Here is a handout I've written for our next Portland-area libertarian meeting. Comments welcome. Feel free to distribute freely (you can edit out Portland-specific stuff) with attributions. ---------------------------------------------------------------- How to Protect Your Electronic Privacy Nick Szabo, April 30 1993 Distribute Freely We conduct more and more of our legal, political, and private business over the wires. Every decade, the number of phone calls that the government can record for later playback increases by a factor of ten. Commercial organizations gather and sell our transactions; marketers and governments cross-reference them, forming our vast electronic reputation. The number of e-mail messages doubles every year, and many political organizations are coming to rely on networks like Internet and LiberNet. Most e-mail users are unaware that it is the most public medium ever invented, and use it to write love letters, letters to their lawyer, discussion of illegal activities, etc. Vast volumes of e-mail can be stored on small magnetic tapes and searched in bulk for keywords, eg "mari[jh]uana". The good news is, the computer brings an even greater weapon to fight these threats to our privacy and political freedoms: widely available, automatic cryptography. Instead of developing phones allowing truly private conversations, which are now feasible, AT&T recently put a phone on the market that contains the NSA-designed "Clipper" wiretap chip. All users' encryption keys are registered with the U.S. government, giving it exclusive access to wiretapping this system's phones. The use of an unpublished algorithm and other features also make the system insecure. "Clipper" would also make traffic analysis (finding out who is calling whom, when, etc.) much easier. The goal of this government/Ma Bell collusion is to subsidize the creation of a standard that forces truly private phone systems off the market. By purposefully allowing a government backdoor in its "secure" phones, AT&T has demonstrated its contempt for its customers' privacy. Here are some other long-distance providers that may have more respect. All U.S. line providers are required to surrender to telephone taps under government "authorization", but some require more "authorization" than others, or otherwise make a greater fuss about it. Local wiretaps are beyond the control of long-distance companies, but long-distance eavesdropping is much more difficult if the company uses fiber optic instead of microwave links. Ask company representatives for details. Allnet Long Distance Services 1-800-783-2020 MCI, commercial 1-800-888-0800 MCI, residential 1-800-950-5555 Metromedia Communications Corp. 1-800-275-2273 One-2-One Communications 1-800-293-4121 Sprint, residential 1-800-877-7746 Sprint, business 1-800-733-5566 Real phone privacy can be obtained with a veil of encryption, by using pairs of phones containing privacy chips, which scramble the signals *and* keep the keys private. Contact your local business telephone dealers for privacy phones from Ericson, Cylink and other companies. Keep your eye out for portable-computer-based software with voice input that can be used to encrypt voice mail and send it over the networks like e-mail; these may be appearing on the market or as freeware within six months. Data privacy can be obtained with public-key encryption features which have been added to some of the newer e-mail packages from Microsoft, Apple, Novell, etc. Beware: most software encryption has been restricted by the U.S. government to very weak algorithms. "Cypherpunks" enjoy writing programs to crack the weakened file encryption in Word Perfect, Lotus, etc. Be sure the software contains the new "RSA" public-key algorithm, which probably cannot be cracked by anybody, even the NSA with their buildings full of supercomputers. A strong freeware RSA package is also available called Pretty Good Privacy (PGP); this is the international standard on the Internet. PGP can also be used for protecting the files on your PC. On an Internet machine type "archie pgp" to find out where PGP is available for download. Several BBS systems also have PGP available. In public key encryption, there are two keys, one used to lock (really scramble) the data, the other to unlock (unscramble) the data. To join the fun, publish or send your freinds your public key, and they can then send you messages only you can unlock with your private key. You collect other's public keys and do the same. PGP key distribution is based on an informal, voluntary web of trust instead of the government's rigid heirarchy which is vulnerable to failure at the top. Just as today's businessmen trade business cards, tommorrow's businessmen will trade public keys -- if the government doesn't ban them first. For more detailed information on electronic privacy, see: * Your local phone dealer. If he does not know about privacy issues and phone privacy products, ask him to find out! * The May/June issue of "Wired" magazine featuring "crypto-rebels" on the cover. A history computer cryptography and the "cypherpunk" movement, whose goal is to break the government monopoly on cryptography and to restore our right to privacy in the electronic age. * "Mondo 2000" #9 (most recent) features two good articles on PGP, and a third article on protecting our financial privacy from governments. * The Winter/Spring issue of "Extropy" features and article on digital cash. Unlike current electronic funds transfer, digital cash increases financial privacy. * On the Internet, the cypherpunks mailing list (cypherpunks-request@toad.com) and the newsgroups sci.crypt. In the Portland area two Internet providers are agora (293-1772 data) and techbook (220-0636 data). * Organizations helping lobby for electronic privacy: Electronic Frontier Foundation (eff.org), Computer Professionals for Social Responsibility (cpsr.org), Privacy International. These are not entirely libertarian (eg EFF tends to support Gore's socialist "Data Highway".) * James Bamford, _The Puzzle Palace_, 1983: A classic expose of the National Security Agency. Nick Szabo szabo@techbook.com