The Crypto Winter

[alphabeta121]

what does C-A-C-L stand for?

alpha
----- Original Message -----
From: "Tim May" <tcmay at got.net>
To: <cypherpunks at lne.com>
Sent: Saturday, November 17, 2001 10:00 AM
Subject: CDR: The Crypto Winter


> Alternative Subject Name: Decline and Fall: Crypto without politics is
> just applied number theory
>
> This will be a long article. Fair warning.
>
> Also, I plan to reply only to folks who make a serious effort to debate.
> Folks who chime in with inanities or with "Another C-A-C-L rant!" will
> of course just ignore. I don't expect much discussion, though. For the
> same "lots of reasons" I mention many times below. Still, I wanted to
> make these points even if only six of you are worth responding to.
>
>
> On Saturday, November 17, 2001, at 12:10 AM, Declan McCullagh wrote:
>
> > On Fri, Nov 16, 2001 at 10:31:24PM -0800, Petro wrote:
> >> Part of the energy in those days was people pushing in to vastly
> >> new territories, figuring out how to solve the hard problems--and there
> >> were a whole bunch back then. There are still lots of hard problems,
> >> but
> >> they come in dribs and drabs, and often one of these new problems can
> >> be
> >> reduced to one or two old problems--which isn't nearly as interesting.
> >
> > I may have started reading the list in 1994. To add something to the
> > above: Also in the early days, folks were still thinking through the
> > implications of the technologies, the future was a bit sunnier than it
> > is nowadays, and there weren't quite as many (this may be just wishful
> > thinking) loserflamers around. In addition, the FBI and Secret Service
> > and TIGTA and whatnot hadn't been interrogating and arresting list
> > members.
>
> There are many reasons/factors for the decline. Few would argue that the
> decline has been a many-year process. As I lack the energy or will to
> write a detailed essay (which is one of the reasons...), I'll summarize
> a few basic reasons:
>
> 1. The newness issue. Even before the list/group started, finding new
> and amazing implications was so easy that we were able to figure out a
> bunch of things before the official crypto community noticed them. Early
> list messages were often about these implications. Hal Finney, Eric
> Hughes, Duncan Frissell, and a dozen others were all actively debating
> these implications--years before the "crypto press" started reporting
> them, years before even apologists for Big Brother started denouncing
> them. The newness has shifted. I'll come back to this issue again.
>
> 2. Fewer infusions of new blood. We had some good infusions of new blood
> in the 1993-95 period, including people like Lucky Green, Declan
> McCullagh, and Greg Broiles. In the past couple of years, fewer creative
> contributors have arrived. We had a guy from Germany, whose name I have
> spaced out on, but he showed up at ZKS (another point I will get to in a
> moment) and hasn't been active on the list in a long while. In the last
> year or two, David Molnar stands out as a new and innovative
> contributor, but I believe his is now involved in a start up in NYC and
> so he doesn't post here often anymore.
>
> A couple of apologists for Big Brother have arrived (George at Orwellian,
> whom I am tentatively assuming is the same as the frequent Nomen Nescio
> user: a leftie who rants about the evils of ideas here), a couple of
> agent provocateurs have arrived, and several infantile flamers are still
> here.
>
> [Note: Related to this point and the one following below, we had a
> _huge_ number of students and grad students active on the list in the
> early years. "Wired" did a big piece on Cypherpunks in their second
> issue, and "Wired" was still cool in those years. A surge of subscribers
> hit the list in 1993. And Clipper was much in the news. Many of those
> students contributed provocative, anarchist-leaning ideas. Many went on
> to get jobs in industry, even in crypto and security. Some went to
> Microsoft (Matt Tomlinson, I believe, and possibly Wei Dai, though I
> could be wrong), some went to Netscape, some to RSA, and so on.]
>
> 3. The commercialization of crypto. This has been a plus and a minus. On
> the plus side, several startup companies have drawn heavily from former
> (or lurking) list members, including C2Net, Digicash, PGP, RSA and
> Verisign, security consulting companies in the Bay Area, Zero Knowledge,
> and the security departments of leading dot com and Net companies.  Even
> Mojo Nation, which had about half a dozen list members in it--not much
> being heard from it now.
>
> (Remember when three members of the same family were on the list and two
> of them were essentially Netscape's security department! Remember when
> at least three key list members worked for Digicash?) The ZKS issue
> alone took half a dozen of our most significant contributors off the
> list (for various obvious reasons), including Ian Goldberg, both Adams
> (Back and Shostack), and some others. And when ZKS recast itself a year
> or so ago as some kind of "consulting company" (??) and then when they
> recently dropped the Freedom remailer/proxy service, things took another
> steep decline. Even if these former list members end up leaving ZKS, as
> would seem likely, I doubt they'll return to our list.)
>
> The effects of the commercialization were manyfold (or is it manifold?)
> and deserve an entire essay, but here are a few of them:
>
> a) Cypherpunks physical meetings (second Saturday of each month, held in
> the South Bay 1992-95, held all around the Bay Area after that) became
> more corporate-focused. Guys at companies often recruited. A kind of
> rolling job fair.
>
> b) The projects discussed started being more and more about what some
> particular company was doing
>
> c) I believe some people are much less willing to discuss radical
> implications and ideas when they think future employers may be reading,
> or may have access to their posts through search engines. It may be
> coincidental, but the beginning of the real decline of the list happened
> at just about the same time the Web was becoming ubiquitous (which has
> other implications, mentioned later) and as search engines like Deja
> News and Alta Vista made it obvious that one's words on the list would
> echo forever.
>
> d) Siphoning of energy. Not a bad thing, but the commercialization of
> crypto definitely meant that many long-range projects were shifted to
> short-range. Depressingly, most of the short-range efforts never really
> went very far. (Between the dot com crash and other things, all we
> really have is what we had in 1992: basic crypto and signatures.)
>
> e) The mess with PGP. At one point, probably a dozen list members worked
> at PGP, and we often heard updates from them on new versions. (One of
> those pluses as well as minuses. A plus that PGP was expanding, and that
> usage was increasing, but a minus because all it really was basic
> encryption stuff, so it was fairly boring to spend meetings discussing
> the details of a version update.) The transfer of PGP to NAI further
> confused things, and now there are probably fewer PGP users than in
> 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann
> at Hushmail, and NAI saying they plan to demphasize PGP....already a
> moot point.)
>
> [Note: There was a period when using PGP was "cool." Lots of digerati
> were using it, playing with it. It showed up on "Wired"'s "hot" list.
> This has changed. Lots of reasons.]
>
> 4. The discrediting of "politics." After the first heady year or two of
> discussing digital money, data havens, dead drops, black nets, tax
> avoidance, colonization of cyberspace, and so on, some voices began to
> argue against talking politics. To be sure, the list had always been
> focused on the "exploitation of crypto for meta-political purposes."
> Mundane politics about left vs. right was not interesting to most of us.
> Yes, the list had a strong libertarian focus, but so does much of the
> Net and so  does much of the computer community (with also a
> lefty/Green/ecobabble contingent out there, though not on this list).
> Why this is so should not surprise anyone.
>
> The discrediting of politics was correlated to the formation of
> alternative lists. Lewis McCarthy started a moderated list called
> "Coderpunks" in which only code and programming techniques was to be
> discussed. Perry Metger started a moderated list called "Cryptography."
> Some of the active participants in Cypherpunks did most of their posting
> on those lists...let a thousand flowers bloom and all. I chose not to
> subscribe to those lists for a couple of reasons. First, I hate
> moderated lists where some satrap decides what is OK for me to talk
> about and what is not. Second, I am much less interested in the C++
> coding of Rijndael than I am in discussing digital money and
> quasi-political issues touching on economics, public policy, social
> repudiation and reputation issues, etc. In my view, crypto without
> politics is just applied number theory.
>
> The discrediting is even happening on the Cypherpunks list. It is deeply
> ironic that people who have never contributed an innovative idea,
> poitical or technical, are hectoring us that "Cypherpunks write code!"
> (Having been involved since the Ur-Cypherpunk days, I know precisely
> what that slogan means, and it _doesn't_ mean what many think it means.)
>
> 5. The resurgence of politics and law. Strangely, despite the above
> discrediting, politics and law became _more_ of the focus of the list!
> How could that be? Here's a partial list: Communications Decency Act,
> the Bernstein case, crypto export laws, ITAR, European plans to regulate
> crypto, Napster, copyright, the DMCA, and on and on. Despite the
> "Cypherpunks write code!" pseudo-mantra, more and more physical meetings
> were devoted to hearing from various spokeslawyers representing the EFF,
> EPIC, CDT, and other lobbying/litigating firms. More and more list
> members muttered about going to law school...and some did.
>
> (Not to besmirch the reputation of Greg Broiles, who was already
> well-along in law school before beginning to contribute many fine
>
> On to another major, possibly _the_ major, factor:
>
> 5. The boredom factor. As Declan and Petro have noted, the ideas are not
> new. The same reasons that made the 1992-94 period so heady also mean
> that later developments are usually just revisitations or rediscoveries
> of the "nuggets" found in the early years. This is like any new field:
> the early pioneers find gems and nuggest lying on the ground, lots of
> low-hanging fruit. (To mix some metaphors.) Later arrivals find the
> low-hanging fruit gone, the richest veins of ore already mined.
>
> (I have not given up. There are amazing things yet to be done. I had a
> stimulating discussion with some computer pioneers last weekend and am
> redoubling my own efforts in my "ontology" project I have occasionally
> mentioned.)
>
> The "read the archives!" advice often given, especially by me, is only
> to be expected. When literally tens of thousands of articles, some of
> them very long and detailed, have already been written on core topics,
> why should any of the "old-timers" spend an hour writing an essay to
> educate a newbie who is unwilling to even spend a few minutes with
> Google looking for already-written articles?
>
> (And many of the newcomers are shockingly ignorant of even the basic
> definitions and ideas, ones that have been written about in full-length
> articles. My own chapter-length essays outline the basics and have been
> included in recent books like "Building-In Big Brother" (Ludlow),
> "Crypto Anarchy, Cyberstates and Pirate Utopias" (also Ludlow), and the
> forthcoming "True Names and the Opening of the Cyberspace Frontier"
> (Vinge, Frenkel, others). Any search on the keywords so common on our
> list will turn up full-length articles, as well as the "Cyphernomicon"
> mega-FAQ I spent (wasted?) about a year of my life working on.)
>
> 6. The failure to get true digital money. Call it what you like,
> "digital cash" or "ecash" or even one of Hettinga's pet names, but the
> fact is that for both political and technical reasons we don't have
> digital cash. This has ripple effects for nearly all of the constructs
> which depend on digital money: data havens, good remailers, black nets,
> beacons, and of course for certain sociopolitical implications of
> untraceable transactions.
>
> Without this basic building block, we are left just with the "privacy"
> stuff...and the privacy stuff is both fairly boring and at the same time
> wrapped-up in legal/political baggage about secrecy, hiding things, etc.
> Boring!
>
> Why digital money has not happened is still an interesting topic to
> discuss. I described the two axes of "value of untraceability" versus
> "cost of untraceability" in an article I wrote a few months ago. I
> characterized the "millicent ghetto" that most companies have
> concentrated on, and the fallacy of the "one size fits all" pricing
> models.
>
> Now, given the events of 911 and the rush to control the Net and to
> impose new and unconstitutional limitations on what people can do with
> their own money, the likelihood of a quasi-visible digital money
> operation like Mark Twain Bank setting up seems to be nil.
>
> Money-laundering laws, and the attempted crackdowns on "hawalah"
> exchanges, will mean any digital cash effort will have to be done beyond
> the margins of the law. Maybe for something with no identifiable nexus,
> something beyond even what Gnutella and Freenet are doing. Beyond
> Morpheus/Music City, beyond Mojo Nation, beyond _any_ of the current P2P
> efforts. (By the way, the only book that I know of on Peer-to-Peer
> computing has references to the pioneering role that Cypherpunks played,
> in remailers, in screen-saver code crackers, etc. Look to the archives
> from 1992-94 and one will see most of the P2P issues covered, from the
> point of view of distributed, agoric models, black markets, etc. My own
> BlackNet, 1988, is obviously a P2P model.)
>
> This failure to get workable untraceable digital cash (true 2-way
> untraceable, not the bastardized, banker-friendly, government-friendly
> one-way untraceable form) is the _deep_ reason things are stagnating.
>
> And we are not alone...
>
> "How to make money off of these ideas" is the fundamental reason the dot
> com crash happened. Absent efficient digital payment systems, and absent
> strong cryptographic constructs to build cyberspace structures, just
> about the only working model for funding all of these dot com things was
> "online advertising."  That, coupled with scads of companies all
> figuring they would dominate their markets.
>
> I'm concentrating here on the online digital services companies, not so
> much the "clicks and mortar" companies trying to sell dog food over the
> Net (yeah, the pets.com and boo.com companies failed, but in their cases
> the Net was just another communications medium for basically a
> mail-order or phone-order business). More interesting are why the
> crypto-related companies are failing. People just aren't paying for
> digital signatures, encryption, and other "Cypherpunkish" things.
>
> This doesn't surprise me at all. But, I see that I am drifting away from
> my intended brief listing of reasons for the decline and am instead
> moving into something that should be saved for another article.
>
> In closing, the long-term prospects for our ideas are still bright. The
> "degrees of freedom" (multiple senses) still mean that crypto anarchy
> will likely triumph over central control. But we probably are facing a
> "crypto winter" lasting at least 5 years, and maybe much longer. The
> moves to expand wiretapping and surveillance, the Carnivore boxes, the
> rapid move to reduce civil liberties in the wake of 911, the calls by
> various European and Asian countries to crack down on use of the Net,
> and the draconian restrictions on money....all of these things will make
> it very difficult to establish Cypherpunks technologies.
>
> Maybe a collapse will come, maybe P2P will sneak these ideas in through
> the back door (*).
>
> (* as might well have happened sooner had Napster _started_ in a
> distributed, no nexus sort of way instead of starting as a central file
> server with a huge "Sue me!" sign painted on the roof of their San Mateo
> offices)
>
> The thing I would advise folks to do is to not think about getting rich.
> Those who lust after the riches of an IPO for their Digital Signature
> Datawhack, Inc. startup are probably heading for crushing
> disapppointment. "Do what you love and the money will follow" is still
> good advice.
>
> And working on the interesting stuff, even if it doesn't appear to be
> "commercial," will probably be where the commercial things of ten years
> from now come from. There are so many examples of this from past years
> that I can't begin to list them here.
>
> Well, now I'm again moving afield into career advice, so I'll stop here.
>
> Best wishes,
>
>
> --Tim May
> "Gun Control: The theory that a woman found dead in an alley, raped and
> strangled with her panty hose,  is somehow morally superior to a woman
> explaining to police how her attacker got that fatal bullet wound"
>
>