what does C-A-C-L stand for? alpha ----- Original Message ----- From: "Tim May" <tcmay@got.net> To: <cypherpunks@lne.com> Sent: Saturday, November 17, 2001 10:00 AM Subject: CDR: The Crypto Winter
Alternative Subject Name: Decline and Fall: Crypto without politics is just applied number theory
This will be a long article. Fair warning.
Also, I plan to reply only to folks who make a serious effort to debate. Folks who chime in with inanities or with "Another C-A-C-L rant!" will of course just ignore. I don't expect much discussion, though. For the same "lots of reasons" I mention many times below. Still, I wanted to make these points even if only six of you are worth responding to.
On Saturday, November 17, 2001, at 12:10 AM, Declan McCullagh wrote:
On Fri, Nov 16, 2001 at 10:31:24PM -0800, Petro wrote:
Part of the energy in those days was people pushing in to vastly new territories, figuring out how to solve the hard problems--and there were a whole bunch back then. There are still lots of hard problems, but they come in dribs and drabs, and often one of these new problems can be reduced to one or two old problems--which isn't nearly as interesting.
I may have started reading the list in 1994. To add something to the above: Also in the early days, folks were still thinking through the implications of the technologies, the future was a bit sunnier than it is nowadays, and there weren't quite as many (this may be just wishful thinking) loserflamers around. In addition, the FBI and Secret Service and TIGTA and whatnot hadn't been interrogating and arresting list members.
There are many reasons/factors for the decline. Few would argue that the decline has been a many-year process. As I lack the energy or will to write a detailed essay (which is one of the reasons...), I'll summarize a few basic reasons:
1. The newness issue. Even before the list/group started, finding new and amazing implications was so easy that we were able to figure out a bunch of things before the official crypto community noticed them. Early list messages were often about these implications. Hal Finney, Eric Hughes, Duncan Frissell, and a dozen others were all actively debating these implications--years before the "crypto press" started reporting them, years before even apologists for Big Brother started denouncing them. The newness has shifted. I'll come back to this issue again.
2. Fewer infusions of new blood. We had some good infusions of new blood in the 1993-95 period, including people like Lucky Green, Declan McCullagh, and Greg Broiles. In the past couple of years, fewer creative contributors have arrived. We had a guy from Germany, whose name I have spaced out on, but he showed up at ZKS (another point I will get to in a moment) and hasn't been active on the list in a long while. In the last year or two, David Molnar stands out as a new and innovative contributor, but I believe his is now involved in a start up in NYC and so he doesn't post here often anymore.
A couple of apologists for Big Brother have arrived (George@Orwellian, whom I am tentatively assuming is the same as the frequent Nomen Nescio user: a leftie who rants about the evils of ideas here), a couple of agent provocateurs have arrived, and several infantile flamers are still here.
[Note: Related to this point and the one following below, we had a _huge_ number of students and grad students active on the list in the early years. "Wired" did a big piece on Cypherpunks in their second issue, and "Wired" was still cool in those years. A surge of subscribers hit the list in 1993. And Clipper was much in the news. Many of those students contributed provocative, anarchist-leaning ideas. Many went on to get jobs in industry, even in crypto and security. Some went to Microsoft (Matt Tomlinson, I believe, and possibly Wei Dai, though I could be wrong), some went to Netscape, some to RSA, and so on.]
3. The commercialization of crypto. This has been a plus and a minus. On the plus side, several startup companies have drawn heavily from former (or lurking) list members, including C2Net, Digicash, PGP, RSA and Verisign, security consulting companies in the Bay Area, Zero Knowledge, and the security departments of leading dot com and Net companies. Even Mojo Nation, which had about half a dozen list members in it--not much being heard from it now.
(Remember when three members of the same family were on the list and two of them were essentially Netscape's security department! Remember when at least three key list members worked for Digicash?) The ZKS issue alone took half a dozen of our most significant contributors off the list (for various obvious reasons), including Ian Goldberg, both Adams (Back and Shostack), and some others. And when ZKS recast itself a year or so ago as some kind of "consulting company" (??) and then when they recently dropped the Freedom remailer/proxy service, things took another steep decline. Even if these former list members end up leaving ZKS, as would seem likely, I doubt they'll return to our list.)
The effects of the commercialization were manyfold (or is it manifold?) and deserve an entire essay, but here are a few of them:
a) Cypherpunks physical meetings (second Saturday of each month, held in the South Bay 1992-95, held all around the Bay Area after that) became more corporate-focused. Guys at companies often recruited. A kind of rolling job fair.
b) The projects discussed started being more and more about what some particular company was doing
c) I believe some people are much less willing to discuss radical implications and ideas when they think future employers may be reading, or may have access to their posts through search engines. It may be coincidental, but the beginning of the real decline of the list happened at just about the same time the Web was becoming ubiquitous (which has other implications, mentioned later) and as search engines like Deja News and Alta Vista made it obvious that one's words on the list would echo forever.
d) Siphoning of energy. Not a bad thing, but the commercialization of crypto definitely meant that many long-range projects were shifted to short-range. Depressingly, most of the short-range efforts never really went very far. (Between the dot com crash and other things, all we really have is what we had in 1992: basic crypto and signatures.)
e) The mess with PGP. At one point, probably a dozen list members worked at PGP, and we often heard updates from them on new versions. (One of those pluses as well as minuses. A plus that PGP was expanding, and that usage was increasing, but a minus because all it really was basic encryption stuff, so it was fairly boring to spend meetings discussing the details of a version update.) The transfer of PGP to NAI further confused things, and now there are probably fewer PGP users than in 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann at Hushmail, and NAI saying they plan to demphasize PGP....already a moot point.)
[Note: There was a period when using PGP was "cool." Lots of digerati were using it, playing with it. It showed up on "Wired"'s "hot" list. This has changed. Lots of reasons.]
4. The discrediting of "politics." After the first heady year or two of discussing digital money, data havens, dead drops, black nets, tax avoidance, colonization of cyberspace, and so on, some voices began to argue against talking politics. To be sure, the list had always been focused on the "exploitation of crypto for meta-political purposes." Mundane politics about left vs. right was not interesting to most of us. Yes, the list had a strong libertarian focus, but so does much of the Net and so does much of the computer community (with also a lefty/Green/ecobabble contingent out there, though not on this list). Why this is so should not surprise anyone.
The discrediting of politics was correlated to the formation of alternative lists. Lewis McCarthy started a moderated list called "Coderpunks" in which only code and programming techniques was to be discussed. Perry Metger started a moderated list called "Cryptography." Some of the active participants in Cypherpunks did most of their posting on those lists...let a thousand flowers bloom and all. I chose not to subscribe to those lists for a couple of reasons. First, I hate moderated lists where some satrap decides what is OK for me to talk about and what is not. Second, I am much less interested in the C++ coding of Rijndael than I am in discussing digital money and quasi-political issues touching on economics, public policy, social repudiation and reputation issues, etc. In my view, crypto without politics is just applied number theory.
The discrediting is even happening on the Cypherpunks list. It is deeply ironic that people who have never contributed an innovative idea, poitical or technical, are hectoring us that "Cypherpunks write code!" (Having been involved since the Ur-Cypherpunk days, I know precisely what that slogan means, and it _doesn't_ mean what many think it means.)
5. The resurgence of politics and law. Strangely, despite the above discrediting, politics and law became _more_ of the focus of the list! How could that be? Here's a partial list: Communications Decency Act, the Bernstein case, crypto export laws, ITAR, European plans to regulate crypto, Napster, copyright, the DMCA, and on and on. Despite the "Cypherpunks write code!" pseudo-mantra, more and more physical meetings were devoted to hearing from various spokeslawyers representing the EFF, EPIC, CDT, and other lobbying/litigating firms. More and more list members muttered about going to law school...and some did.
(Not to besmirch the reputation of Greg Broiles, who was already well-along in law school before beginning to contribute many fine
On to another major, possibly _the_ major, factor:
5. The boredom factor. As Declan and Petro have noted, the ideas are not new. The same reasons that made the 1992-94 period so heady also mean that later developments are usually just revisitations or rediscoveries of the "nuggets" found in the early years. This is like any new field: the early pioneers find gems and nuggest lying on the ground, lots of low-hanging fruit. (To mix some metaphors.) Later arrivals find the low-hanging fruit gone, the richest veins of ore already mined.
(I have not given up. There are amazing things yet to be done. I had a stimulating discussion with some computer pioneers last weekend and am redoubling my own efforts in my "ontology" project I have occasionally mentioned.)
The "read the archives!" advice often given, especially by me, is only to be expected. When literally tens of thousands of articles, some of them very long and detailed, have already been written on core topics, why should any of the "old-timers" spend an hour writing an essay to educate a newbie who is unwilling to even spend a few minutes with Google looking for already-written articles?
(And many of the newcomers are shockingly ignorant of even the basic definitions and ideas, ones that have been written about in full-length articles. My own chapter-length essays outline the basics and have been included in recent books like "Building-In Big Brother" (Ludlow), "Crypto Anarchy, Cyberstates and Pirate Utopias" (also Ludlow), and the forthcoming "True Names and the Opening of the Cyberspace Frontier" (Vinge, Frenkel, others). Any search on the keywords so common on our list will turn up full-length articles, as well as the "Cyphernomicon" mega-FAQ I spent (wasted?) about a year of my life working on.)
6. The failure to get true digital money. Call it what you like, "digital cash" or "ecash" or even one of Hettinga's pet names, but the fact is that for both political and technical reasons we don't have digital cash. This has ripple effects for nearly all of the constructs which depend on digital money: data havens, good remailers, black nets, beacons, and of course for certain sociopolitical implications of untraceable transactions.
Without this basic building block, we are left just with the "privacy" stuff...and the privacy stuff is both fairly boring and at the same time wrapped-up in legal/political baggage about secrecy, hiding things, etc. Boring!
Why digital money has not happened is still an interesting topic to discuss. I described the two axes of "value of untraceability" versus "cost of untraceability" in an article I wrote a few months ago. I characterized the "millicent ghetto" that most companies have concentrated on, and the fallacy of the "one size fits all" pricing models.
Now, given the events of 911 and the rush to control the Net and to impose new and unconstitutional limitations on what people can do with their own money, the likelihood of a quasi-visible digital money operation like Mark Twain Bank setting up seems to be nil.
Money-laundering laws, and the attempted crackdowns on "hawalah" exchanges, will mean any digital cash effort will have to be done beyond the margins of the law. Maybe for something with no identifiable nexus, something beyond even what Gnutella and Freenet are doing. Beyond Morpheus/Music City, beyond Mojo Nation, beyond _any_ of the current P2P efforts. (By the way, the only book that I know of on Peer-to-Peer computing has references to the pioneering role that Cypherpunks played, in remailers, in screen-saver code crackers, etc. Look to the archives from 1992-94 and one will see most of the P2P issues covered, from the point of view of distributed, agoric models, black markets, etc. My own BlackNet, 1988, is obviously a P2P model.)
This failure to get workable untraceable digital cash (true 2-way untraceable, not the bastardized, banker-friendly, government-friendly one-way untraceable form) is the _deep_ reason things are stagnating.
And we are not alone...
"How to make money off of these ideas" is the fundamental reason the dot com crash happened. Absent efficient digital payment systems, and absent strong cryptographic constructs to build cyberspace structures, just about the only working model for funding all of these dot com things was "online advertising." That, coupled with scads of companies all figuring they would dominate their markets.
I'm concentrating here on the online digital services companies, not so much the "clicks and mortar" companies trying to sell dog food over the Net (yeah, the pets.com and boo.com companies failed, but in their cases the Net was just another communications medium for basically a mail-order or phone-order business). More interesting are why the crypto-related companies are failing. People just aren't paying for digital signatures, encryption, and other "Cypherpunkish" things.
This doesn't surprise me at all. But, I see that I am drifting away from my intended brief listing of reasons for the decline and am instead moving into something that should be saved for another article.
In closing, the long-term prospects for our ideas are still bright. The "degrees of freedom" (multiple senses) still mean that crypto anarchy will likely triumph over central control. But we probably are facing a "crypto winter" lasting at least 5 years, and maybe much longer. The moves to expand wiretapping and surveillance, the Carnivore boxes, the rapid move to reduce civil liberties in the wake of 911, the calls by various European and Asian countries to crack down on use of the Net, and the draconian restrictions on money....all of these things will make it very difficult to establish Cypherpunks technologies.
Maybe a collapse will come, maybe P2P will sneak these ideas in through the back door (*).
(* as might well have happened sooner had Napster _started_ in a distributed, no nexus sort of way instead of starting as a central file server with a huge "Sue me!" sign painted on the roof of their San Mateo offices)
The thing I would advise folks to do is to not think about getting rich. Those who lust after the riches of an IPO for their Digital Signature Datawhack, Inc. startup are probably heading for crushing disapppointment. "Do what you love and the money will follow" is still good advice.
And working on the interesting stuff, even if it doesn't appear to be "commercial," will probably be where the commercial things of ten years from now come from. There are so many examples of this from past years that I can't begin to list them here.
Well, now I'm again moving afield into career advice, so I'll stop here.
Best wishes,
--Tim May "Gun Control: The theory that a woman found dead in an alley, raped and strangled with her panty hose, is somehow morally superior to a woman explaining to police how her attacker got that fatal bullet wound"