailer operators make available some
"sanitized" traffic stats of average traffic by hour and day of
the week? The vox.hacktic.nl remailer sounds useful in this
regard, since it apparently uses a UUCP link, and batches up
accumulated messages, both incoming and outgoing. When are the
"best" times for chained traffic to arrive there?
Can someone familiar with remailer software answer something?
When a message is encrypted, using the "Encrypted: PGP" header,
will everything after the end of the encrypted message itself be
ignored? I ask, because this seems like a good place to
introduce "padding" into the message length to thwart detection
of identical messages, assuming that such extraneous material
wouldn't screw something up.
What's the best strategy for utilizing a given group of remailers
in a chain? Which ones would be most advantageous as the FIRST
link in the chain, since this is the one link that has direct
address to the originator's address.
How would "someone", hypothetically, follow the chain backwards?
Let's say that a message traveled down the chain A -> B -> C.
Couldn't someone with enough clout ask "C" where a certain
message (based on header data) originated, find out it was
relayed by "B", ask "B" for the source, etc. and trace it all the
way back to the source? What, if anything, would prevent that?
For the sake of argument, let's assume a worst-case scenario: a
chained message to "president(a)whitehouse.gov" containing a
seemingly credible threat to harm the President of the United
States, or perhaps a chained message, ultimately posted to Usenet
via a mail-to-news gateway, containing the first part, with more
installments threatened, of certain highly classified U.S.
military secrets. IOW, a scenario where powerful agencies are
motivated enough to invest considerable resources in tracking the
culprit down.
While we might agree that in those two cases, the persons deserve
to be caught, what's to prevent a President or other highly
placed federal bureaucrat from MISusing those same resources on
something less critical, such as tracking down and persecuting
someone who anonymously posts "Clinton is a prick" or "Clipper
sucks"?
----------------------------
3
2