Tim May's Passing Confirmed

grarpamp grarpamp at gmail.com
Sat Dec 15 23:09:12 PST 2018


https://www.wired.com/1993/02/crypto-rebels/
Author: Steven Levy
security 02.01.93 12:00 pm

Crypto Rebels

It's the FBIs, NSAs, and Equifaxes of the world versus a swelling
movement of Cypherpunks, civil libertarians, and millionaire hackers.
At stake: Whether privacy will exist in the 21st century.

The office atmosphere of Cygnus Support, a fast-growing Silicon Valley
company that earns its dollars by providing support to users of free
software, seems like a time warp to the days when hackers ran free.
Though Cygnus is located in a mall-like business park within earshot
of US 101, it features a spacious cathedral ceiling overhanging a
cluttered warren of workstation cubicles arranged in an irregular
spherical configuration. A mattress is nestled in the rafters. In a
hallway behind the reception desk is a kitchen laden with snack food
and soft drinks.

Today, a Saturday, only a few show up for work. The action instead is
in a small conference room overlooking the back of the complex—a
"physical meeting" of a group whose members most often gather in the
corridors of cyberspace. Their mutual interest is the arcane field of
cryptography—the study of secret codes and cyphers. The very fact that
this group exists, however, is indication that the field is about to
shift into overdrive. This is crypto with an attitude, best embodied
by the group's moniker: Cypherpunks.

The one o'clock meeting doesn't really get underway until almost
three. By that time around fifteen techie-cum-civil libertarians are
sitting around a table, wandering around the room, or just lying on
the floor staring at the ceiling while listening to the conversations.
Most have beards and long hair—Smith Brothers gone digital.

The talk today ranges from reports on a recent cryptography conference
to an explanation of how entropy degrades information systems. There
is an ad hoc demonstration of a new product, an AT&T "secure" phone,
supposedly the first conversation-scrambler that's as simple to use as
a standard-issue phone. The group watches in amusement as two of their
number, including one of the country's best cryptographic minds, have
trouble making the thing work. (This is sort of like watching Eric
Clapton struggle with a new, easy-to-play guitar.) There is discussion
of random number generators. Technical stuff, but everything has an
underlying, if not explicitly articulated, political theme: the vital
importance of getting this stuff out to the world for the public weal.

The people in this room hope for a world where an individual's
informational footprints—everything from an opinion on abortion to the
medical record of an actual abortion—can be traced only if the
individual involved chooses to reveal them; a world where coherent
messages shoot around the globe by network and microwave, but
intruders and feds trying to pluck them out of the vapor find only
gibberish; a world where the tools of prying are transformed into the
instruments of privacy.

There is only one way this vision will materialize, and that is by
widespread use of cryptography. Is this technologically possible?
Definitely. The obstacles are political—some of the most powerful
forces in government are devoted to the control of these tools. In
short, there is a war going on between those who would liberate crypto
and those who would suppress it. The seemingly innocuous bunch strewn
around this conference room represents the vanguard of the pro-crypto
forces. Though the battleground seems remote, the stakes are not: The
outcome of this struggle may determine the amount of freedom our
society will grant us in the 21st century. To the Cypherpunks, freedom
is an issue worth some risk.

"Arise," urges one of their numbers, "You have nothing to lose but
your barbed-wire fences."
Crashing the Crypto Monopoly

As the Cold War drifts into deep memory, one might think that the
American body charged with keeping our secret codes and breaking the
codes of our enemies—the National Security Agency (NSA)—might finally
breathe easy for the first time in its 30-year existence. Instead, it
is sweating out its worst nightmare.

The NSA's cryptographic monopoly has evaporated. Two decades ago, no
one outside the government, or at least outside the government's
control, performed any serious work in cryptography. That ended
abruptly in 1975 when a 31-year-old computer wizard named Whitfield
Diffie came up with a new system, called "public-key" cryptography,
that hit the world of cyphers with the force of an unshielded nuke.
The shock wave was undoubtedly felt most vividly in the fortress-like
NSA headquarters at Fort Meade, Maryland.

As a child, Diffie devoured all the books he could find on the subject
of cryptography. Certainly there is something about codes—secret
rings, intrigue, Hardy Boys mysteries—that appeals to youngsters.
Diffie, son of an historian, took them very seriously. Though his
interest went dormant after he exhausted all the offerings of the
local city college library, it resurfaced in the mid-1960s, when he
became part of the computer hacker community at the Massachusetts
Institute of Technology.

Even as a young man, Diffie's passion for technical, math-oriented
problems was matched by a keen interest in the privacy of individuals.
So it was natural that as one of the tenders of a complicated
multi-user computer system at MIT, he became troubled with the problem
of how to make the system, which held a person's work and sometimes
his or her intimate secrets, truly secure. The traditional, top-down
approach to the problem—protecting the files by user passwords, which
in turn were stored in the electronic equivalent of vaults tended by
trusted system administrators—was not satisfying. The weakness of the
system was clear: The user's privacy depended on the degree to which
the administrators were willing to protect it. "You may have protected
files, but if a subpoena was served to the system manager, it wouldn't
do you any good," Diffie notes with withering accuracy. "The
administrators would sell you out, because they'd have no interest in
going to jail."

Diffie recognized that the solution rested in a decentralized system
in which each person held the literal key to his or her own privacy.
He tried to get people interested in taking on the mathematical
challenge of discovering such a system, but there were no takers. It
was not until the 1970s, when the people running the ARPAnet (destined
to become the Internet) were exploring security options for their
members, that Diffie decided to take it on himself. By then he was at
Stanford, under the thrall of David Kahn's 1967 work, The
Codebreakers. It was a revelatory, well-written, and meticulously
documented history of cryptography, focusing on 20th century American
military activities, including those at the NSA.

"It brought people out of the woodwork and I certainly was one of
them," recalls Diffie. "I probably read it more carefully than anyone
had ever read it. By the end of 1973, I was thinking about nothing
else." He embarked on what was planned to be a worldwide journey in
search of information on the subject. Gaining access to it was a
difficult task, since almost everything about modern cryptography was
classified, available only to NSA-types and academics. Diffie's
sojourn took him as far as the East Coast, where he met the woman he
would eventually marry. With his future bride, he moved back to
Stanford. It was then that he created a revolution in cryptography.

Specifically, the problem with the existing system of cryptography was
that secure information traveled over insecure channels. In other
words, a message could be intercepted before reaching its recipient.
The traditional methods for securing information involved encoding an
original message—known as a "plaintext," by use of a "key." The key
would change all the letters of the message so anyone who tried to
read it would see only an impenetrable "cyphertext." When the
cyphertext message arrived at its destination, the recipient would use
the same key to decipher the code, rendering it once again to
plaintext. The difficulty with this scheme was getting the key from
one party to another—if you sent it over an insecure channel, what's
to stop someone from intercepting it and using it to decode all
subsequent messages?

The problem got even thornier when one tried to imagine encryption
employed on a massive scale. The only way to do it, really, was to
have registries, or digital repositories, where keys would be stored.
As far as Diffie was concerned, that system was screwed—you wound up
having to trust the people in charge of the registry. It negated the
very essence of cryptography: to maintain total privacy over your own
communications.

Diffie also foresaw the day when people would be not only
communicating electronically, but conducting business that way as
well. They would need the digital equivalent of contracts and
notarized statements. But how could this "digital signature," etched
not in paper but in easily duplicated blocks of ones and zeros,
possibly work?

In May 1975, collaborating with Stanford computer scientist Martin
Hellman, Diffie cracked both problems. His scheme was called
public-key cryptography. It was a brilliant breakthrough: Every user
in the system has two keys—a public key and a private key. The public
key can be widely distributed without compromising security; the
private key, however, is held more closely than an ATM password—you
don't let nobody get at it. For relatively arcane mathematical
reasons, a message encoded with either key can be decoded with the
other. For instance, if I want to send you a secure letter, I encrypt
it with your public key (which I have with your blessing), and send
you the cyphertext. You decipher it using your private key. Likewise,
if you send a message to me, you can encrypt it with my public key,
and I'll switch it back to plaintext with my private key.

This principle can also be used for authentication. Only one person
can encrypt text with my private key—me. If you can decode a message
with my public key, you know beyond a doubt that it's straight from my
machine to yours. The message, in essence, bears my digital signature.

Public-key cryptography, in the words of David Kahn, was not only "the
most revolutionary new concept in the field since. . .the
Renaissance," but it was generated totally outside of the government's
domain—by a privacy fanatic, no less! By the time Diffie and Hellman
started distributing pre-prints of their scheme in late 1975, an
independent movement in cryptography, centered in academia, was
growing. These new cryptographers had read Kahn's book, but more
important, they realized that the accelerating use of computers was
going to mean a growth surge in the field. This expanding community
soon had regular conferences and eventually published its own
scientific journal.

By 1977, three members of this new community created a set of
algorithms that implemented the Diffie-Hellman scheme. Called RSA for
its founders—MIT scientists Rivest, Shamir, and Adleman—it offered
encryption that was likely to be stronger than the Data Encryption
Standard (DES), a government-approved alternative that does not use
public keys. The actual strength of key-based cryptographic systems
rests largely in the size of the key—in other words, how many bits of
information make up the key. The larger the key, the harder it is to
break the code. While DES, which was devised at IBM's research lab,
limits key size to 56 bits, RSA keys could be any size. (The trade-off
was that bigger keys are unwieldy, and RSA runs much more slowly than
DES.) But DES had an added burden: Rumors abounded that the NSA had
forced IBM to intentionally weaken the system so that the government
could break DES-encoded messages. RSA did not have that stigma. (The
NSA has denied these rumors.)

All that aside, the essential fact about RSA is that it was a working
public-key system, and thus did not suffer from the dire flaw of all
previous systems: the need to safely exchange private keys. It was
flexible enough to be used to address the massive requirements of the
crypto future. The algorithms were eventually patented and licensed to
RSA Data Security, whose corporate mission was to create privacy and
authentication tools.

As holder of the public-key patents, RSA Data Security is ideally
placed to sell its privacy and authentication wares to businesses.
Customers who plan to integrate RSA software in their systems include
Apple, Microsoft, WordPerfect, Novell, and AT&T. RSA's president, Jim
Bidzos, a non-cryptographer, is a compelling spokesperson for the need
for privacy. He has cast himself as an adversary of the NSA, fighting
legal restrictions on the export of his product. He even has been
known to broadly hint that the NSA has used back-channels to retard
the flow of his products.

Yet a number of privacy activists regard Bidzos and his company with
caution. Some, like Jim Warren, the PC pioneer who chaired the first
Computers, Freedom, and Privacy conference in 1991, are unhappy that a
single company holds the domestic rights to such a broad concept as
public-key cryptography. Others are even more concerned that RSA, a
respectable business, will be unable to successfully resist any
government pressure to limit the strength of the cryptography it
sells.

In the Cypherpunk mind, cryptography is too important to leave to
governments or even well-meaning companies. In order to insure that
the tools of privacy are available to all, individual acts of heroism
are required. Which brings us to Phil Zimmermann.
The Pretty Good Revolution

Phil Zimmermann is no stranger to political action. His participation
in anti-nuke sit-ins has twice led to jailings. He has been a military
policy analyst to political candidates. But his vocation is computers,
and he has always been fascinated with cryptography. When he first
heard about public-key crypto he was handling two jobs, one as a
programmer and another unpaid post "saving the world." He was about to
find a way to combine the two. Why not implement a public-key system
on personal computers, using RSA algorithms?

Zimmermann posed this question around 1977, but didn't begin serious
work to answer it until 1984. The more he thought about the issues,
though, the more important the project became. As he later wrote in
the product documentation:

You may be planning a political campaign, discussing your taxes, or
having an illicit affair. Or you may be doing something that you feel
shouldn't be illegal, but is. Whatever it is, you don't want your
private electronic mail or confidential documents read by anyone else.
There's nothing wrong with asserting your privacy. Privacy is as
apple- pie as the Constitution.

What if everyone believed that law-abiding citizens should use
postcards for their mail? If some brave soul tried to assert his
privacy by using an envelope for his mail, it would draw suspicion.
Perhaps the authorities would open his mail to see what he's hiding.
Fortunately, we don't live in that kind of world, because everyone
protects most of their mail with envelopes. So no one draws suspicion
by asserting their privacy with an envelope. There's safety in
numbers. Analogously, it would be nice if everyone routinely used
encryption for all their e- mail, innocent or not, so that no one drew
suspicion by asserting their e-mail privacy with encryption. Think of
it as a form of solidarity.

If privacy is outlawed, only outlaws will have privacy. Intelligence
agencies have access to good cryptographic technology. So do the big
arms and drug traffickers. . . But ordinary people and grass-roots
political organizations mostly have not had access to affordable
military grade public-key cryptographic technology. Until now.

Not being a professional cryptographer, Zimmermann moved slowly. By
1986, he had implemented RSA, and a year later wrote a scrambling
function he called Bass-O-Matic, in homage to a Saturday Night Live
commercial for a blender that liquifies fish. Piece by piece he built
his program. In June, 1991, it was ready for release. He named his
software PGP, for Pretty Good Privacy. Though at one time he mused
about asking users for a fee, he subsequently became concerned that
the government would one day outlaw the use of cryptography. Since
Zimmermann wanted the tools for privacy disseminated widely before
that day came, he decided to give PGP away. No strings.

This required some personal sacrifice. Zimmermann missed five mortgage
payments producing PGP. "I came within an inch of losing my house," he
says.

But the effort was worth it. PGP was unprecedented. It was, Zimmermann
claims, faster than anything else available. And despite troublesome
details like patent law and export code, it was very available.

Zimmermann put his first version, which ran only on PCs, on computer
bulletin-board systems and gave it to a friend who posted it on the
Internet. "Like thousands of dandelion seeds blowing in the wind," he
wrote, PGP spread throughout cyberspace. Within hours, people were
downloading it all over the country and beyond. "It was overseas the
day after the release," he said. "I've gotten mail from just about
every country on Earth."

PGP won no popularity contests at RSA Data Security. Jim Bidzos was
incensed that Zimmermann, whom he considers not an altruistic activist
but an opportunist who still hopes to make a buck off stealing
intellectual property, had blithely included RSA's patented algorithms
in PGP. Zimmermann's defense was that he wasn't selling PGP, but
distributing it as a sort of research project. (Some people think that
PGP, by spreading the gospel of public key cryptography, is the best
thing that ever happened to RSA.)

In any case, the legal situation is still hazy, with Zimmermann now
refraining from distributing the software (though he updates the
user's guide and provides guidance and encouragement to those who have
chosen to revise the software).

What does the NSA think about Phil Zimmermann's Johnny Appleseed-like
attempt to bring the world crypto tools? Zimmermann has heard no
formal complaint, even though many believe that PGP's strength in
protecting data is such that it would never be approved for export to
foreign shores. Zimmermann, of course, did not submit PGP to such
scrutiny because he required no export license for international
sales—after all, he was not selling it. In any case, Zimmermann
himself never shipped the software overseas, warning users that it was
their business if they chose to.

To be extra careful, Zimmermann arranged for the more powerful version
2.0, released last September, to be distributed from New Zealand
"into" the United States, so there would be no question about
exporting forbidden tools. (Due to some regulatory oddities, RSA is
patented "only" in the United States, and thus PGP is a potential
patent infringer only within US borders.)

An uncounted number of US users, probably thousands, have PGP in its
various incarations—on DOS, Macintosh, Amiga, Atari ST, or VAX/VMS
computers.

At first the silence from the NSA actually worried Zimmermann. He
wondered if it meant that PGP had some sort of weakness, a "trap door"
that the government had identified. But after a session with a world-
class cryptographer, Zimmermann was assured that while PGP had many
inefficiencies, it offered protection at least as strong as the
government-standard DES. It truly was "pretty good" protection. So
people could evaluate it on their own, Zimmermann allowed free
distribution of the source code—something one does not enjoy with
alternative encryption products. And most of the inefficiencies are
addressed in version 2.0.

(It was only as this article was being prepared, in February 1993,
that Zimmermann was questioned about PGP by two US Customs officials
who flew from California to ask about how the program might have found
its way out of the country. As of press time, it seems that this
investigation might be still active.

Jim Bidzos of RSA, obviously not a disinterested source, claims that
not only Zimmermann, but anyone using PGP, is at risk. He scoffs at
Zimmermann's efforts to stay within the letter of the law, charging
that the use of PGP is "an illegal activity that violates patent and
export law." Bidzos has written to institutions like Stanford and MIT,
informing them that any copies of PGP on their computers would put
them on the wrong side of the law, and he says that the universities
have subsequently banned PGP.)

Still, PGP has changed the world of crypto. It is not a solution to
the problem by any means—using it adds a degree of difficulty to
e-mail and file transfers—but it has developed a cult among those
motivated to use it. It's sort of a badge of honor to include one's
PGP public key with e-mail messages.

And until the long-awaited alternative for electronic crypto on the
Internet, Privacy Enhanced Mail (PEM), is released—after five years of
planning, the release seems near—PGP is one of the only games in town.
(Other alternatives include an RSA-approved product called RIPEM.)
Even then, many users may stick to PGP. "PEM is technically cleaner
but is bogged down in bureaucracy—for instance, before you use PEM you
must first register a key with something called a policy certification
authority," says crypto-activist and Cypherpunk John Gilmore. "PGP is
portable, requires no bureaucracy, and has more than a year's head-
start."

Ultimately, the value of PGP is in its power to unleash the
possibilities of cryptography. Tom Jennings, founder of the FIDOnet
matrix of computer bulletin boards, finds the software useful, but
becomes positively rapturous as he contemplates its psychic influence.
To Jennings, a gay activist, cryptography has the potential to be a
powerful force in protecting the privacy of targeted individuals.

"People who never have had cops stomping through their house don't
care about this," Jennings said. He believes that public awareness of
these issues will be raised only by making the tools available. "If
you can't demonstrate stuff, it's hard to explain." On the other hand,
said Jennings, "If we flood the world with these tools, that's going
to make a big difference."
The Empire Strikes Back

The flood to which Jennings refers is now only a trickle. But you
don't have to be a cryptographer to know which way the code will flow.
The flood indeed is coming, and the agency charged with safeguarding
and mastering encryption technologies is about to be thrust into a
cypher age in which messages that once were clear will require tedious
cracking—and may not be crackable at all. While it is impossible to
read the government's mind concerning the prospects of this scenario
(see The NSA Remains Cryptic, page 57), its actions are telling. The
strategy is one of resistance. The feds are stepping up the war
between crypto activists and crypto suppressors.

The conflict actually began in the late 1970s. As wars go, this one
was more cloak than dagger, with no disappearances in the
night—unlikely to inspire a movie starring Steven Seagall, or even
Robert Redford. As Diffie explains, "the whole thing has been
conducted in a gentlemanly fashion." Yet the stakes are high: in one
view, our privacy; in the other view, our national security. The
government was not above implicitly threatening independent
cryptographers with jail.

According to The Puzzle Palace, James Bamford's classic NSA expose,
the first salvo in the conflict was a letter written in July 1977 by
an NSA employee named Joseph A. Meyer. It warned those planning to
attend an upcoming symposium on cryptography that participation might
be unlawful under an Arms Regulation law, which controls weapons found
on the US Munitions List (cryptographic tools, it turns out, are
classified right alongside tanks and bomber planes). Though the
ensuing controversy in this case blew over, it became clear that NSA
regarded what came from the minds of folks like Whit Diffie to be
contraband. In an unprecedented interview, the then-new NSA Director
Bobby Inman floated the idea that his agency might have the same
control over crypto as the Department of Energy has over nukes. In
1979, Inman gave an address that came to be known as "the sky is
falling" speech, warning that "non- governmental cryptologic activity
and publication. . .poses clear risks to the national security."

Through the 1980s, both sides became entrenched in their views—but it
was by far the alternative crypto movement that gathered strength. Not
only was the community growing to the point where government crypto
specialists came to terms with the phenomenon, but computers—the
devices destined to be crypto engines—became commonplace. Just as it
was obvious that all communication and data storage was going digital,
it was a total no-brainer that effective cryptography was essential to
the maintenance of even a semblance of the privacy and security people
and corporations enjoyed in the pre-digital era.

In fact, our personal information—medical information, credit ratings,
income—lies unencrypted on databases. Our most intimate secrets rest
on our hard disks, sitting ducks. Our phone conversations bounce off
satellites, easily pluckable by those sophisticated enough to sort
these things out. Our cellular phone conversations are routinely
overheard by any goofus with a broadband radio—just ask Prince
Charles.

And if things are tough for individuals, corporations are in worse
shape—even their (weakly) encrypted secret plans are being swiped by
competitors. Recently, the head of the French intelligence service
quite cheerfully admitted intercepting confidential IBM documents and
handing them over to French-government-backed competitors. (In cases
like these, weak encryption—which gives a false sense of security—is
worse than no encryption at all.)

In the face of this apparent inevitability—crypto for the
masses!—what's a secret government agency to do? Throw in the towel,
let the market determine the strength of the people's algorithms, and
grumpily adjust to the new realities? No way. The government has
chosen this moment to dig in and take its last stand. The future of
crypto, and our ability to protect our information to the fullest
extent, hangs in the balance.

The specter of what one Cypherpunk calls "Crypto Anarchy"—where
strong, easy-to-use encryption is accessible to all—terrifies those
accustomed to the old reality. Perhaps the best expression of these
fears comes from Donn Parker, a think-tank computer security
specialist who is in synch with the government mindset. "We have the
capability of 100-percent privacy," he says. "But if we use this I
don't think society can survive."

A somewhat less apocalyptic yet equally stern conclusion comes from
Georgetown University Professor Dorothy Denning, a respected figure in
academic crypto circles: "If we fail to enact legislation that will
ensure a continued capability for court-ordered electronic
surveillance," Denning writes, ". . .systems fielded without an
adequate provision for court-ordered intercepts would become
sanctuaries for criminality wherein Organized Crime leaders, drug
dealers, terrorists, and other criminals could conspire and act with
impunity. Eventually, we could find ourselves with an increase in
major crimes against society, a greatly diminished capacity to fight
them, and no timely solution."

Denning has spoken favorably of a plan that sends chills up Cypherpunk
spines: It allows people access to public-key cryptography only if
they agree to "escrow" their private keys in a repository controlled
by a third party who would, under a judge's order or other dire
circumstance, give it to some government or police body.

Key registries, of course, would require crypto users to trust self-
interested third parties, the very paradox that led Diffie to develop
public-key cryptography. Diffie did not intend private keys to be
shared—not with colleagues, not with spouses, and certainly not with
some swiftie in a suit who would flip it over to the cops at the first
flash of a warrant. As Electronic Frontier Foundation co-founder John
Perry Barlow put it, "You can have my encryption algorithm. . . when
you pry my cold dead fingers from my private key."

But Dorothy Denning has a point. Unfettered cryptography does have its
trade-offs. The same codes that protect journalists and accountants
will abet the security of mobsters, child molesters, and terrorists.
And if everyone encrypts, there certainly would be a weakening of our
intelligence agencies, and possibly our national security.

As far as the NSA is concerned, its very mission is to establish and
maintain superiority in making and breaking codes. If strong
cryptography enters common usage, this task will be greatly
complicated, if not rendered nearly impossible.

While defending Digital Telephony on ABC's Nightline, FBI chief
William Sessions claimed that the law would merely allow law
enforcement to keep pace with technology. But as Whit Diffie notes,
"The most important impact of technology on communications security is
that it draws better and better traffic into vulnerable channels."

In other words, Digital Telephony, if passed, would grant law-
enforcement access not only to phone conversations, but a whole range
of personal information previously stored in hard copy but ripe for
plucking in the digital age. And if law enforcement can get at it, so
can others—either government agents over-stepping their legal
authority, or crooks.

In one sense this debate is moot, because the crypto genie is out of
the bottle. The government may limit exports, but strong encryption
software packages literally are being sold on the streets of Moscow.
The NSA may keep its papers classified, but a whole generation of
independent cryptographers is breaking ground and publishing freely.
And then there are the crypto-guerrillas, who have already penetrated
deep into the territory of their adversaries.
The Promise of Crypto Anonymity

The first physical Cypherpunk meeting occurred early last autumn at
the instigation of two software engineers who had developed an
interest in crypto. One was Tim May, a former Intel physicist who
"retired" several years ago, at age 34, with stock options sufficient
to assure that he would never flip a burger for Wendy's. May, who
reluctantly permits journalists to pigeon-hole him as a libertarian,
is the in-house theoretician, and author of the widely circulated
"Crypto Anarchist Manifesto." The other founder, Eric Hughes, has
become the moderator of the physical meetings, maintaining an agenda
that mixes technical issues of Cypherpunk works-in-progress to reports
from the political front.

It would be wrong to think of Cypherpunks as a formal group. It's more
a gathering of those who share a predilection for codes, a passion for
privacy, and the gumption to do something about it. Anyone who decides
to spread personal crypto or its gospel is a traveler in the territory
of Cypherpunk.

The real action in that realm occurs via The List, an electronic
posting ground which commonly generates more than 50 messages a day.
People on The List receive the messages on their Internet mailboxes
and can respond. The List is sort of a perpetual conversation pit from
which gossip is exchanged, schemes are hatched, fantasies are
outlined, and code is swapped. The modus operandi of Cypherpunks is a
familiar one to hackers—If You Build It, They Will Come.

As Eric Hughes posted on The List:

Cypherpunks write code. They know that someone has to write code to
defend privacy, and since it's their privacy they're going to write
it...

Cypherpunks don't care if you don't like the software they write.
Cypherpunks know that software can't be destroyed.
Cypherpunks know that a widely dispersed system can't be shut down.
Cypherpunks will make the networks safe for privacy.

As the Cypherpunks see it, the magic of public-key crypto can be
extended far beyond the exchange of messages with secrecy. Ultimately,
its value will be to provide anonymity, the right most threatened by a
fully digitized society. Our transactions and conversations are now
more easily traced by the digital trails we leave behind. By following
the electronic links we make, one can piece together a depressingly
detailed profile of who we are: Our health records, phone bills,
credit histories, arrest records, and electronic mail all connect our
actions and expressions to our physical selves. Crypto presents the
possibility of severing these links. It is possible to use
cryptography to actually limit the degree to which one can track the
trail of a transaction.

This is why certain Cypherpunks are hard at work creating remailers
that allow messages to be sent without any possible means of tracing
who sent the message. Ideally, if someone chooses a pseudonym in one
of these systems, no one else can send mail under that name. This
allows for the possibility of a true digital persona—an "identity"
permanently disembodied from one's physical being.

Cryptographic techniques can also potentially assure anonymity in more
prosaic exchanges. For instance, in a system designed to protect
privacy, a prospective employer requesting proof of a college degree
will have access to records with that information—but will only be
able to verify that sole datum. Cypherpunks even discuss certain cases
in which a person's name would be one of the pieces protected—for
instance, a police officer checking one's license need not know a
driver's name, but only whether he or she is licensed to drive. The
ultimate Crypto Anarchy tool would be anonymous digital money, an idea
proposed and being implemented by cryptographer David Chaum. (Chaum
also first proposed the idea of remailers—a good example of how the
Cypherpunks are using academic research from the crypto community to
build new privacy tools.)

In essence, the Cypherpunks propose an alternative to the continuation
of the status quo, where cryptography is closely held and privacy is
an increasingly rare commodity. Ultimately, the lessons taught by the
Cypherpunks, as well as the tools they produce, are designed to help
shape a world where cryptography runs free—a Pac-Man-like societal
maneuver in which the digital technology that previously snatched our
privacy is used, via cryptography, to snatch it back.

Tim May admits that if the whole cryptography matter were put to a
vote among his fellow Americans, his side would lose. "Americans have
two dichotomous views held exactly at the same time," he claims. "One
view is, None of your damn business, a man's home is his castle. What
I do is my business.' And the other is, What have you got to hide? If
you didn't have anything to hide, you wouldn't be using cryptography.'
There's a deep suspicion of people who want to keep things secret."

There's also a legitimate fear that with the anonymous systems
proposed by crypto activists, illegal activities could be conducted
more easily, and crucial messages our government now easily intercepts
might never be noticed. But, as May says, these fears are ultimately
irrelevant. Crypto Anarchy, he believes, is inevitable, despite the
forces marshaled against it. "I don't see any chance that it will be
done politically," says the Cypherpunk. "[But] it will be done
technologically. It's already happening."
The NSA Remains Cryptic: The Official Reply

At one time, the National Security Agency would not even admit that it
existed. Now, it has a Public Affairs staff whose usual modus operandi
is to reply to faxed questions from journalists. Attempting to get the
NSA view of the alternative crypto movement, we asked the NSA the
following six questions:
John Gilmore Challenges the NSA

His Crime: Checking Out A Book
One day last November, the Justice Department called John Gilmore's
lawyer. The message they left: Gilmore was on the verge of violating
the Espionage Act. A conviction could send him to jail for ten years.
His crime? Basically, showing people a library book.

It was a fight that Gilmore instigated. As Sun Microsystems employee
number five, Gilmore retired with a bankroll in the millions. Later,
he had the opportunity not only to co-found a new company—called
Cygnus Support—but to commit acts of public service. "As I get older,"
says the 37-year-old computer programmer, "I realize how limited our
time on Earth is." His cause of choice was the liberation of
cryptography, a field that had fascinated him since he was a boy.

"We aren't going to be secure in our persons, houses, papers, and
effects unless we get a better understanding of cryptography," he
says. "Our government is building some of those tools for its own
use—there have been breakthroughs—but they're unavailable to us. We
paid for them."

To remedy this situation, Gilmore and his lawyer, Lee Tien, have tried
to rescue documents from the shroud of secrecy. Gilmore's first major
coup was the distribution of a paper written by a Xerox cryptographer
that the NSA had convinced Xerox not to publish. Gilmore posted the
document on the Net, and within hours, thousands of people had a copy.

Gilmore's next action was to challenge the NSA's refusal to follow
Freedom of Information Act (FOIA) protocols in releasing requested
documents. The documents he sought were 30-year-old manuals written by
William F. Friedman, the father of American cryptography. These
seminal textbooks had been declassified, but later, for undisclosed
reasons, reclassified. The NSA did not respond to Gilmore's request
for their release within the required time-frame, so he took them to
court. Meanwhile, a friend of Gilmore discovered copies of two of the
documents: one in the Virginia Military Institute Library, the other
on microfilm at Boston University. The friend gave copies to Gilmore,
who then notified the judge hearing the FOIA appeal that the secret
documents were actually on library shelves.

It was then that the government notified Gilmore that distribution of
the Friedman texts would violate the Espionage Act, which dictated a
possible ten-year prison sentence for violators. Gilmore sent a sealed
copy to the judge, asking whether his First Amendment rights were
being violated by the notice; he also alerted the press. Meanwhile,
worried about whether the government might stage a surprise search of
his house or business, he hid copies of the documents—one in an
abandoned building. On November 25, 1992, an article about the case
appeared in the San Francisco Examiner. Two days later, a NSA
spokesperson announced that the agency had once again declassified the
texts. (A Laguna Hills, California publisher, the Aegean Park Press,
quickly printed and released the books, Military Crypt-analysis, Part
III, and Part IV.)

Gilmore is still pressing his case, requesting a classified book
called Military Cryptanalytics, Volume III. More important, he hopes
to get a general court ruling that will force the NSA to adhere to
FOIA rules, and possibly even a ruling that part of the Espionage Act,
by using prior restraint to suppress free speech, is unconstitutional.

What if Gilmore wins, and the NSA is forced to reveal all but the most
secret information about cryptography? Would national security be
compromised, as the NSA claims? "I don't think so," says Gilmore. "We
are not asking to threaten the national security. We're asking to
discard a Cold War bureaucratic idea of national security which is
obsolete. My response to the NSA is: Show us. Show the public how your
ability to violate the privacy of any citizen has prevented a major
disaster. They're abridging the freedom and privacy of all citizens—to
defend us against a bogeyman that they will not explain. The decision
to literally trade away our privacy is one that must be made by the
whole society, not made unilaterally by a military spy agency."
The NSA is Not Alone

By John Browning

Cryptographic paranoia is not limited to the United States. Flush with
enthusiasm over the export prospects for their new digital cellular
telephone system, European telecom companies a year or so ago changed
the name of their cellular phone consortium from Group System Mobile
to Global System Mobile. Unfortunately the new system is not so global
after all. In January, European governments decided to list the new
telephones alongside nuclear fuses and other goods whose export is
restricted in the name of national security.

Like their US counterparts, the European governments' problem with
Global System Mobile—or GSM as it is more familiarly known—is that the
phones cannot be tapped. In the name of privacy, each GSM handset
encrypts its signal using an algorithm called A5. As a sort of
backhanded testimonial to A5's effectiveness, NATO governments have
decided that it is far too good to sell to those whose privacy they
would not wish to respect—like Saddam Hussein's tank corps. So they
have used their powers under the COCOM agreement on "strategic" trade
to limit exports.

The companies making GSM equipment—which include most of Europe's big
telecoms firms—don't want an export product that they cannot export.
So they are busily devising a new cryptographic technology—called
A5X—which doesn't work as well. The new A5X will be much easier to
crack than the old A5 technology. The two will also be compatible; so
in theory both could be used at the same time—one for export markets
and one at home. That way GSM could make good on its marketing promise
that one handset will work anywhere in the world. The intriguing
question, however, is whether they will both be used.

Britain's two cellular operators, Vodafone and Cellnet, both say they
have heard hints—nothing direct, just hints—that various police and
security services (stuck for the moment with A5) would be happier if
they could eavesdrop on domestic conversations carried on GSM as
conveniently as do their counterparts abroad (who only have to crack
A5X). Racal, Vodafone's parent, recently specified A5X for a network
sold to Australia, which is not a country widely thought of as a
threat to the free world. If cellular companies do indeed swap to A5X
at home to facilitate government eavesdropping, the Cypherpunk
movement will more likely than not go global as well. Keep listening.



More information about the cypherpunks mailing list