Alternative Subject Name: Decline and Fall: Crypto without politics is just applied number theory This will be a long article. Fair warning. Also, I plan to reply only to folks who make a serious effort to debate. Folks who chime in with inanities or with "Another C-A-C-L rant!" will of course just ignore. I don't expect much discussion, though. For the same "lots of reasons" I mention many times below. Still, I wanted to make these points even if only six of you are worth responding to. On Saturday, November 17, 2001, at 12:10 AM, Declan McCullagh wrote:

On Fri, Nov 16, 2001 at 10:31:24PM -0800, Petro wrote:

...

Part of the energy in those days was people pushing in to vastly new territories, figuring out how to solve the hard problems--and there were a whole bunch back then. There are still lots of hard problems, but they come in dribs and drabs, and often one of these new problems can be reduced to one or two old problems--which isn't nearly as interesting.

I may have started reading the list in 1994. To add something to the above: Also in the early days, folks were still thinking through the implications of the technologies, the future was a bit sunnier than it is nowadays, and there weren't quite as many (this may be just wishful thinking) loserflamers around. In addition, the FBI and Secret Service and TIGTA and whatnot hadn't been interrogating and arresting list members.

There are many reasons/factors for the decline. Few would argue that the decline has been a many-year process. As I lack the energy or will to write a detailed essay (which is one of the reasons...), I'll summarize a few basic reasons: 1. The newness issue. Even before the list/group started, finding new and amazing implications was so easy that we were able to figure out a bunch of things before the official crypto community noticed them. Early list messages were often about these implications. Hal Finney, Eric Hughes, Duncan Frissell, and a dozen others were all actively debating these implications--years before the "crypto press" started reporting them, years before even apologists for Big Brother started denouncing them. The newness has shifted. I'll come back to this issue again. 2. Fewer infusions of new blood. We had some good infusions of new blood in the 1993-95 period, including people like Lucky Green, Declan McCullagh, and Greg Broiles. In the past couple of years, fewer creative contributors have arrived. We had a guy from Germany, whose name I have spaced out on, but he showed up at ZKS (another point I will get to in a moment) and hasn't been active on the list in a long while. In the last year or two, David Molnar stands out as a new and innovative contributor, but I believe his is now involved in a start up in NYC and so he doesn't post here often anymore. A couple of apologists for Big Brother have arrived (George@Orwellian, whom I am tentatively assuming is the same as the frequent Nomen Nescio user: a leftie who rants about the evils of ideas here), a couple of agent provocateurs have arrived, and several infantile flamers are still here. [Note: Related to this point and the one following below, we had a _huge_ number of students and grad students active on the list in the early years. "Wired" did a big piece on Cypherpunks in their second issue, and "Wired" was still cool in those years. A surge of subscribers hit the list in 1993. And Clipper was much in the news. Many of those students contributed provocative, anarchist-leaning ideas. Many went on to get jobs in industry, even in crypto and security. Some went to Microsoft (Matt Tomlinson, I believe, and possibly Wei Dai, though I could be wrong), some went to Netscape, some to RSA, and so on.] 3. The commercialization of crypto. This has been a plus and a minus. On the plus side, several startup companies have drawn heavily from former (or lurking) list members, including C2Net, Digicash, PGP, RSA and Verisign, security consulting companies in the Bay Area, Zero Knowledge, and the security departments of leading dot com and Net companies. Even Mojo Nation, which had about half a dozen list members in it--not much being heard from it now. (Remember when three members of the same family were on the list and two of them were essentially Netscape's security department! Remember when at least three key list members worked for Digicash?) The ZKS issue alone took half a dozen of our most significant contributors off the list (for various obvious reasons), including Ian Goldberg, both Adams (Back and Shostack), and some others. And when ZKS recast itself a year or so ago as some kind of "consulting company" (??) and then when they recently dropped the Freedom remailer/proxy service, things took another steep decline. Even if these former list members end up leaving ZKS, as would seem likely, I doubt they'll return to our list.) The effects of the commercialization were manyfold (or is it manifold?) and deserve an entire essay, but here are a few of them: a) Cypherpunks physical meetings (second Saturday of each month, held in the South Bay 1992-95, held all around the Bay Area after that) became more corporate-focused. Guys at companies often recruited. A kind of rolling job fair. b) The projects discussed started being more and more about what some particular company was doing c) I believe some people are much less willing to discuss radical implications and ideas when they think future employers may be reading, or may have access to their posts through search engines. It may be coincidental, but the beginning of the real decline of the list happened at just about the same time the Web was becoming ubiquitous (which has other implications, mentioned later) and as search engines like Deja News and Alta Vista made it obvious that one's words on the list would echo forever. d) Siphoning of energy. Not a bad thing, but the commercialization of crypto definitely meant that many long-range projects were shifted to short-range. Depressingly, most of the short-range efforts never really went very far. (Between the dot com crash and other things, all we really have is what we had in 1992: basic crypto and signatures.) e) The mess with PGP. At one point, probably a dozen list members worked at PGP, and we often heard updates from them on new versions. (One of those pluses as well as minuses. A plus that PGP was expanding, and that usage was increasing, but a minus because all it really was basic encryption stuff, so it was fairly boring to spend meetings discussing the details of a version update.) The transfer of PGP to NAI further confused things, and now there are probably fewer PGP users than in 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann at Hushmail, and NAI saying they plan to demphasize PGP....already a moot point.) [Note: There was a period when using PGP was "cool." Lots of digerati were using it, playing with it. It showed up on "Wired"'s "hot" list. This has changed. Lots of reasons.] 4. The discrediting of "politics." After the first heady year or two of discussing digital money, data havens, dead drops, black nets, tax avoidance, colonization of cyberspace, and so on, some voices began to argue against talking politics. To be sure, the list had always been focused on the "exploitation of crypto for meta-political purposes." Mundane politics about left vs. right was not interesting to most of us. Yes, the list had a strong libertarian focus, but so does much of the Net and so does much of the computer community (with also a lefty/Green/ecobabble contingent out there, though not on this list). Why this is so should not surprise anyone. The discrediting of politics was correlated to the formation of alternative lists. Lewis McCarthy started a moderated list called "Coderpunks" in which only code and programming techniques was to be discussed. Perry Metger started a moderated list called "Cryptography." Some of the active participants in Cypherpunks did most of their posting on those lists...let a thousand flowers bloom and all. I chose not to subscribe to those lists for a couple of reasons. First, I hate moderated lists where some satrap decides what is OK for me to talk about and what is not. Second, I am much less interested in the C++ coding of Rijndael than I am in discussing digital money and quasi-political issues touching on economics, public policy, social repudiation and reputation issues, etc. In my view, crypto without politics is just applied number theory. The discrediting is even happening on the Cypherpunks list. It is deeply ironic that people who have never contributed an innovative idea, poitical or technical, are hectoring us that "Cypherpunks write code!" (Having been involved since the Ur-Cypherpunk days, I know precisely what that slogan means, and it _doesn't_ mean what many think it means.) 5. The resurgence of politics and law. Strangely, despite the above discrediting, politics and law became _more_ of the focus of the list! How could that be? Here's a partial list: Communications Decency Act, the Bernstein case, crypto export laws, ITAR, European plans to regulate crypto, Napster, copyright, the DMCA, and on and on. Despite the "Cypherpunks write code!" pseudo-mantra, more and more physical meetings were devoted to hearing from various spokeslawyers representing the EFF, EPIC, CDT, and other lobbying/litigating firms. More and more list members muttered about going to law school...and some did. (Not to besmirch the reputation of Greg Broiles, who was already well-along in law school before beginning to contribute many fine On to another major, possibly _the_ major, factor: 5. The boredom factor. As Declan and Petro have noted, the ideas are not new. The same reasons that made the 1992-94 period so heady also mean that later developments are usually just revisitations or rediscoveries of the "nuggets" found in the early years. This is like any new field: the early pioneers find gems and nuggest lying on the ground, lots of low-hanging fruit. (To mix some metaphors.) Later arrivals find the low-hanging fruit gone, the richest veins of ore already mined. (I have not given up. There are amazing things yet to be done. I had a stimulating discussion with some computer pioneers last weekend and am redoubling my own efforts in my "ontology" project I have occasionally mentioned.) The "read the archives!" advice often given, especially by me, is only to be expected. When literally tens of thousands of articles, some of them very long and detailed, have already been written on core topics, why should any of the "old-timers" spend an hour writing an essay to educate a newbie who is unwilling to even spend a few minutes with Google looking for already-written articles? (And many of the newcomers are shockingly ignorant of even the basic definitions and ideas, ones that have been written about in full-length articles. My own chapter-length essays outline the basics and have been included in recent books like "Building-In Big Brother" (Ludlow), "Crypto Anarchy, Cyberstates and Pirate Utopias" (also Ludlow), and the forthcoming "True Names and the Opening of the Cyberspace Frontier" (Vinge, Frenkel, others). Any search on the keywords so common on our list will turn up full-length articles, as well as the "Cyphernomicon" mega-FAQ I spent (wasted?) about a year of my life working on.) 6. The failure to get true digital money. Call it what you like, "digital cash" or "ecash" or even one of Hettinga's pet names, but the fact is that for both political and technical reasons we don't have digital cash. This has ripple effects for nearly all of the constructs which depend on digital money: data havens, good remailers, black nets, beacons, and of course for certain sociopolitical implications of untraceable transactions. Without this basic building block, we are left just with the "privacy" stuff...and the privacy stuff is both fairly boring and at the same time wrapped-up in legal/political baggage about secrecy, hiding things, etc. Boring! Why digital money has not happened is still an interesting topic to discuss. I described the two axes of "value of untraceability" versus "cost of untraceability" in an article I wrote a few months ago. I characterized the "millicent ghetto" that most companies have concentrated on, and the fallacy of the "one size fits all" pricing models. Now, given the events of 911 and the rush to control the Net and to impose new and unconstitutional limitations on what people can do with their own money, the likelihood of a quasi-visible digital money operation like Mark Twain Bank setting up seems to be nil. Money-laundering laws, and the attempted crackdowns on "hawalah" exchanges, will mean any digital cash effort will have to be done beyond the margins of the law. Maybe for something with no identifiable nexus, something beyond even what Gnutella and Freenet are doing. Beyond Morpheus/Music City, beyond Mojo Nation, beyond _any_ of the current P2P efforts. (By the way, the only book that I know of on Peer-to-Peer computing has references to the pioneering role that Cypherpunks played, in remailers, in screen-saver code crackers, etc. Look to the archives from 1992-94 and one will see most of the P2P issues covered, from the point of view of distributed, agoric models, black markets, etc. My own BlackNet, 1988, is obviously a P2P model.) This failure to get workable untraceable digital cash (true 2-way untraceable, not the bastardized, banker-friendly, government-friendly one-way untraceable form) is the _deep_ reason things are stagnating. And we are not alone... "How to make money off of these ideas" is the fundamental reason the dot com crash happened. Absent efficient digital payment systems, and absent strong cryptographic constructs to build cyberspace structures, just about the only working model for funding all of these dot com things was "online advertising." That, coupled with scads of companies all figuring they would dominate their markets. I'm concentrating here on the online digital services companies, not so much the "clicks and mortar" companies trying to sell dog food over the Net (yeah, the pets.com and boo.com companies failed, but in their cases the Net was just another communications medium for basically a mail-order or phone-order business). More interesting are why the crypto-related companies are failing. People just aren't paying for digital signatures, encryption, and other "Cypherpunkish" things. This doesn't surprise me at all. But, I see that I am drifting away from my intended brief listing of reasons for the decline and am instead moving into something that should be saved for another article. In closing, the long-term prospects for our ideas are still bright. The "degrees of freedom" (multiple senses) still mean that crypto anarchy will likely triumph over central control. But we probably are facing a "crypto winter" lasting at least 5 years, and maybe much longer. The moves to expand wiretapping and surveillance, the Carnivore boxes, the rapid move to reduce civil liberties in the wake of 911, the calls by various European and Asian countries to crack down on use of the Net, and the draconian restrictions on money....all of these things will make it very difficult to establish Cypherpunks technologies. Maybe a collapse will come, maybe P2P will sneak these ideas in through the back door (*). (* as might well have happened sooner had Napster _started_ in a distributed, no nexus sort of way instead of starting as a central file server with a huge "Sue me!" sign painted on the roof of their San Mateo offices) The thing I would advise folks to do is to not think about getting rich. Those who lust after the riches of an IPO for their Digital Signature Datawhack, Inc. startup are probably heading for crushing disapppointment. "Do what you love and the money will follow" is still good advice. And working on the interesting stuff, even if it doesn't appear to be "commercial," will probably be where the commercial things of ten years from now come from. There are so many examples of this from past years that I can't begin to list them here. Well, now I'm again moving afield into career advice, so I'll stop here. Best wishes, --Tim May "Gun Control: The theory that a woman found dead in an alley, raped and strangled with her panty hose, is somehow morally superior to a woman explaining to police how her attacker got that fatal bullet wound"

what does C-A-C-L stand for? alpha ----- Original Message ----- From: "Tim May" <tcmay@got.net> To: <cypherpunks@lne.com> Sent: Saturday, November 17, 2001 10:00 AM Subject: CDR: The Crypto Winter

Alternative Subject Name: Decline and Fall: Crypto without politics is just applied number theory

This will be a long article. Fair warning.

Also, I plan to reply only to folks who make a serious effort to debate. Folks who chime in with inanities or with "Another C-A-C-L rant!" will of course just ignore. I don't expect much discussion, though. For the same "lots of reasons" I mention many times below. Still, I wanted to make these points even if only six of you are worth responding to.

On Saturday, November 17, 2001, at 12:10 AM, Declan McCullagh wrote:

...

On Fri, Nov 16, 2001 at 10:31:24PM -0800, Petro wrote:

...

Part of the energy in those days was people pushing in to vastly new territories, figuring out how to solve the hard problems--and there were a whole bunch back then. There are still lots of hard problems, but they come in dribs and drabs, and often one of these new problems can be reduced to one or two old problems--which isn't nearly as interesting.

I may have started reading the list in 1994. To add something to the above: Also in the early days, folks were still thinking through the implications of the technologies, the future was a bit sunnier than it is nowadays, and there weren't quite as many (this may be just wishful thinking) loserflamers around. In addition, the FBI and Secret Service and TIGTA and whatnot hadn't been interrogating and arresting list members.

There are many reasons/factors for the decline. Few would argue that the decline has been a many-year process. As I lack the energy or will to write a detailed essay (which is one of the reasons...), I'll summarize a few basic reasons:

1. The newness issue. Even before the list/group started, finding new and amazing implications was so easy that we were able to figure out a bunch of things before the official crypto community noticed them. Early list messages were often about these implications. Hal Finney, Eric Hughes, Duncan Frissell, and a dozen others were all actively debating these implications--years before the "crypto press" started reporting them, years before even apologists for Big Brother started denouncing them. The newness has shifted. I'll come back to this issue again.

2. Fewer infusions of new blood. We had some good infusions of new blood in the 1993-95 period, including people like Lucky Green, Declan McCullagh, and Greg Broiles. In the past couple of years, fewer creative contributors have arrived. We had a guy from Germany, whose name I have spaced out on, but he showed up at ZKS (another point I will get to in a moment) and hasn't been active on the list in a long while. In the last year or two, David Molnar stands out as a new and innovative contributor, but I believe his is now involved in a start up in NYC and so he doesn't post here often anymore.

A couple of apologists for Big Brother have arrived (George@Orwellian, whom I am tentatively assuming is the same as the frequent Nomen Nescio user: a leftie who rants about the evils of ideas here), a couple of agent provocateurs have arrived, and several infantile flamers are still here.

[Note: Related to this point and the one following below, we had a _huge_ number of students and grad students active on the list in the early years. "Wired" did a big piece on Cypherpunks in their second issue, and "Wired" was still cool in those years. A surge of subscribers hit the list in 1993. And Clipper was much in the news. Many of those students contributed provocative, anarchist-leaning ideas. Many went on to get jobs in industry, even in crypto and security. Some went to Microsoft (Matt Tomlinson, I believe, and possibly Wei Dai, though I could be wrong), some went to Netscape, some to RSA, and so on.]

3. The commercialization of crypto. This has been a plus and a minus. On the plus side, several startup companies have drawn heavily from former (or lurking) list members, including C2Net, Digicash, PGP, RSA and Verisign, security consulting companies in the Bay Area, Zero Knowledge, and the security departments of leading dot com and Net companies. Even Mojo Nation, which had about half a dozen list members in it--not much being heard from it now.

(Remember when three members of the same family were on the list and two of them were essentially Netscape's security department! Remember when at least three key list members worked for Digicash?) The ZKS issue alone took half a dozen of our most significant contributors off the list (for various obvious reasons), including Ian Goldberg, both Adams (Back and Shostack), and some others. And when ZKS recast itself a year or so ago as some kind of "consulting company" (??) and then when they recently dropped the Freedom remailer/proxy service, things took another steep decline. Even if these former list members end up leaving ZKS, as would seem likely, I doubt they'll return to our list.)

The effects of the commercialization were manyfold (or is it manifold?) and deserve an entire essay, but here are a few of them:

a) Cypherpunks physical meetings (second Saturday of each month, held in the South Bay 1992-95, held all around the Bay Area after that) became more corporate-focused. Guys at companies often recruited. A kind of rolling job fair.

b) The projects discussed started being more and more about what some particular company was doing

c) I believe some people are much less willing to discuss radical implications and ideas when they think future employers may be reading, or may have access to their posts through search engines. It may be coincidental, but the beginning of the real decline of the list happened at just about the same time the Web was becoming ubiquitous (which has other implications, mentioned later) and as search engines like Deja News and Alta Vista made it obvious that one's words on the list would echo forever.

d) Siphoning of energy. Not a bad thing, but the commercialization of crypto definitely meant that many long-range projects were shifted to short-range. Depressingly, most of the short-range efforts never really went very far. (Between the dot com crash and other things, all we really have is what we had in 1992: basic crypto and signatures.)

e) The mess with PGP. At one point, probably a dozen list members worked at PGP, and we often heard updates from them on new versions. (One of those pluses as well as minuses. A plus that PGP was expanding, and that usage was increasing, but a minus because all it really was basic encryption stuff, so it was fairly boring to spend meetings discussing the details of a version update.) The transfer of PGP to NAI further confused things, and now there are probably fewer PGP users than in 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann at Hushmail, and NAI saying they plan to demphasize PGP....already a moot point.)

[Note: There was a period when using PGP was "cool." Lots of digerati were using it, playing with it. It showed up on "Wired"'s "hot" list. This has changed. Lots of reasons.]

4. The discrediting of "politics." After the first heady year or two of discussing digital money, data havens, dead drops, black nets, tax avoidance, colonization of cyberspace, and so on, some voices began to argue against talking politics. To be sure, the list had always been focused on the "exploitation of crypto for meta-political purposes." Mundane politics about left vs. right was not interesting to most of us. Yes, the list had a strong libertarian focus, but so does much of the Net and so does much of the computer community (with also a lefty/Green/ecobabble contingent out there, though not on this list). Why this is so should not surprise anyone.

The discrediting of politics was correlated to the formation of alternative lists. Lewis McCarthy started a moderated list called "Coderpunks" in which only code and programming techniques was to be discussed. Perry Metger started a moderated list called "Cryptography." Some of the active participants in Cypherpunks did most of their posting on those lists...let a thousand flowers bloom and all. I chose not to subscribe to those lists for a couple of reasons. First, I hate moderated lists where some satrap decides what is OK for me to talk about and what is not. Second, I am much less interested in the C++ coding of Rijndael than I am in discussing digital money and quasi-political issues touching on economics, public policy, social repudiation and reputation issues, etc. In my view, crypto without politics is just applied number theory.

The discrediting is even happening on the Cypherpunks list. It is deeply ironic that people who have never contributed an innovative idea, poitical or technical, are hectoring us that "Cypherpunks write code!" (Having been involved since the Ur-Cypherpunk days, I know precisely what that slogan means, and it _doesn't_ mean what many think it means.)

5. The resurgence of politics and law. Strangely, despite the above discrediting, politics and law became _more_ of the focus of the list! How could that be? Here's a partial list: Communications Decency Act, the Bernstein case, crypto export laws, ITAR, European plans to regulate crypto, Napster, copyright, the DMCA, and on and on. Despite the "Cypherpunks write code!" pseudo-mantra, more and more physical meetings were devoted to hearing from various spokeslawyers representing the EFF, EPIC, CDT, and other lobbying/litigating firms. More and more list members muttered about going to law school...and some did.

(Not to besmirch the reputation of Greg Broiles, who was already well-along in law school before beginning to contribute many fine

On to another major, possibly _the_ major, factor:

5. The boredom factor. As Declan and Petro have noted, the ideas are not new. The same reasons that made the 1992-94 period so heady also mean that later developments are usually just revisitations or rediscoveries of the "nuggets" found in the early years. This is like any new field: the early pioneers find gems and nuggest lying on the ground, lots of low-hanging fruit. (To mix some metaphors.) Later arrivals find the low-hanging fruit gone, the richest veins of ore already mined.

(I have not given up. There are amazing things yet to be done. I had a stimulating discussion with some computer pioneers last weekend and am redoubling my own efforts in my "ontology" project I have occasionally mentioned.)

The "read the archives!" advice often given, especially by me, is only to be expected. When literally tens of thousands of articles, some of them very long and detailed, have already been written on core topics, why should any of the "old-timers" spend an hour writing an essay to educate a newbie who is unwilling to even spend a few minutes with Google looking for already-written articles?

(And many of the newcomers are shockingly ignorant of even the basic definitions and ideas, ones that have been written about in full-length articles. My own chapter-length essays outline the basics and have been included in recent books like "Building-In Big Brother" (Ludlow), "Crypto Anarchy, Cyberstates and Pirate Utopias" (also Ludlow), and the forthcoming "True Names and the Opening of the Cyberspace Frontier" (Vinge, Frenkel, others). Any search on the keywords so common on our list will turn up full-length articles, as well as the "Cyphernomicon" mega-FAQ I spent (wasted?) about a year of my life working on.)

6. The failure to get true digital money. Call it what you like, "digital cash" or "ecash" or even one of Hettinga's pet names, but the fact is that for both political and technical reasons we don't have digital cash. This has ripple effects for nearly all of the constructs which depend on digital money: data havens, good remailers, black nets, beacons, and of course for certain sociopolitical implications of untraceable transactions.

Without this basic building block, we are left just with the "privacy" stuff...and the privacy stuff is both fairly boring and at the same time wrapped-up in legal/political baggage about secrecy, hiding things, etc. Boring!

Why digital money has not happened is still an interesting topic to discuss. I described the two axes of "value of untraceability" versus "cost of untraceability" in an article I wrote a few months ago. I characterized the "millicent ghetto" that most companies have concentrated on, and the fallacy of the "one size fits all" pricing models.

Now, given the events of 911 and the rush to control the Net and to impose new and unconstitutional limitations on what people can do with their own money, the likelihood of a quasi-visible digital money operation like Mark Twain Bank setting up seems to be nil.

Money-laundering laws, and the attempted crackdowns on "hawalah" exchanges, will mean any digital cash effort will have to be done beyond the margins of the law. Maybe for something with no identifiable nexus, something beyond even what Gnutella and Freenet are doing. Beyond Morpheus/Music City, beyond Mojo Nation, beyond _any_ of the current P2P efforts. (By the way, the only book that I know of on Peer-to-Peer computing has references to the pioneering role that Cypherpunks played, in remailers, in screen-saver code crackers, etc. Look to the archives from 1992-94 and one will see most of the P2P issues covered, from the point of view of distributed, agoric models, black markets, etc. My own BlackNet, 1988, is obviously a P2P model.)

This failure to get workable untraceable digital cash (true 2-way untraceable, not the bastardized, banker-friendly, government-friendly one-way untraceable form) is the _deep_ reason things are stagnating.

And we are not alone...

"How to make money off of these ideas" is the fundamental reason the dot com crash happened. Absent efficient digital payment systems, and absent strong cryptographic constructs to build cyberspace structures, just about the only working model for funding all of these dot com things was "online advertising." That, coupled with scads of companies all figuring they would dominate their markets.

I'm concentrating here on the online digital services companies, not so much the "clicks and mortar" companies trying to sell dog food over the Net (yeah, the pets.com and boo.com companies failed, but in their cases the Net was just another communications medium for basically a mail-order or phone-order business). More interesting are why the crypto-related companies are failing. People just aren't paying for digital signatures, encryption, and other "Cypherpunkish" things.

This doesn't surprise me at all. But, I see that I am drifting away from my intended brief listing of reasons for the decline and am instead moving into something that should be saved for another article.

In closing, the long-term prospects for our ideas are still bright. The "degrees of freedom" (multiple senses) still mean that crypto anarchy will likely triumph over central control. But we probably are facing a "crypto winter" lasting at least 5 years, and maybe much longer. The moves to expand wiretapping and surveillance, the Carnivore boxes, the rapid move to reduce civil liberties in the wake of 911, the calls by various European and Asian countries to crack down on use of the Net, and the draconian restrictions on money....all of these things will make it very difficult to establish Cypherpunks technologies.

Maybe a collapse will come, maybe P2P will sneak these ideas in through the back door (*).

(* as might well have happened sooner had Napster _started_ in a distributed, no nexus sort of way instead of starting as a central file server with a huge "Sue me!" sign painted on the roof of their San Mateo offices)

The thing I would advise folks to do is to not think about getting rich. Those who lust after the riches of an IPO for their Digital Signature Datawhack, Inc. startup are probably heading for crushing disapppointment. "Do what you love and the money will follow" is still good advice.

And working on the interesting stuff, even if it doesn't appear to be "commercial," will probably be where the commercial things of ten years from now come from. There are so many examples of this from past years that I can't begin to list them here.

Well, now I'm again moving afield into career advice, so I'll stop here.

Best wishes,

--Tim May "Gun Control: The theory that a woman found dead in an alley, raped and strangled with her panty hose, is somehow morally superior to a woman explaining to police how her attacker got that fatal bullet wound"

on Sat, Nov 17, 2001 at 01:36:32PM -0800, alphabeta121 (alphabeta121@hotmail.com) wrote:

what does C-A-C-L stand for?

Crypto-Anarcho Capitalist Libertarian, per archives. Shorthand for a common, if not prevailing, political viewpoint among active listmembers. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html

On Sat, 17 Nov 2001, David Honig wrote:

At 03:15 PM 11/17/01 -0800, Karsten M. Self wrote:

...

on Sat, Nov 17, 2001 at 01:36:32PM -0800, alphabeta121 (alphabeta121@hotmail.com) wrote:

...

what does C-A-C-L stand for?

Crypto-Anarcho Capitalist Libertarian, per archives. Shorthand for a common, if not prevailing, political viewpoint among active listmembers.

That label is

1. inconsistent (libertarian & anarchy)

Actually it isn't. It isn't equating 'libertarian' with 'anarchy'. They are seperate lines of thought. However, they do share some fumdamental goals and world views. A shared set that sets them apart from other approaches to social engineering (eg socialism, democracy, etc.). In particular they believe that economics is the 'end'. Other segments see it as a 'means' or 'mechanism'. It is a critical distinction when it comes to deciding for whom a society exists and how 'benefit' should be measured. C-A-C-L's would let people die from thirst before interfering in a 'free market'. Others would say screw the market and give that man a drink.

2. redundant ('capitalist' and libertarian)

Not congruent.

3. nonsensical --cryptography is a neutral technology with debatable social consequences

Technology is 'neutral' only within in a 'pure' context. The instant 'psychology' gets injected, as in 'how do I use this?', all bets are off. Technologies have consequences. The failure of most is in not realizing the only hope is to discover and distribute as fast as possible. Anything else leads to failure of the system. However, as I've said above, it isn't crypto that they share a common thread on. The social consequences of crypto are debatable only because it's still a baby...

4. one poster's label; and anyone can post here

More an observation of shared motive of a particular segment of the other posts (who self-apply these labels mind you). -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Capitalism is a natural result of free people.

The ultimate argument. Like in "natural" and "unnatural" sex .... ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1

On Wed, 21 Nov 2001, David Honig wrote:

At 07:56 PM 11/20/01 -0800, Morlock Elloi wrote:

...

...

Capitalism is a natural result of free people.

The ultimate argument. Like in "natural" and "unnatural" sex ....

Hardly dogma; look at history.

Yes, look at history. Many if not most reasons for war and such were not, and are not 'capitalism'. Econimics is NOT the root of human motivation or desire.

Unhindered by social engineers/violence monopolists, people used tools (capital) to increase productivity.

Yes, by creating societies with consequences for those who don't conform. The reality is that one can't escape 'coercion'. Can't be done. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

You're confused. The ability of individuals acting in their own interests does not deny the ability of a collection of those same individuals from working towards mutual benefits. Nor does it deny others who are not acting in those same interest from benefiting from their work. What objectivists object to is being bent over to whim or "needs" of others. You can't reward need. You can reward work. To take this to the other list that you're on (psychohistory), go and find yourself this book: Emergence: The Connected Lives of Ants, Brains, Cities, and Software by Steven Johnson. Amazon should have it. It shows (as an example) that individual ants don't act on a central command. There is no ant government, no ant leadership. Rather ants work by a very simple set of rules that are individual rules, but their actions form a huge collective effort. Unlike socialism or communism (in practice not in theory) there is no need for central authority. The same is true according to this book of slime mold cells, who work as individuals, however at certain points, they merge to become one single being. While I'm not comparing humans to ants, nor to slime mold cells -- don't even attempt to make that connection, the lesson here for you to learn is that individual action performed in the self interest of the individual, when integrated over a large population shows emergent behavior, and is beneficial to most members of the group. You don't need socialism, communism, fascism or religion in order to help others out. The drives to survival and self preservation allow us humans to act together in common interests. As is does ants, most types of bees (termite bees for example aren't social.), etc. For example, mailing lists that are nothing more than a forum for the exchange of ideas allow for positive communal results. I would point to something like bugtraq for example. In terms of security, there's nothing out there that has done more to help users of buggy software by simply reporting that in fact Company M's product W, contains bug X. Another example: The NTLK (Newton Talk Mailing LisT) provides a very good forum for users of the killed off platform. In fact, it has provided excellent support to the point of the creation of new software that did not exist when Apple did support it such as BackTalk (which allows Newts to beam to Palms and vice versa), and ATA card drives allowing Newton owners access to cheaper PCMCIA cards. In each of these mailing lists, each actor runs their own algorithm and is interested in self gain, yet, by having common goals, even without a central authority, they are able to achieve goals that as individuals they would not be to. When someone makes up their mind to take care of themselves and their interests, they are not preventing another from doing the same. When someone puts a gun to your head and tells you to "hand over your valuables, then bend over and grease up", that's "Freedom for me, none for you." When someone is minding their own business, working in the pursuit of liberty and prosperity, they are saying "Freedom for me, and freedom for you." When someone says "You have to do as I say" others will say "fuck off" When that someone pulls out a gun, it's no longer freedom for you and freedom for me. It's "I own you as long as I put a gun to your head and you can't do shit about it if you can't fight back." When someone says "Help me, I'm starving" that's not an order. You are free to chose to ignore or help that person. If you chose to help them, you did not deny them their freedoms. If you chose to ignore them, you also did not deny them their freedoms. Back to the subject of ants. I suppose you've never heard the parable of the ant and the grasshopper, yes? If you had, this would be far clearer to you why the communism or socialism that you suggest doesn't work. To paraphrase it: All spring and summer long, the ants worked hard and harvested food. Meanwhile the grasshopper played his fiddle and enjoyed himself, but did nothing to secure his own future. Then winter came. The ants had food and warmth because they worked all spring and summer long. The grasshopper however was starving and froze to death. Should the grasshopper have been allowed to share in the ant's hard work after doing nothing all spring and summer long? If so, then why should the ants have worked so hard just to allow the grasshopper to be a burden on them? If so, why should all the ants have to work? Maybe they can take the grasshopper's example, and they can be lazy and find some other creature to mooch off of... What happens when there is no one left to do the work? Or should the grasshopper have done as the ants? Assuming the ants said "Fuck off" Who is responsible for the grasshopper's death? The ants who didn't share their food? Or is the grasshoper responsible for his own failures. Did the ants decide the grashopper's fate? Or did the grasshopper decide his own? Did the ants force the grasshopper to not set up a nest for himself away from the cold, or prevent him from collecting food? Or did he act on his own? In terms of morals, why are in your view the ants evil and the lazy grasshopper good? Since the ants did not actively interefere with the grasshopper's day to day modus operandi one way or another, why would you claim the ants are morally responsible for the grasshopper's death? Who decided that the grasshopper should not provide shelter and food supplies for himself, but rather play all summer long? Did anyone other than the grasshopper prevent him from harvesting and planning for winter? Now then, what's this about "freedom for me but not for three?" ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Mon, 26 Nov 2001, Jim Choate wrote:

On Tue, 20 Nov 2001, David Honig wrote:

...

At 09:19 PM 11/19/01 -0600, Jim Choate wrote:

...

C-A-C-L's would let people die from thirst before interfering in a 'free market'. Others would say screw the market and give that man a drink.

No, a libertarian would say "screw anyone who'd initiate force against me to make me to do this" and then make his own decision.

Hypocrite. In 'making your own decision' you in effect remove any moral or ehtical framework from your decision. In fact you are acting upon 'freedom for me, but not for thee'. Why? Because you have set yourself up as the decider of another fate. Your feelings about letting others make those sorts of decisions for you are clear.

Or do you hold that 'self-defence' applies only to libertarians?

No, the only solution in Faustines 'survival situation' is to create a neutral 3rd party that is responsible to all participants. It is not ethical, or workable, to allow each and all to go their own way.

-- ____________________________________________________________________

Day by day the Penguins are making me lose my mind.

Bumper Sticker

The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Tue, 27 Nov 2001, Thomas Lyon Gideon wrote:

The point about emergent behavior is excellently made. A corollary that occurs to me is that one of the prime motivators in the emergent quality of human society may well be the pursuit of non-zero sum games.

Of course people want to take advantage of others. This realization is what is behind the CACL objection to 'government' (which after all is an emergent behaviour - ponder that one for a moment and your thrill may fall away quickly). Their failure is recognizing that the 'government' is itself an emergent behaviour (albeit an intentional one now - one can't really speak to how they first came about, it very well could have been very ant-like with respect to large family groups).

This assumption is based on my reading of Robert Wright's _Non Zero_. I think Sunder hits this on the head as well when he goes off about how self interest does not necessarily harm others, that as humans we are not typically bound by win-lose scenarios. Rather some behavior may result in poor or no gains on a societal scale and others may result in increased benefits for all.

Actually it isn't a well made point at all. To compare programmed behaviour and biological caste systems to a bunch of humans with self-referential views is the worst case of begging the question. He's certainly made a hypothesis, no evidence has been forthcoming for it and there is a very large body that would argue against it. In addition, emergent behavior may or may not actually help the individual components of the population. Remember the concept of 'evolution'. To get the ants and bees we have now required a bunch of ants and bees which didn't survive because their programming didn't work. It's also worth noting that the understanding we have of emergent systems are for reletively simple systems. Something that can't be said about any group of humans irrespective of size. This 'evolution' argument could actually be used against CACL theories because governments didn't always exist, at some point they emerged. Sunders comparison is fundamentaly flawed, the only thing he hit on the head was himself.

In this light, seemingly altruistic behavior can be re-interpreted as banking favors against future need. One of Wright's better examples is the practice in certain tribal societies of giving away excess food. Usually the food wouldn't keep long, anyway, and by helping a neighbor out today help is usually secured against future need when a neighbor may be the one with the excess.

Altruistism is cloaked self-interest. The only reason one helps another is because at some level it helps themselves (you can talk about % of genes passed to next generations, getting laid after the prom, or you can talk about helping another buy a car and getting rides as a result - makes no diff). -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Tue, 27 Nov 2001, Sunder wrote:

Um, I'm not sure I can follow Choatatian Prime logic here. Where did Thomas's posting state that "of course people want to take advantage of others?" Then again, it doesn't matter at all.

non-zero sum games. <sigh> -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Saturday, November 17, 2001, at 05:49 PM, David Honig wrote:

At 03:15 PM 11/17/01 -0800, Karsten M. Self wrote:

...

on Sat, Nov 17, 2001 at 01:36:32PM -0800, alphabeta121 (alphabeta121@hotmail.com) wrote:

...

what does C-A-C-L stand for?

Crypto-Anarcho Capitalist Libertarian, per archives. Shorthand for a common, if not prevailing, political viewpoint among active listmembers.

That label is

1. inconsistent (libertarian & anarchy)

Not necessarily. It is argued both that Libertarians are chicken-shit anarchists (afraid to take the last step) or that Anarchists are just extreme Libertarians. Also, keep in mind that there are many "anarchist" philosophies, in fact almost as many as there are anarchists, and all of them (well most of them) have rules or laws.

2. redundant ('capitalist' and libertarian)

No. Libertarians are for "free markets", which are inherently capitalistic in nature, but the reverse is not true. There are many *wealthy* capitalists who are all for strongly regulated markets and high barriers to entry. One could argue that they are not Capitalists.

3. nonsensical --cryptography is a neutral technology with debatable social consequences

The "Crypto-" part of "Crypto-Anarchist" may in fact have nothing at all to do with cryptography.

4. one poster's label; and anyone can post here Your milage may vary.

Not by much. It's almost always between 48 and 51 MPG. -- "Remember, half-measures can be very effective if all you deal with are half-wits."--Chris Klein

On Wed, Nov 21, 2001 at 08:46:18PM -0800, Petro wrote:

Not necessarily. It is argued both that Libertarians are chicken-shit anarchists (afraid to take the last step) or that Anarchists are just extreme Libertarians.

As far as I can tell most libertarians are in favour of an unfettered free market. People who label themselves as anarchists tend to be anti-capitalist. --- Mark Henderson, mch@squirrel.com, mch@informationanarchy.org "Heilir æsir. Heilar ásynjur. Heil sjá in fjölnýta fold." - Sigrdrífumál OpenPGP/GnuPG keys available at http://www.squirrel.com/pgpkeys.asc

At 12:36 PM -0800 on 11/22/01, Mark Henderson wrote:

People who label themselves as anarchists tend to be anti-capitalist.

Except around here, and, frankly, in whole swaths of the internet. Go read read up on David Friedman, and see if you can say what you said above again with a straight face anymore. :-). Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Atheists who claim to be anti-theism are either (a) not atheists, or (b) mis-understand what theism is. If we spend a quality minute in the real world, one or two things of what capitalism is and what anarchism is not will be evident. life without government vs. Texaco

On Sat, 17 Nov 2001, alphabeta121 wrote:

what does C-A-C-L stand for?

Crypto-Anarcho-Capitalist-Libertarian It's the recognition that these approaches to social engineering are united by a shared interest in maximum profit and a failure to take human psychology as a boundary condition. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

6. The failure to get true digital money. Call it what you like, "digital cash" or "ecash" or even one of Hettinga's pet names, but the fact is that for both political and technical reasons we don't have digital cash. This has ripple effects for nearly all of the constructs which depend on digital money: data havens, good remailers, black nets, beacons, and of course for certain sociopolitical implications of untraceable transactions.

Without this basic building block, we are left just with the "privacy" stuff...and the privacy stuff is both fairly boring and at the same time wrapped-up in legal/political baggage about secrecy, hiding things, etc. Boring!

As someone (Bob, perhaps?) says, financial crypto is the only kind of crypto that matters. Other things are interesting and useful, but this is the big one. Let's recap Tim's definition here: the financial crypto we're talking about here is anonymous unlinkable holding of value and untracable anonymous transfer of value. That's what we're talking about. The math and the technology are there, but it hasn't happened, and it isn't any closer to happening now than it was ten years ago. In fact it's even further away from happening. There have been endless discussions of why it hasn't happened, but the bottom line is, various powerful heavily-armed groups (tax collectors and their beneficiaries and many others) would lose literally billions or even trillions of dollars if that happened, so they will put infinite pressure on anyone who tries to do it. If you thought that you were going to lose a billion dollars, what wouldn't you do to stop that, especially if you have the legal power to use deadly force, write laws, and throw people in jail? Therefore, the operators of the scheme need to be anonymous, hidden, or hiding in a cave in Afghanistan (er, maybe that doesn't work anymore). Anyway, there are serious barriers to trusting people who are anonymous with your life savings, and there are serious reasons why such a system may never be stable. So, is there a way to get the system to work? There may be ways, but it's going to be a trick, and until that happens, all the other fun crypto-anarchy stuff won't go anywhere. This list is full of predictions, and here's mine: no anonymous digital cash will exist anytime soon (the next year, or five or ten years). The world goes on the way it always has! If you think back to humans evolving as small tribal groups, certain distributions of behavior were needed: we needed leaders, grunts, artists, craftsmen, risk takers, risk avoiders, freaks, and many other types. We don't live in tribal groups anymore but we still have that distribution of behaviors. Maybe financial crypto doesn't fit into this kind of distribution because it's too great a challenge to too many people. Financial crypto would let people bypass the leader-controler types in many important ways.

On Monday, November 19, 2001, at 10:29 AM, Adam Shostack wrote:

| 6. The failure to get true digital money. Call it what you like, | "digital cash" or "ecash" or even one of Hettinga's pet names, but the | fact is that for both political and technical reasons we don't have | digital cash. This has ripple effects for nearly all of the constructs [...] | This failure to get workable untraceable digital cash (true 2-way | untraceable, not the bastardized, banker-friendly, government-friendly | one-way untraceable form) is the _deep_ reason things are stagnating.

Sad as it makes me, I don't know of any system which allows 2-way untracability and fraud prevention. Can you point me to one? With trustworthy reputation systems, you might be able to get away from this problem. I don't know of any reputation system that I'd trust for a multi-hundred dollar transaction today.

Doesn't the Barnes/Goldberg "moneychanging" protocol effectively symmetrize the untraceability? Even if the protocol is payer-untraceable-but-payee-traceable, the moneychanging protocol makes both untraceable. (Alice-Bob-Charles.) I'm not handwaving here, I hope, but the lack of blackboards and enough time (on all of our parts) to make sure our notation is correct, makes it tough to argue. Folks should go back to several articles written by Ian, Doug, and others. Circa 1996-7, as I recall. Also, some demos as CP physical meetings. There are issues of one party receiving part or all of the items being transferred and then burning the other party. And if the items, whether ecash or software or whatever, require later authorization/turn on to complete the transaction, there are further burning opportunities. (Note that this is not a problem unique to digital cash. There are always prospects for a merchant taking the money and then saying "Bye," or "I already gave you the stuff." Or delivering defective products. This is a kind of "handover deadlock" which, nonetheless, has not halted commerce of various kinds. Even at flea markets, where the sellers and buyers are largely anonymous. I realize that digital commerce systems have higher requirements, for the same (basic ontology of the world) reasons that security flaws in digital systems may be exploited far more rapidly and devastatingly than, for example, a security flaw at my house.) My _intuition_ is that an ecology of agents each exchanging digital money, even if the system in only uni-directionally untraceable, with "anyone a mint," goes a long way toward solving the problem. Squares the circle, so to speak. Throw in escrow agents and intermediate holders, bonded with nyms, and I see no particular reason why two-way untraceability is not feasible. But let me make a meta-point: We know that David Chaum, for various reasons, initially claimed two-way untraceability. We also know that he later emphasized offline clearing and "monitors" to deal with double-spending and repudiation problems. He also appeared to emphasize payer-untraceability (so that Alice could not have her purchases tracked by BobCo Enterprises) and claimed at one point that he could not see any need for payee-untraceability. (I refuted this to his face at a CFP, circa '97, by citing Bob the Seller of Birth Control Information, facing arrest and whatnot if caught selling banned information. This is just one of a huge class of situations where sellers are as much at risk as buyers. David had no answer, saying "Hmmmhhh...I'll think about it," or words to that effect. Him being an obviously very bright thinker, and him having spent many years thinking about these issues, I was and still am at a loss to understand why he would think payee untraceability is not needed.) So, here's the punchline, Regardless of companies trying to make money, not be run out of business by money laundering laws, trying to be banker- and Homeland Fascism-friendly, IS THERE A FUNDAMENTAL REASON WHY TWO-WAY UNTRACEABILITY IS NOT "POSSIBLE." I believe counterexamples have already been developed, showing there is nothing wired into the nature of mathematics that makes two-way untraceability impossible. I'll save these examples for later. --Tim May "As my father told me long ago, the objective is not to convince someone with your arguments but to provide the arguments with which he later convinces himself." -- David Friedman

On Monday, November 19, 2001, at 12:39 PM, Ken Brown wrote:

Tim May wrote:

...

So, here's the punchline,

Regardless of companies trying to make money, not be run out of business by money laundering laws, trying to be banker- and Homeland Fascism-friendly, IS THERE A FUNDAMENTAL REASON WHY TWO-WAY UNTRACEABILITY IS NOT "POSSIBLE."

I believe counterexamples have already been developed, showing there is nothing wired into the nature of mathematics that makes two-way untraceability impossible. I'll save these examples for later.

I don't know if there is. I'll have to think about it. Any train of thought that involves a distinction betwen "seller" and "buyer" is probably going up the wrong track. As is any that involves a distinction between "cash" and "goods?" Yes, I suspect. So we can think of it as barter, but digital barter, so moneychanging *is* a good model. It is sufficient to prove that you can do anoynymous, safe, digital money-changing.

Yes, you are on the same track I am on. Just as there is no real difference between a "buyer" and a "seller" (think barter, think trading songs, think swap meet), so, too, MONEY IS JUST ANOTHER GOOD BEING TRADED. While we think of the crisp $20 bill we got at the swap meet as being more "real" (guaranteed value) than something we get in trade (a radio, for example, which might turn out to be defective...), this is just a matter of degree. Counterfeit bills exist, and swap meets, by the way, happen to be where a lot of them turn up. But I risk digressing... The point is that even Chaumian "coins" (the unblinded numbers, presumptively unlinkable in the usual Chaumian ways) are essentially just goods. A recipient of such a coin has worries: has it already been spent (double-spending issue), will the issuer simply say "No good" (for whatever reason, including a deliberate "take the real money then renege on all redemption attempts" strategy. All money, all currency, all goods, are just "things" with various beliefs about them. And note that many of the "attacks" or "weaknesses" in digital cash schemes are actually present all around us. Examples abound, and could be put into a long list of potential frauds, scams, defaults, etc. Confidence gamers have been using these scams for centuries, longer. Banks have been failing, refusing to honor their notes, their "coins," for just as long. And governments have been looting banks, freezing assets, devaluing currencies. The list of "failure modes" is long. And yet it doesn't stop banks, money, and commerce. All crypto is economics. It's the ecology that matters, not just the absolute perfection of each sub-component. Your questions below need longer answers, but here are a few notes (take them as comments) on each of them:

The full, hard, question then is something like this:

Is there are protocol that allows moneychanging between different forms of digital money that

1) allows complete anonymity to both partners to a transaction, and

If Alice and Bob are "already" in possession of unspent (*) coins (I will use this term to refer to unblinded numbers, dispensing with talk about modular exponentiation, raising things to the one third power, blah blah), then Alice can give Bob 100 of her coins and "get back" 99 of Bob's coins. (His commission for moneychanging, for example.) (* Double spending will be an issue. I claim solutions exist, probabalistically.) Some don't like the mention of "coins." I mean it as shorthand to replace the often-confusing rewrite rules about what the transactions unfold into. Better to think in terms of atomic Chaumian protocols, unless the detailed rewrites matter in a particular case. Or for implementation, of course.

2) provides strong defences against fraud to both parties, and

This is best solved probabalistically, which we use for zero knowledge proofs. For example, I wish to know whether a bank (Bob) is "honest" about redeeming its digital money. I can "ping" the bank by withdrawing digital coins (again, same as "giving them a blinded number, getting back their version, unblinding the number," etc.) and then seeing whether they redeem the coin. As their coins are untraceable to me, I can have someone I trust test them. This is how people test their banks with ordinary cash. (Most don't, because enough others _have_. Banking regulations have very little to do with bank trustworthiness....ask the hawalla banks and their customers.)

3) works well if one partner has much more to lose than the other (& therefore for arbitrarily large amounts) and

Best done by splitting into lots of smaller pieces, pieces which can be used to ping. (Not just to test, but to buy the advantages of being part of an ecology. An issuer who decides to "burn" customers cannot do it for just one particular customer. Your "size" or "more to lose" issue has some interesting mathematical issues connected to with it. "Streams" offer one outlook...no time here to explain. In some of my articles from several years ago.)

4) works without a trusted 3rd party (broker, bank, court, police, godfather, whatever), and

I think third parties play a very important role. They don't have to be police or courts, etc., and it's better that they are not. A courier is a good example. An employee who moves packages, or even does banking. (Couriers are often bonded, the "more to lose on a burn than he makes" point you made. But couriers are also given incomplete knowledge. It helps that a courier doesn't know whether he's transporting $2000 or $200,000. Usual principles. Application to crypto protocols is not obvious, but there's something _there_.)

5) can be relied upon for a single transaction - in other words the partners have no previous knowledge of each other, and need never have a further relationship.

This is always problematic. Even in the real world of real money and real drugs. Drug deals often go bad for this reason. So physical security, snipers in high places, all the usual movie and t.v. drama. Can a system work without deadlock, where Alice makes a good (a song, for example) and Bob does the same (another song)? Sending partial bits out is only a crude engineering solution...both get their songs more or less simultaneously. Note that any system where Alice unlocks her song with a key is no solution at all. (This is often _seen_ as a solution, but bits are bits, and so this solution misses the point.) Note that no digital money scheme solves this problem, either. (Which is why I put in terms of straight barter, with no issues of translation into money even necessary to consider.) I believe, and have believed since 1988 when Dave Ross first suggested it in a discussion a bunch of us were having, that third party escrow services, untraceable to each but having a digital nym, is the optimum solution to this "delivery deadlock" problem. Much has been written, by me and by others, on escrow services.

?

The protocol needs to be stateless between trades. (though not, of course, within them). Everyone comes to the table with no history and leaves it with no requirement to return.

Well, "reputation" is a form of persistent state. The reputation (belief) that a piece of metal is actually gold, the belief that a gold market will exit in 2 hours, the belief in a bank, and so on. I believe the notion that persistent states are not desirable, that only a kind of "purely functional (in the sense of Scheme or ML) protocol is desirable is the ROOT CAUSE of much of the failures talked about here.

Several slightly weaker cases are of course trivially possible, if we allow some pseudonymity, or assume that the transactions are small enough that fraud will hurt neither party.

It is trivially possible if there are repeated pseudnymous transactions, and there is enough time for the parties to build up a reputation.

And this matches how things work in the real world, in all cultures and over nearly all periods in history. Kids learn that money has value by a Bayesian expectation that dollar bills will continue to buy candy. Those with checking accounts establish a Bayesian belief that their checks will continue to be honored so long as they meet expected deposit requirements. Etc. for a dozen other good examples. Why do we expect digital money to be different? (Yes, there are fascinating aspects to one _part_ of the blinding process...but isn't this akin to only focussing on the "untraceable" part of a gold coin and saying that's the only reason money works?) We have been taking a couple of elegant protocols and expecting this to be the monetary system. And when they fail, or fail to get implemented (the real reason), we say "untraceability is not possible." (Given certain flaws in non-digital money systems, would we say that "traceability must be added"? Government thinks so, with money laundering and currency transport laws, and with likely outlawing of cash within out lifetimes. But these are for political reasons.)

Requirement (4) need not be true if both parties are allowed to have a pseudonymous relationship with a 3rd party, but that just gets us back to banking, which is boring.

Not if anyone is a potential bank, a mint. If coins are just another form of bartered "things," and if traceability to a physical true name is not essential for barter (my basic thesis), then look what happens...

It is also easy if only one party is really worried about fraud. Ordinary cash transactions for small amounts work like that already. The shopkeeper doesn't care who I am or, really, if my cash is any good. If I pass him a few dud coins he has lost a tiny part of his turnover. I do care that the goods I am buying are good though. So he has to reassure me of his reliability not the other way round. Though they do care if lots of people start to pass forged coins. If their turnover is high enough they have an interest in the average quality of money, not the quality of any one coin. The system only has to be good enough, not perfect.

Pseudonymous exchange can be achieved by breaking trades down into small increments none of which is significant enough to damage either player. If I'm going to give you a thousand pounds for 1600 dollars we could do it a dollar at a a time and just withdraw - but we know this already so no point in thinking aloud along those lines

First, it is by no means pointless to talk in terms of these smaller sub-trades. It solves many problems. Second, even very high-value transactions can be done with mutually-trusted third parties, even untraceable. (Physical identity is just another credential. Sometimes offered, sometimes not.) Thanks for the interesting comments, yours and Adam Shostack's. It's helping me to dredge up out of my memory some of the good discussions from the early list years and from the 1995-97 years when "everyone a mint" was being discussed a lot. I feel more than ever that the ecology approach, the agoric approach, is the key. --Tim May "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler

On Sat, 17 Nov 2001, Tim May wrote:

and the security departments of leading dot com and Net companies. Even Mojo Nation, which had about half a dozen list members in it--not much being heard from it now.

I don't know about what's happening to Mojo Nation exactly, but it seemed to me that they were focusing on "P2P." Since that isn't doing so well these days, I'm not sure where they are. They were at the O'Reilly P2P conference earlier this month, but I wasn't, so I don't know what was said.

confused things, and now there are probably fewer PGP users than in 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann at Hushmail, and NAI saying they plan to demphasize PGP....already a moot point.)

On the other hand, PGP integration with mailers and OS is further along than in 1996, at least on Windows. I use Outlook/PGP for work all the time. (On Unix, there's premail, some pgp/pine scripts, built-in mutt support, and I'm not sure what else).

efforts. (By the way, the only book that I know of on Peer-to-Peer computing has references to the pioneering role that Cypherpunks played, in remailers, in screen-saver code crackers, etc. Look to the archives from 1992-94 and one will see most of the P2P issues covered, from the point of view of distributed, agoric models, black markets, etc. My own BlackNet, 1988, is obviously a P2P model.)

Our chapter for that book included some of this. In retrospect it didn't include enough; in particular, omitting Ian Grigg and systemics, inc was a particularly bad oversight (and mostly mine). The second edition of the book was recently cancelled, unfortunately. -David

On Saturday, November 17, 2001, at 12:48 PM, John Young wrote:

If you're over 30-35 all your best stuff was done in the old days. After that age you may think you're capable of good work but that's just the voice of experience taking the place

This depends on whether one is entering a new field, amongst other things. And it depends on the field. Richard Feynman, for example, was innovating in many areas well into his 60s.

Newbies scare the shit of of oldies, seeing in them certain disrespect, ridicule, erasure. Even when newbies try their damnest to learn from the oldies the venerable farts can't bear to be used as stepping stones -- as if they never did that, and are not now robbing the newbies under guise of disdaining them.

There's a difference between newbies when a field is new and newbies when a field is old. When the Cypherpunks list started, many of us/them were newbies, regardless of our clock ages. (I was 40 in 1992, thus either disputing or reinforcing your "30-35" point, depending on your outlook.) Some newbies to our list have contributed important ideas. I remember when Lucky Green first started appearing, circa 1994-5. He went from having little background to being one of our most important essayists and actual crypto company contributors. And there's David Molnar, a student at Princeton when he arrived. It's true that I've seen nothing but "Look at me, I'm such a smart grad student!" comments from some of our recent newbies. And comments from lawyer newbies and law student newbies.

Meanwhile the Net geezers are agoing sclerotic heading boards and advisory panels, doing nothing challenging, burnishing each others' reputations, fencing what they thieve from students and prowling the Net for easy pickings.

True for some, not for others. I mentioned Feynman. John von Neumann was another. Many examples of people contributing more or less continuously into late life. The "move into management" is common in all industries, all institutions, so many of them end up sitting on panels and boards, attending special events, and genearlly being distracted from the singlemindedness they could have in their 20s. One of my long-term programming heroes is Dan Ingalls, the guy who invented BitBlt (for windowing systems) and did most of the actual development of Smalltalk. He's still in the thick of things and is contributing mightily. I recently had a chance to spend a few days with him and with other pioneers (Don Knuth, Gordon Bell, John McCarthy, etc.) and they are still doing creative things. Admittedly, for fundamental ontological reasons, the things that made their careers when they were young ("history gets written by the winners") were more earth-shaking than the things they are now doing. I say "ontological" because this is wired-into the structure of how we perceive the world--most people never make any substantial discoveries, a few make one discovery, and far fewer make more than one. For those who haven't made a significant contribution by age 30 or 35, they probably get shuffled off into jobs where future contributions are even less likely. So we tend to see precisely those people who contributed early on, sometimes more than once. --Tim May "The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant." --John Stuart Mill