I can't say that I've always wanted to use this oft-joked about title, but for the first time since I got on some form of the Net in 1973, I think there's some truth to it. (It's not hopeless. In fact, the stuff we talk about, use, work on, etc., is the best hope.) Several pieces of news are coming at the same time: * the Communications Decency Act, as part of the Telecom Act, was passed by Congress yesterday. Clinton is expected to sign it into law early next week. It includes language of great significance for users, for ISPs, and perhaps for remailers. When it takes effect--some number of days after Clinton signs it into law--it could almost immediately have a chilling effect on many newsgroups, on Web accesses, etc. Though civil liberties groups are expected to challenge it in court, and may ultimately win, it could be a long and expensive fight for some ISP who "lets" a 17-year-old access indecent material (or lets abortion articles in, or lets various other banned things in). * Other countries are gaining steam in restricting, or trying to restrict, what happens on the Net, especially what enters. Germany is the most oft-discussed, with actions underway against Compuserve, American Online, and possibly other ISPs with a German presence. And the Deutsche Telekom access block of American sites. France is also contemplating various actions. Even the "liberal" countries have things brewing, according to news items appearing recently. (Look at the list of countries represented by senior law enforcement officials at the Key Escrow meetings in Sept. '94, for example. I don't expect most of these countries to have an active public debate about crypto restrictions, for various obvious reasons. I do expect them to accept with alacrity the "international treaties" when they are offered.) * And don't forget that there is still a campaign to control encryption and to adopt a global regimen for "key escrow." The various international meetings, the Washington meetings, and the noises coming out of foreign capitals strongly suggest a comprehensive scheme--as yet unannounced--to mandate the escrowing of keys with the local authorities. (To be sure, there are many, many problems, and many avenues for attack, but this doesn't mean such an international scheme won't be tried...look to the U.S. lead in controlling drug traffic over the past 60 years.) * The Wiretap Bill still mandates that digital switches be made digitally wire-tappable. (Lots of technical details, and lots of debate about how much of the $500 million mentioned will actually be budgeted, provided, etc.) FBI Director Louis Freeh is still pushing this as critically important. This is part of the larger mosaic. * Various trial balloons about key authentication agencies, about having the government issue keys and even handle e-mail (the Postal Service has been pushing for this for a long time). Some of the "centralized" schemes for signature authorities appear to fit in nicely with a government-mandated certificate hierarchy. There are various scenarios for how a certificate hierarchy could be mandated, ranging from outlawing of "anarchic" variants (unlikely, at first) to the court system refusing to help enforce contracts signed in a non-compliant manner (pretty likely, in my opinion). * Universities are *not* becoming more tolerant and diverse, more acceptant of extreme speech. In fact, more and more of them are adopting "speech codes," especially for the Internet. Sometimes called "stalking" laws, sometimes "respect" laws, they serve to stifle what is noniolently, noncoervively said by some students to others. Even private jokes, as at Cornell, are treated as crimes (the "voluntary" community service the four Cornell students agreed to). And "political" material is ordered off university Web sites (the UMass case of Lewis McCarthy, which just unfolded today). *Universities, corporations, and even ISPs are explicitly adopting policies that allow them to inspect e-mail at will. (If the arrangement is made in advance, it may not violate the ECPA to do this...and I'm not saying there aren't some good reasons why these entities would want the right to inspect e-mail (their liability being a good example), just noting the growing situation. Absent any sort of "common carrier," we may be approaching an age where the relay layers most users must use have explicit policies allowing monitoring and even banning unapproved/unescrowed encryption (I've seen the policies of at least one ISP that state this). (Alice and Bob can still presumably dial each other up directly over the phone lines and do a UUCP-style transfer, but using intermediary ISPs may not allow them to use the crypto of their choice...again, the ISPs, universities, corporations, etc., may be held liable for misdeeds done over their systems, so this is why they would want to control the content or have some way to monitor communications.) * The Four Horsemen of the Infocalypse. Increasing media reports of child porn on the Net, of "digital stalkers" on campuses, of children finding bomb instructions, of nuclear terrorists using Alta Vista to design their bombs.... Even the media lionization of Shimomura, who dismisses concerns about privacy as the ravings of paranoid hackers and libertarians, adds to this public view. Shorter, more sensationalistic, articles are appearing daily. (I don't believe the reporters, notably Markoff, Levy, etc., are "in on" some kind of conspiracy, just noting that the media hype about the Net, and hackers, and the dangers, are adding up to a growing sense that "the government has to something!"). * "Anonymity" in general is under attack. Calls for "responsibility." "What have you got to hide?" is the standard refrain. If the rumors of a kind of "Internet Drivers License" are correct, all posts could be required to be signed by the orginator. Forwarders would be held responsible for checking signatures, or, at least, be held liable for misdeeds. They would not be treated as we treat the carriers of sealed packages, for example. (I can think of many counter-arguments, including the usual one about a forwarder not knowing the contents of what he was forwarding, not being able to tell if a file was noise, data, compressed data, or an encrypted packet...while I find this persuasive, it may take years of expensive court cases to establish this, and still might go against this interpretation.) * Corporations are having their secrets stolen, and are demanding that something be done. (Expect more of these calls to increase as more cases like the RC2 case arise...without supporting RSA in their anger, I can see why remailers scare the hell out of them,) * Groups as disparate as the Church of Scientology and the Simon Wiesenthal Center are screaming to have the Net regulated. What major groups will be next? The Catholic Church? The Junior League? As more groups "threatened" by the anarchic, free speech of the Net decide to cast their lot in with the government (with hopes that if they scratch the government's back, it'll return the favor, or at least help control the marauders), the constituency for clamping down on the Net will grow. * And the tax authorities, the IRS, FinCEN, etc., are well-known to be trying to figure out how to get their cut, how to control the spread of untaxed transactions, and how to make sure that Chaumian untraceable digital cash is never fully deployed. You can bet that they would love to have Visa or Mastercard or one of the "little" systems that allows full traceability be adopted, maybe even mandated. This would in one fell swoop fix several problems for them. Without getting into paranoia about Clinton, Black Helicopters, U.N. troops in American cities, the militia movement, Fostergate, etc., it looks to me like a coordinated move to try to regain "control" of the transnational Internet anarchy is getting started in earnest. I said it is not hopeless. Indeed, the powerful technologies of encryption, digital mixes, and other such tools will make a clamp-down very hard, maybe ultimately impossible. This is my hope. But in the meantime, a lot of hard work. And a lot of obvious targets--such as people who put things on their Web pages, ISPs who let minors on their systems, those who cause abortion information to be brought in from outside the U.S., etc.--will be prosecuted, given huge fines to send a message to others, and maybe even imprisoned. International treaties will be signed, giving these laws the force of treaty. The New World Order, cyberspace-style. I'm not despairing. I just think a lot of work lies ahead of us. The crypto anarchy future is not going to happen if governments have anything to say about it. Therein lies the challenge. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."