But unfortunately, the Four Horsemen of the Apocalypse are still there and the government is trying to use them as an excuse right now. How many people saw the articles on the front page of the New York Times about Clipper? Okay. A bunch of people have. How many people saw the front page article in the New York Times about the F.B.I. Digital Telephony Bill? Ah. Fewer people. I'll start with the F.B.I. Digital Telephony Bill, because it's much easier to understand. The F.B.I. is not satisfied with the fact that our phone system is not like the phone systems in Eastern Europe, and wants it to be that way. [Laughter] They want the capacity to be able to push a button in Washington at any time they like and tap any telephone in the country at will. That's basically it in a nutshell. They claim that they need this capability because modern digital telephone systems are becoming increasingly difficult to listen in on. Computer Professionals for Social Responsibility did an F.O.I.A. [Freedom Of Information Act] request on the F.B.I. and managed to get documents which said, "By the way, we know this is a lie but we're trying to get this bill through. So please lobby for it." In fact no one has ever found that they have any difficult tapping the existing telephone systems, but never mind that. They are saying that because of advances in technology they need the capacity to be able to sit in Washington, push a button and listen to any telephone conversation in the country at will. This is of course in order to stop the terrorists, drug dealers, pornographers and child molesters. If they can find some one who is all of those at once I am sure it will make their day. Anyway, at the same time the National Security Agency has been having these nightmares about cryptography so they've gotten the Clinton Administration to front for them on a really, really stupid idea. MALE: Ten copies of the Justice Department announcements, the five press releases from a week ago. PM: Okay. Well, basically what's happened -- maybe we'll pass these out in a minute -- is that this has been in the works for some time and people have been fighting it, and so many people have been fighting it that we thought it was dead, but it seems to have come back from the dead. The government wants you to use their cryptosystems. What they want is they want to give you a little cryptography box called "Clipper" that you can use, so that you don't have to complain that all of your communications are insecure. But Clipper has a built-in bugging feature in it, so that if the government wants to listen in on your communications they can do so. Isn't that special of them? And they expect that everyone in the country will want to use this. MALE: And each one's got a serial number. PM: Yes, yes. The way this basically works is that they store basically the equivalent of a master key to the cryptography system inside -- I'm trying to keep this from being too technical -- essentially every time you use the Clipper chip to communicate with something that also contains a Clipper chip, well, what it does is it includes information about the key you are using in the data stream that it sends to the other machine, and it's encrypted with an encryption key that is known to the government -- to keep everyone nice and honest. You know, we don't want to keep those terrorists, child molesters, pornographers, drug dealers from being able to encrypt things. (Ie: "We're your government. Trust us, we know what's good for you; but we don't trust you.") However, they say that this standard is voluntary. Now if you were a card-carrying terrorist would you use the government's cryptography system, especially if it's voluntary to use it? No. What you're probably going to do is go out and get yourself a decent cryptography system. Hell, if you're actually being armed by the Libyans they probably have nice KGB crypto equipment that they can hand to you. You don't have to worry about going to the store to buy your cryptography equipment. So in general the notion that they can impose this as a voluntary standard for encryption, which you're not compelled to use, is ludicrous, and almost everyone in the community thinks that what they're doing is preparing to try to ban all forms of encryption other than the ones that they specifically approve. So we've got these two interesting government movements right now, the one to make tapping all of your telephones easier and the one to make it easy to decrypt the communications on the telephones that they've made it very easy to tap. I thought that the Berlin Wall had fallen and the Stazi was out of business, but apparently they've all just moved to Washington. [Laughter] It's kind of annoying. But on the other hand, ignoring all of this, they're -- by the way, I'll mention that every industry group, groups like the Electronic Frontier Foundation and Computer Professionals for Social Responsibility, all the trade magazines, everyone on earth has come out saying this is a stupid idea. DM: The 700 Club did a ... PM: The 700 Club actually did a story about how evil the government's cryptography plan is. It's amazing. Everyone and their mother has come out against this, but it doesn't seem to matter. According to an article that's going to be published in next month's "Wired" several administration officials have admitted that this might be their Bay of Pigs, something really stupid that they inherited from the previous administration, which they did, which they're going to push forward anyway full steam ahead. MALE: So whose head's going to explode like a flying -- you know, in Dallas -- as a result of this thing? PM: I don't know. Well, anyway, so -- now ignoring what the government is trying to do to stop cryptography, I'll point out that all is not rosy with cryptography. You can encrypt your communications, you can try to be really careful about all of the dealings you do, and if you try to live, say, purely in an underground economy one day you sit in a caf with the wrong guy and he pulls out his I.R.S. credentials and says, "Can we do an audit, please?" Now it might be difficult for them to be able to spend the resources necessary to try to track lots of people down for abusing this sort of thing. In fact, I would argue that there's no way that they have all the resources necessary to do that. But nonetheless, let's point out you can't do everything in cyberspace. You can't live in cyberspace. You have to live in a home somewhere. You have to go to the corner store to eat. You have a physical body. They can still get you. They can still pass laws to try to restrict your freedoms. Cryptography, however, does make them much weaker in many ways. One of the things that's been pointed out repeatedly is that government feeds on money. The lifeblood of government is money. If they don't have money -- what traditionally happens in a Third- World country that's experiencing hyperinflation? At some point the soldiers discover that their pay no long will buy them food, and they start revolting. Government workers are like everyone else -- well, sort of like everyone else, but [LAUGHTER] -- government workers do have families, they do have mouths to feed. They need to be paid. And when the government tries to print money to pay them the money becomes less worthwhile. So they depend on taxes in order to be able to control people. In an environment where it becomes increasingly difficult to tax activities, it becomes increasingly difficult for the government to exert control over the population. In fact, the more people move into some sort of cryptographic black market, the more difficult it becomes for the government to try to stop it because the fewer resources the government has. It's sort of a vicious cycle for them. They need to have money in order to try to get money, and the less resources they have to -- actually, Duncan, you know this off the top of your head. How many millions of Americans are thought to evade taxes right now? DUNCAN: The Feds say officially there are ten million nonfilers who should be filing, and at least another ten million filers who file incorrectly on purpose. That's out of 114 million personal tax returns filed last year, down from 117 million predicted. They undershot by 4 mil. FEMALE: They had like 900 convictions out of ... PM: How many convictions were there for tax fraud last year? DUNCAN: It's only about three or four hundred a year. PM: In spite of this -- it's very, very difficult for them to expend the resources to try to get a tax fraud conviction. DUNCAN: It costs $50,000 bucks, or -- and then you got to imprison 'em. I mean it costs half a mil or a mil. MALE: Usually there's one other factor, and that is that there's only one Treasury agent per 900 filers. So the enforcement bureaucracy is actually very small. This came up in the debate over the gun issue, where there's a mention of 240,000 gun dealers and about one enforcement bureaucrat for every 240. That's a highly regulated field by comparison with general tax filers. PM: Anyway -- Dave points out that I'm kind of dragging this on, and we should open it up for questions. MALE: ... one other factor that hampers the I.R.S.? PM: Yes? MALE: They've got infiltrators. PM: Oh? MALE: There are people in the I.R.S. who are on our side. PM: Okay. Anyway, if we're done with the major, initial part of the talk -- I think we made some of the interesting --I've missed talking about a bunch of things, like the fact that you can put -- there are all sorts of neat things people have discovered about cryptography over the years. You can play poker with people by computer without having to trust the dealer or any of the other players, and you can mathematically prove that no one has cheated in the course of the game. There are all sorts of neat tricks that cryptographers have come up with over the last few years, and if people -- anyone with a mathematical background, I strongly encourage you to go out and buy a copy of one of the books on the subject. Actually the best book on the subject right now is Bruce Schneier's Applied Cryptography. This is a technical text. If you're not interested in cryptography on a technical level, if you stopped with math before algebra or something -- I'm not trying to denigrate anyone. Some people are not interested in math. There's nothing wrong with not being interested in math. But this is a math book, basically. It's full of math. If you want to know the details, however -- published by John Wylie & Sons. There are some very good books -- it'll be up here. If you're interested in the history of cryptography, David Kahn wrote an extremely good book that only covers the world up to about 1970. He mentions the N.S.A. These were the days before they admitted that they existed, but he has chapters discussing them. The book is called The Code Breakers, by David Kahn. It is still an interesting book to read, because it gives you some idea about how hard it is to produce good codes and how important it has been in history. Most people are completely unaware of the historical importance of secret communications and breaking secret communications. MALE: The British government for about seventy years claimed they weren't breaking any telegrams, and in fact they were taking every one into a room and trying to ... MALE: The N.S.A. lied about it for years, also. PM: The so-called Black Chambers. All through the 19th century virtually every government in Europe had something called a Black Chamber, which was the room into which all diplomatic correspondence coming into and out of the country was brought to be read. Most of it was encrypted, but some countries had pretty good cryptographers. This has been going on for centuries. There is nothing new about this. The only thing new about this is that suddenly world-class cryptography is in the hands of everyday people. Lastly, there's a great book about the N.S.A. that Lou mentioned a moment ago, called The Puzzle Palace by ... DM: Bamford. PM: The Puzzle Palace is, again, about ... (Inaudible; overlap) DM: It's available in cheap paperback. Very good book. PM: Oh, by the way. If you get a copy of The Codebreakers by David Kahn, do not get the paperback. Get the hard-cover. The text is different. The text of The Puzzle Palace in softcover is exactly the same. It's a really good book. It's unfortunately about a decade old, but it covers them in an enormous amount of detail. Most people are completely oblivious to what the largest intelligence agency in the U.S. is. You should inform yourselves. DM: So let's open it up ... PM: For questions. * * * Q: I don't understand the details of Chaum's method of electronic banking, but I thought it required that the bank would issue essentially denominations of bills that were public keys. PM: Are they publicly keys? I could go into the details, but I don't know ... Q: My point is, how do you get this going without the cooperation of a bank? PM: Form your own bank. That's basically the answer. You have a digital bank that issues digital money, basically. MALE: If you have a couple of hundred people you can form your own credit union. PM: In fact there are some people in Texas who are now forming a credit union on the premise that the credit union is going to permit people to make electronic cryptographic transactions. MALE: The problem with this digital bank and any other under-ground economy is that if your digital cash is stolen or if this digital underground economy collapses you will have no recourse in law enforcement, in civil suits or FDIC insurance. PM: Well, first of all -- I don't want to claim that the FDIC is a wonderful thing here, but even assuming that it was I honestly trust AAA-rated Swiss banks far more than I trust any bank in the United States -- or the full faith and credit of the United States government. MALE: Here, here. PM: Which is going down every day as the deficit increases. Q: But who issues digital cash? PM: No, the point is that you cannot steal digital cash. It doesn't work that way. You can -- now the bank can defraud you. You admittedly have to trust your bank. However, you cannot really steal digital cash. It doesn't work that way. MALE: It's protected using encryption. It's very complicated. Q: Are you claiming that Virtual Virtue has been invented? PM: No. I'm claiming cryptography has been invented. It does not -- the bank can defraud you. Someone cannot steal your digital cash. Q: Why wouldn't this be an attractive notion to most Americans, and subsequently why would this seem to be a scary notion to the government? PM: I will explain it to you right now. In this city, most people think that most people comply with the tax regulations and with Federal regulation. New York City is one of the most fascistly-run places in the United States, so it would not be surprising that we have the most thriving underground economy. Go downtown to Chinatown and you will find building after building after building of off-books businesses: clothing manufacturers, import-export businesses, everything you can imagine, being run in a completely underground manner. The garment industry would not exist in New York City if it was not for the underground economy in New York City. Okay, forget what middle-American people will do. The underground economy already exists, and this sort of thing is going to move forward and there's probably going to be demand from people who are already in it. As for the question of "virtue", as I said I would go into the cryptographic protocols in detail, but -- you cannot be robbed of your digital cash from your wallet the way that you can be robbed of real cash. MALE: They can't rob you any more than a regular bank can. PM: It's not actual cash. It's really an anonymous transfer. Q: Doesn't digital cash (?) to the maximum capitalists and fascists, too, or are we just catching up with things? MALE: This is a problem. PM: Whether you like it or not, it's there. The computers are out there. The technology has been invented. It cannot be uninvented. It can't be put back in the bottle. There are tens of thousands of people in this country who understand how to build these things. At this point it's impossible to stop it. So whether you like capitalism or don't like capitalism, whether you like technology or dislike technology, this is a reality. I would advise personally that you try to use it to your benefit. Perhaps other people have different opinions. That's what I would think. Q: A two-point question. First of all, have you seen the article in the Humanist(?) about digital cash? PM: I'm afraid I have not. Q: Have you? DM: Can't say I have. No. Q: Okay. Secondly -- now the promo for this talk says it'll make the State a thing of the past. PM: I think that's something of an exaggeration. DM: Basically what we're talking about, and it remains to be seen how far it's going to go, is the withering of the State in the sense that governments can no longer say -- now they can say we won't let this book cross our borders, you can't do certain kinds of financial trans-actions, you're not allowed to read this stuff, you're not allowed to make bootleg copies of this record. All this stuff is going to be going on more and more, and it's unstoppable by the government. So in other words, a lot of these laws are just unenforceable, superfluous, as this stuff starts travelling over the Net in encrypted forms. MALE: That's victory to some extent. DM: Right. PM: Oh, yes. It is very much -- it's sort of the exponentiation of (?). As soon as you allow in -- the Chinese discovered this at Tiennamen Square. Fascists and totalitarian governments and Communist governments have known this for a long time. You want to keep the copy machines in your country as difficult to get to as possible. You want to keep the telephones difficult to get to, and make them bad and tap them all the time. You want to restrict the flow of information. One of the things that happened after Tiennamen Square were these informal fax networks came into existence all over China, and within hours people all over the country knew the truth about what was going on. Information from satellite broadcasts and from foreign radio stations got in and swept over the country. This just compounds that problem. If you're going to take part in the modern world, if you're not going to be like Albania, you're going to have to allow in the Internet. As soon as you allow in the Internet, people are going to start exchanging data. As soon as they start exchanging data some of that data might be encrypted, and you have no way of knowing what it is that they're bringing in or putting out. You can't control it, not short of controlling every single computer that exists in your country. Q: Has there ever been a case where the government has broken the code and ... (Inaudible; overlap) PM: In the thirties all the time. Bootleggers would use primitive cryptographic systems to communicate with each other and would get hauled into court. In fact Kahn's book, The Codebreakers, talks a lot about this. You bring up a very important point. Not all cryptography is good cryptography. The program WordPerfect is really popular out there. It has a little function that will let you save an encrypted version of your file. It's totally useless. With a couple of milliseconds' worth of work, another program can just break that wide open. You need strong cryptography. Just any cryptography won't do. Insist on -- but in the past very often people using secret codes for communication have been hauled into court by the United States government. It's happened. Q: Were they drug dealers? PM: In Prohibition they were drug dealers. Yes. Q: Recently. PM: Recently, no. It has not happened recently. One of the things that's very strange is that more of them are not using cryptography. There are companies in the U.S. that will sell you commercially phone scramblers that are really, really good. MALE: [INAUDIBLE]. I'm not sure who is reading my mail. It takes a lot of effort to do something, to cause anarchy to happen, and everyone would have to be involved, and I don't see that there's any payback. PM: I disagree for the following reason. First of all, the people who know these programs are reasonably smart, and most of them are actually talking to each other right now. And there are real attempts made to try to make sure that they all communicate with each other fairly well. This is intentionally so that people do not face the question of having: "Well, I've got Encryption Program A and you've got Encryption Program B. Yes, we can talk." One of things also by the way in public key is that it makes it easy. Just so long as I know that you're -- Duncan can give you two disks. If you want you can just throw one at one of your friends. Hopefully he'll catch it and it won't hit the floor. And you don't actually have to communicate with each other in advance or communicate with any of your other friends in advance in order to exchange information. You just have to have compatible software. And the marketplace is taking care of that, because people want to communicate with each other. MALE: But it is not anything the government can't regulate. I know you say that it can't, but you can regulate it that kind of stuff. PM: They can try to stop it. MALE: I don't see any way [INAUDIBLE] ... MALE: It also benefits me. I may consider that I benefitted from breaking Midway(?) codes or Atlantic codes or whatever it is. [INAUDIBLE]. PM: Well, there might be benefits to you, but unfortunately it's -- whether this is fortunate or unfortunate in fact, it's not your choice. It's not up to me, it's not up to you, it's not up to anyone. The cat's out of the bag. MALE: It's not. PM: Oh, yes, it is. Anyone can buy a copy of this book. MALE: I can get anything I want off your computer. Anything I want. You send any kind of electronic mail, I can get it (?). PM: How? MALE: There's always a way. PM: No. I'm an electronic mail administrator. There are ... MALE: I can use a rubber hose cryptosystem. PM: Yes. Admittedly. I can come up to you and I can beat you up. At which point what does it matter? MALE: I can change your computer so it doesn't -- I can monitor your keyboard, watching you type. I mean there's all these ways. It's not a question of [INAUDIBLE]. PM: It becomes very rapidly prohibitively expensive ... (Inaudible; overlap) DM: There's a question of how much it'll cost the government. There are estimates that if the N.S.A. used every computer they have and they ran it for eighty years nonstop, they'd be able to break -- you know, it's like angels on the head of a pin. I mean ... PM: He points out very correctly that if they're willing to spend enough money they can monitor -- they can break you. On the other hand, it's extremely expensive for them to do that and cryptography is really cheap. In fact if you have a computer already cryptography is absolutely free. Now admittedly, computers are not absolutely free. But anyone who has a computer right now, anyone who has a computer right now can communicate with anyone else who has a computer right now securely, securely enough that what they spent a couple of hundred dollars setting up the government will have to spend tens of thousands of dollars trying to go after. MALE: It's actually millions probably. PM: Not necessarily. If they come after you with rubber hoses it might be relatively cheap ... [LAUGHTER] MALE: Forty dollars. PM: You say things like, "Well, I have to coordinate these things, and I have to come up with..." Yes. Admittedly you have to have standards. But remember, most people in the world who do technical stuff very naturally try to follow standards. You won't go to the average telephone store and buy a telephone that does not plug into your wall, and that's not because they particularly like you or they particularly like modular jacks; it's because they want to make sure -- because they know that if you buy a phone that doesn't plug into your wall -- well, you won't buy a phone that doesn't plug into your wall. Put it that way. DM: Perry, you know, keep in mind that a lot of this stuff is the ground floor. It's square one, whatever, and the idea is to let people know what's going on, let people know what the problems are, let people know what the solutions are now, and maybe five years from now -- again, the problem I sort of hinted at before was that because it's still early the government's trying to do things like slip in the Clipper chip and stuff to prevent these things before they happen. It's just important for people to know about this stuff. As time goes by new systems, new software, will have all this stuff built into it and ... MALE: You won't even know you're encrypting. DM: Yeah. Q: What about the falling price of processing power? PM: Well, this has two interesting effects. There is an extent to which this makes it easier to crack codes. However, not as much as you would think. Q: What about lengthening the number of digits in the prime that you ... PM: We won't get into these details, but basically one of the features of things like public key cryptosystems is that if you have twice as much computer power lying around you can encrypt things much more securely using the same amount of time and it takes exponentially longer for the people who are trying to break what you've done. MALE: Not only -- as processing power falls -- it is cheaper... PM: It becomes faster. MALE: As the specific cost of processing falls, of processing power falls, it becomes progressively cheaper to use longer and longer keys, which cost more and more time ... FEMALE: Witfield Diffy says to use three crypto scans ABA. PM: Well, that's DES. Never mind. We're getting into details that we shouldn't, probably. MALE: The point is the cheaper ... PM: As computers get cheaper, it will become harder for them to break codes using non-rubber hose techniques. That's true. MALE: Decryption becomes more costly. DM: Steve, in the back. STEVE: First of all, it's been very interesting subject, thanks but I'm goin to rain on your parade... A couple of things come to mind. [INAUDIBLE]. One thing of course is the issue of acces. Most of the population doesn't have access to the equipment, and certainly if they have access to the equipment have very limited knowledge, and really it winds up ... [INAUDIBLE] ... being a very small group of individuals. [INAUDIBLE] ... If we're talking about this in the context of -- this is creating a new, nonauthoritarian society, that can't be done by a small group of individuals acting through an Internet or electronic data process. It requires a [INAUDIBLE] social organization. You know, you mentioned Tiannemen Square. Well, the efforts [INAUDIBLE] ... You get an Army that is willing to repress the rest of the population for the resources of the rest of the population. As long as that happens ... [INAUDIBLE] ... One other thing I should mention, when we talk also about the issue about people pulling out, about the underground economy -- one you mentioned, the underground economy of Chinatown. I'm not sure [INAUDIBLE] ... exactly a model we'd want to impose for the rest of society. Suppose you get a lot of people to stop paying taxes [INAUDIBLE] ... without an overt social organization when sanitation services collapse and social services collapse -- unless you're [INAUDIBLE] ... It comes back to ultimately what anarchy