Lucky Green writes:

When I joined the Cypherpunks mailing list some years ago, few people even considered a legislative fix to the crypto issue. After all, crypto-anarchy is incompatible with the legislative process. Cypherpunks couldn't care less what happens in DC. They are banning crypto? What else is new?

Cypherpunks know that governments do not like crypto. As crypto-anarchy spreads, they will like it even less. The attempt to get governments to sanction crypto is therefore futile. In the end, all non-GAK crypto will be banned.

But who cares? Cypherpunks write code! We know that we need to get the tools out. Deployment wins.

So let's not get hung up on the events in DC. Don't call your Senator. Don't waste time reading "policy posts". Write code!

We have monumental tasks ahead of us. Anon remailers exist today. A way of reliably receiving anon email will be deployed this year. Web anonymizers that truly conceal your identity are in limited beta. Fully anonymous ecash will be available soon. DC nets should be deployed early next year. [But don't let this stop you from working on DC nets. Modern designs only double the message bandwidth. This is very reasonable. We need more implementations].

There is much work still to be done. We need stego front ends for many of these services. And credentials need to be implemened. A task that hasn't even been touched yet.

I've been discussing off-line what I consider a good programming project that would encourage the use of digital signatures and make Usenet more usable than it is now. If anyone wants to donate your time coding, please let me know and I'll tell you what it's about. It's cool. (If and when I find the time to write code for free, it'll be the spambot :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

At 1:02 AM -0700 6/20/97, Lucky Green wrote:

When I joined the Cypherpunks mailing list some years ago, few people even considered a legislative fix to the crypto issue. After all, crypto-anarchy is incompatible with the legislative process. Cypherpunks couldn't care less what happens in DC. They are banning crypto? What else is new?

Well said. And this latest round of laws is just what we expected when Clipper was announced: the concern was never that certain government agencies might have to replace their "STU" machines with a Clipperphone, the concern from the beginning was mandatory use of Clipper-like key escrow systems. (At the risk of gaining another entry in the satires about how I said something long in the past, I wrote a cautionary article in October 1992, 5 or 6 months before Clipper was announced, warning that Prof. Denning and others were "floating trial balloons to ban crypto." How right I was.)

Cypherpunks know that governments do not like crypto. As crypto-anarchy spreads, they will like it even less. The attempt to get governments to sanction crypto is therefore futile. In the end, all non-GAK crypto will be banned.

And the latest bill from McCain and Kerrey is the language pushed by Clinton, so all speculation about whether Clinton will sign it when it passes the Senate and House is moot. Further, the language closely parallels the language we saw recently in the laws floated in the U.K. (remember the "trusted third parties" document?) and in some other countries. That is, this McCain-Kerrey S.909 bill is just the implementation of the OECD/David Aaron/GAK/New World Order/G8 deal to outlaw cryptography use by citizen-units in the various "democratic" nation. It is claimed by some that non-escrowed, non-GAKked, arbitrary strength crypto remains legal for those who don't engage in commerce, who don't sign the keys of others, who don't export, etc. Maybe. Certainly a lot of us will continue to use the versions of PGP 5.x we *IMPORT* from Europe (courtesy of the groups overseas now busily scanning and OCRing the source code exported via FedEx by a Loyal Cypherpunk Who Has Chosen Not to Claim Credit). Certainly we won't be using GAK. But nearly anyone connected with a corporation will probably be told to use a GAK product, to reduce potential liablility and criminality concerns. This is the scenario Whit Diffie outlined several years ago at a Cypherpunks meeting, that pressures would be applied so as to make corporations and other such organizations the main enforcers of such policies. (No, there won't be 100% enforcement. But enough to have a chilling effect on the development of some infrastructures Cypherpunks would like to see. Certainly any sort of untraceable cash infrastructure will be in almost immediate violation of the M-K bill, as it will be in U.K,, Germany, France, Japan, and all the other OECD/G8 nations. Cypherpunks like us can still "bootleg" some untraceably transactions, but not easily. And forget about wide use. This is the desired effect of these new laws.)

Cypherpunks write code,

OK, my chance here to piss off a few of you: I think the "breaking of DES" challenge was, while interesting, a sideshow. And utterly predictable, to anyone who read the 1977-78 papers on the difficulty of breaking DES. As with many Cypherpunks goals, I've been chagrinned to see so much "backsliding" to lesser, less radical concerns. Recent meetings (that I've been to) have been more dominated by "practical" issues of helping PGP, Inc. out, of getting IETF agreement on some form of 3DES use, and on things like the various challenges of known weak ciphers. To quote Bill Stewart, "Foo on that!" We are losing sight of the deeper issues, in my view. The resources used to break DES, if as many people hosted remailers and anonymizers on their machines, would further Cypherpunks goals a lot more than breaking DES, which we all know was breakable (as we know what "56 bits" means). (No, I will not make the usual error of assuming the resources used in DESCHALL could be switched over to remailers and anonymizers....there are many factors which went into why thousands of machines were volunteered, and many or most of them are not applicable to the remailer situation. But it is important to realize that "breaking DES' will have no lasting effect....ironic, isn't it, that the M-K bill sailed through even despite the same-day publicity surrounding the breaking of DES?) We need to stop treating Cypherpunks meetings as marketing arms of corporations, however "friendly" to us in some respects, and get back to our more radical roots. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

On Fri, Jun 20, 1997 at 10:17:37AM -0700, Tim May wrote: [...]

But nearly anyone connected with a corporation will probably be told to use a GAK product, to reduce potential liablility and criminality concerns. This is the scenario Whit Diffie outlined several years ago at a Cypherpunks meeting, that pressures would be applied so as to make corporations and other such organizations the main enforcers of such policies.

The mistake here is thinking that corporations need pressure. Instead, corporate authority structures are substantially equivalent to government authority structures, and the same desire for control that drives GAK operates within corporations. Thus, corporations are, underneath, eager accomplices, not covert champions of the cypherpunk agend angrily bowing under pressure.

(No, there won't be 100% enforcement. But enough to have a chilling effect on the development of some infrastructures Cypherpunks would like to see. Certainly any sort of untraceable cash infrastructure will be in almost immediate violation of the M-K bill, as it will be in U.K,, Germany, France, Japan, and all the other OECD/G8 nations. Cypherpunks like us can still "bootleg" some untraceably transactions, but not easily. And forget about wide use. This is the desired effect of these new laws.)

Yep, that infrastructure will be chilled. [...]

We need to stop treating Cypherpunks meetings as marketing arms of corporations, however "friendly" to us in some respects, and get back to our more radical roots.

Actually, I think we need to be more clever than that. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html

I saw a part of the PBS VietNam documentary last night, a (North) Vietnamese general explaining that their defense against the folks with helicopters was successful because it was never a purely military strategy, instead always combining the political, the diplomatic and the military. What does this have to do with cypherpunks ? A lot. The recent unpleasantness in Washington, and Brussels, and London has inspired many reminders that "Cypherpunks Write Code". Amen to that -- and we clearly must hurry up and write more code now. But we can and should do more. We have long foreseen that the various Horsemen of the Apocalypse would be used in the sound bite campaign to manufacture support for restrictions on crypto. No surprise then that we see this happening. But there is still time in this part of the battle, and an encouraging ripple effect of some of our own political memes. Many people in the US still remember the abuses of J. Edgar Hoover, of Richard Nixon, or even Clinton's recent abuse of FBI files; and these abuses are often mentioned along with the lowest common denominator explanations of GAK in the mainstream media. Much of the public in the Western Democracies retains a fuzzy belief in freedom and privacy, and a fuzzy skepticism of Big Brother. This is the political part of the battle, and the ranks of cypherpunks include many people with skills in creating memes and sound bites. Some of these may not be coders at all, but they can contribute to the overall strategy by inserting our own memes into the public's consciousness. We may not "win" on the political front alone, but even if the only accomplishment is to delay the inevitable, this is very good in that it allows the coders more time to write code. Such effort is also rewarded as it allows additional intelligent people to understand the issues and to join us. Cypherpunks write memes! Finally, I will touch briefly on the dirtiest part of the effort -- the diplomatic. This has been discussed at length on this list and elsewhere. The efforts by those who lobby and arm-twist and broker deals in Washington, Brussels, London, and other nodes of power, may also contribute to the overall strategy. Again, we clearly will never "win" outright in any such endeavors. But I think it is clear that we again gain time, breathing room, from such efforts -- time in which we may write more code and write more memes. If the lawmakers only hear from the spooks and the secret police, they will pass their bad laws much sooner.