[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Feb 11 Transcript (LONG)
FEB 17 CYPHERPUNKS TRANSCRIPT
Crypto-anarchy: How new developments in cryptography,
digitial anonymity, and untraceable digital cash will
make the State a thing of the past.
[an anarchist's forum.] With cypherpunks Dave Mandl
and Perry Metzger. Thursday Feb 17,1994 7:30pm, NYC.
Copyright (C) 1994, [email protected] All Rights Reserved.
This article may be redistributed provided that the article and this
copyright notice remain intact. This article may not under any
circumstances be sold or redistributed for compensation of any kind.
MODERATOR: In any event, again this is part of a monthly series we've
been doing for -- close to twenty years now. The announcements
of our March forum, which is (inaudible) with people like
Judith Molina and Hannah Resnikoff from the theater, Richard
Kostelanetz and (inaudible) and such -- announcements are on
the table back there, some information about the book club you
might be interested in, and our mailing list. Sign up for our
mailing list and you will never get off it again. Unless you
send us a contribution and become a life member. Then we take
you off right away.
We have lots of -- certainly lots of anarchist literature for
sale in the back. Please feel free to peruse and spend a lot
of money. At some point, usually after the speakers
finish, we get into questions and discussion. We're going to
pass a donation box around. We've got the door locked so you
can't sneak out. Just to let you know in advance, the suggested
donation is $5, more if you can, less if you can't.
MALE: Much more if you can.
MODERATOR: Right. Let's see. Here we have some souvenir flyers. Anyone
who gives more, they can get a souvenir copy or have their
program tonight autographed by the speakers. Let's see. Before
I introduce them, a couple of sort of "for your information"
announcements. Let's see. All right. One, old friend and book
club participant Bruce Caton does a regular series of radical
walking tours. Next one is Saturday, March 12th, 1:00 p.m. in
Chelsea. I have the material. If anyone is interested in the
literature, take one back. This Saturday, 2:00 p.m., we're going
to be having a first gathering of anarchists in the lower Hudson
Valley, Westchester-Rockland area. And yes, there are anarchists
in the Westchester-Rockland area. You're looking at one. Anyone
who's interested, see me in the back. I can give you the details
of when and where and so on. Coming up in April is the Socialist
Scholars Conference, April 1st through 3rd. Despite the name,
anarchists do participate in this thing. We've had anarchist
panels in the past, and we'll probably have both anarchist panels
and literature tables at the event so, again, see us if you're
interested. So -- without further ado, our subject tonight is
Crypto-Anarchy, and for those of you who saw the original flyer
that's the Scandinavian version for the Olympics Kripto-Onarchy.
And our speakers tonight are Cypherpunks Perry Metzger, long-time
cryptographer and lots of other stuff, and Dave Mandl, long-time
book club member and Cypherpunk. So -- I'll let them take it
away, and just enjoy it.
* * *
DAVE
MANDL: I'm gonna start off with just sort of a general overview of some
of the issues and techniques and stuff. Then Perry is going to
-- if anyone is taping this, by the way, if anyone out there
besides this guy is making an audio tape I'd appreciate it if
you'd let me know afterwards, because I think people, some of
them, might want to get copies from you eventually. Okay. I'm
going to start off with just a -- sort of a general overview
of what this stuff is all about. Then Perry is going to talk
about some more specifics, and then we hope --hopefully we can
get that over relatively quickly and then we can have a
discussion, question and answer, whatever. But first Perry is
going to say something.
PERRY
METZGER: Yeah. Just trying to get a sense of how much people know about
this topic already. How many people here have any real knowledge
about what Cryptography is? Just raise your hand. Okay. Call
it about -- one quarter, one third maybe. No, less than a
quarter. Okay. How many people here know what the National
Security Agency does? And I don't mean just to the level of
knowing what "National Security" might mean. So we're talking,
again -- a couple more. Okay. How many people -- well, actually
that already more or less says it. This should be interesting for
you. Go on.
DM: Okay. Perry and I are involved with a group called the
Cypherpunks, which I'm sort of hesitant to say just because it's
a very loose-knit group of people very -- anarchically
constructed, and there are no official spokesmen or leaders or
anything like that. Just mentioning it for informational purposes
only, as they say on all those petitions and stuff. Cypherpunks
is a pun obviously on Cyberpunk, with "Cypher" being a reference
to codes and cyphers. More on that in a second. If the
Cypherpunks have a particular philosophy, party line, approach,
we generally refer to it as Crypto-Anarchy. Crypto-Anarchy is a
term that was coined by Tim May, one of the founders of the
group, Cypherpunks, and it's a reference to like Crypto-Fascist
or Crypto-Authoritarian or whatever, and the pun being in --
"Crypto" because the core of what the Crypto-Anarchists or
Cypherpunks do is cryptography. That's the basis of everything
we're going to be talking about tonight, basically achieving
anarchy or sort of working towards anarchy using cryptography and
other things. So let me just briefly for the whatever -- twenty-
seven percent of you who don't know what cryptography is, let me
just give a brief explanation.
MALE: Seventy-seven.
DM: Seventy-seven. Sorry. Cryptography is -- I guess a dictionary
definition would be the study -- the science of codes and cyphers.
Hiding, encrypting, encoding information so that other people
can't read it. Cryptography in one form or another has been
around for probably thousands of years, probably more than that
-- as long -- as far back as people had things they needed to
hide.
Let me just give you some really simple examples of what crypto-
graphy might be. Let's say that we're planning on doing a bank
job tomorrow (ridiculous) and I want to pass along to my friend
over here the name of the guy who's going to be going in and
opening the vault, who happens to be Perry, let's say. So I'm
going to hand him a slip of paper with Perry's name on it, but
I don't want to write "P-e-r-r-y" and give it to him because
someone else may grab the piece of paper away or see it over his
shoulder or something and then to the -- to the pokey with Perry.
So what I might do is instead of writing "Perry" on a piece of
paper maybe I'll scramble the letters up and write "Y-p-r-e-r"
and he knows based on some previously agreed upon formula that
I take this cryptic message here and move this letter here and
move this letter here and lo and behold there it is --"Perry".
And if anyone else intercepts it they just see a bunch of junk,
and they don't know who it is that's gonna be opening the bank
vault.
Another way I might hide this information from enemy eyes would be
to substitute the letters, so instead of writing "Perry" I might
write "Xwssp" where X represents the letter P and W represents the
letter E and so on, and again we have some previously agreed-up
code or formula that says when you see X substitute P and so on,
and again you put it together and there it is, "Perry".
Okay. So that's the most basic kind of cryptography. In fact
codes that simple haven't been used for probably many centuries,
and -- especially in I guess the last forty years cryptography
has made tremendous, tremendous leaps forward so now it's not
just a matter of shifting letters around. If you look in
Newsday, the newspaper, every day they have a little puzzle
called the "Cryptoquote" where they have a quote by some famous
guy and you have to figure out which letter is substituted for
which. So that's baby stuff now basically.
In the last forty years it's changed so that now it's not based
on just jumbling letters around but it's based on higher
mathematics -- extremely, extremely advanced, sophisticated
mathematics, so sophisticated that the strongest -- the codes
that are widely used today by like the government or even banks
would require all the computer power in the world and more to
crack. So cryptosystems have gotten much, much, much, much,
much more sophisticated. So a couple of new developments that
are of interest to us:
Well, the main thing is this ultrastrong state-of-the-art
cryptography has become available to the hoi polloi, people like
us. With advances in computer technology, just a simple PC that
a lot of you, maybe even most of you, have, in your bedroom,
you can run software that does extremely sophisticated crypto-
graphy, in fact so sophisticated that even the NSA, we think, can't
break it.
So military strength -- for obvious reasons, military strength is
generally the name they use for the strongest cryptosystems in the
world, because those are the ones that would be used by the
President for the codes to the nuclear weapons or something like
that. Perry and I are going to be giving those codes out a
little later on in the evening. [LAUGHTER]
Another thing which Perry is going to talking more about is the
N.S.A., National Security Agency. That's the super tip-top-secret
U.S. government agency that specializes in cryptography. For
years they had a complete monopoly on cryptography. Well, not
complete, but effectively a monopoly on cryptography. That's
sort of changed now, or that has changed now, and like I said
jerks like us have access to extremely powerful cryptography,
which is a good thing.
Okay. So what does this mean? Who cares? What do we need crypto-
graphy for? Who gives a damn? Well, I'll tell you. There are a
whole bunch of different things you can do now with this extremely
strong cryptography, and I usually just arbitrarily for no parti-
cular reason; just to make it easier I usually split it up into
two different categories: defensive applications of cryptography,
and offensive applications.
Let's start with the defensive stuff, or passive as opposed to
active. First of all, more and more -- a lot of you probably know
this. Some of you haven't really seen it yet maybe. Everything's
moving more and more into digital form, and moving to the Net.
We're probably going to be throwing the term "the Net" around a
lot.
People say the Net they're usually referring to the Internet,
which you probably have heard, most of you, because it's plastered
all over magazines every day now. The Internet basically in a
nutshell is a massive international network of computers that is
--basically is totally anarchic. It spans the whole world,
probably just about every country at this point?
PM: No, but every industrialized country at this point.
DM: A whole shitload of countries. And over the Net, using these
amorphous connections to computers around the world, you can send
information almost instantaneously anywhere in the world at the
push of a button. That also means that as time goes by more and
more of your personal information let's say is going to be stored
on the Net and stored in electronic form. So it's -- we're still
at the very, very early stages of this happening and it's a really
important time because first of all while before this infra-
structure is fully developed the government wants to sort of slip
by certain laws.
The Net, as I said, is still basically anarchic, and the govern-
ment doesn't like that, and while we're still at square one they
want to slip in laws that will restrict this ultimate freedom of
movement that people have on the Net.
Okay. Let me get into some of these applications. First of all,
electronic mail. Over time -- I mean you'll still be sending mail
in envelopes to your friends, but more and more mail will be sent
over the Net. E-Mail. Electronic Mail. Electronic mail is
completely insecure. I don't mean it has an inferiority complex.
[LAUGHTER] I mean basically it's completely unprotected. So we
-- a lot of you here probably use electronic mail every day. It's
growing by leaps and bounds. If I send an electronic mail message
to someone out here: "Hi. Meet me tomorrow night at 7:30."
That message goes out over the Net. It may be passing through
several other machines on the way from me to him, and it goes out
in the clear as cryptographers would call it, meaning it's not
encrypted. It's not protected in any way. Anyone who taps into
the line, anyone who has the appropriate access to the computer
system I'm using, can just pick it right out, read the text of the
message I'm sending, no problem. That's that.
That's not good, especially if I'm sending sensitive messages
over the Net. So using cryptography -- this is the most obvious
use of cryptography -- what you can do is take the message you're
going to send, encrypt it so that it's scrambled and cannot be
read by anyone except the person it's intended for, and then
send it out. Someone intercepts the message, someone reads it,
fine. Go ahead. Do whatever you want. It's a bunch of junk.
You can't make sense of it unless you have the key. I guess I
sort of skipped over that. In cryptography, it depends on keys,
so ...
PM: I'll get into that.
DM: Okay. So basically if I send you a message that's encrypted and
it's intended for you, you will have the key to read it. No one
else will. And like I said, this stuff is basically uncrackable,
unreadable by anyone, including the N.S.A. as far as we know.
So -- you want to send E-mail to somebody, you encrypt it, send
it out, that's it. That problem is solved. No one can read it.
No one.
There's another problem, however, and that's what cryptographers
call traffic analysis. For example if the Chase Manhattan Bank on
Seventh Avenue in Park Slope is knocked over every Monday evening
and they see that every Monday afternoon an E-mail message passes
from me to Perry even though they can't read it 'cause it's
encrypted they may say, "Hmm. Something fishy's going on here.
There's E-mail going from Dave to Perry every Monday. Ten minutes
later the bank gets knocked over." So without actually being able
to read my message, they still can sort of infer some information
by using what's called traffic analysis, by the mere fact that
mail is going from this person to that person. So you want to be
able to hide that also if you can.
The main technique that people have been using and talking about
and developing to foil traffic analysis is something we can anony-
mous remailers, which are like mail drops [OR MAIL FORWARDING
SERVICES]. Most of you know what mail drops are. Any criminals
in the audience? They're like the electronic -- the Net version
of mail drops. The way an anonymous remailer would work is -- it
might be out in Berkeley, California, let's say. There actually
are a lot of them out in Berkeley. There's one in Finland that's
really heavily used. I might take my E-mail message saying,
"Perry. Chase Manhattan Bank. The usual. Seventh Avenue." Send
it to this remailer in Berkeley with instructions to the remailer,
which is an automatic machine -it's a computer program -- saying,
"Take this message and forward it over to Perry Metzger."
Okay. So now what happens? What's going out from me is an
encrypted, that is completely unreadable message, out to Berkeley.
A minute later, ten minutes later, an hour later however we set it
up, a message goes from Berkeley over to Perry. Okay? So no one
can read the mail because it's encrypted. No one can do traffic
analysis because it's -- it's blurred. I can even -- without
getting into too much painstaking detail I can bounce it off ten
different remailers. I can send it to Berkeley, to Finland, to
here, to there, to there, and then to Perry. No one looking at
this -- where the mail is going can possibly figure out what's
going on.
Okay. That's number one. More applications for cryptography,
more of these --what I'm calling defensive applications. Let's
say you have people on the Net a lot of times asking embarrassing
questions. Let's say --there are groups, there are discussion
groups out there for -- to discuss sex or to discuss like -- you
know people who were sexually abused when they were children, all
kinds of stuff with all kinds of personal information. You don't
necessarily want to send out E-mail saying, "Oh, you know, I've
never slept with a woman. Can anyone tell me about, you know,
how?"
That's the kind of thing you see all the time and you don't
necessarily want your name attached to that, so, again, you can
-- you can use encryption to hide the contents of what you're
sending out. You can bounce it off these remailers so no one is
the wiser.
Tim May mentioned this next one, actually. You can actually lead
several lives. Let's say you're like a high government official.
This is sort of unlikely. Let's say you work for the Defense
Department or you're the Vice President or something like that but
you actually have some -- or you're a fancy straight respected
scientist but you have some bizarre views that you don't want your
name to be tainted with. Let's say you're a fancy scientist and
you have an interest in UFO's or crop circles or something like
that. Using cryptography, anonymous remailers and all this stuff
you can lead a double or triple life, and, you know, lead your
straight, respected Nobel Prize life and at the same time discuss
crop circles with some lunatics over in England. [LAUGHTER]
And -- you see that all the time. You see people on the Net who
use pseudonyms, and actually establish reputations under a
particular pseudonym. There's someone in the Cypherpunks group
--there have been several people in the Cypherpunks group
-- there was a guy -- he used the name "The Wonderer" and he would
ask -- you know, he was asking like very simple, basic questions,
and for all we know he might have been -- it might have been
Perry? And he was embarrassed to say, like "What's cryptography?"
You know? [LAUGHTER]
So he used this pseudonym, "The Wonderer."
PM: You found me out.
DM: I always suspected. You can't fool me. [LAUGHTER]
DM: Okay. You might want to hide certain political activities. We're
going to go over to the Federal Reserve and knock it over
tomorrow. Whatever.
What else? Purchases. Over time people will be making purchases
over the Net. You may be buying and selling stuff over the Net.
You don't want The Man or The Woman -- Janet Reno, I guess -- to
know that you buy $300 worth of sex toys every month. Or you
send out your credit card number over the Net to buy stuff and you
don't want people grabbing your credit card number, which, as I
said, is very easy to do. So, again, you can encrypt this stuff
and that's the end of people being able to track these purchases
or rip off your credit card number.
All kinds of other personal information. Again, more and more of
this stuff's going to be stored in electronic form. Medical
records, credit history, stuff like that. If you use cryptography
to send all the stuff around then you have a little bit less of
a worry about people being able to just circulate it around
freely. Okay, that's some of the basic -- what I'm calling
the defensive stuff. Basically just, you know, protect your
privacy because your privacy is going to be in more and more
jeopardy as the Net grows, as Big Brother grows.
Okay, but let's get on to the fun stuff. There's what I call
offensive, not defensive, tactics, but more fun offensive stuff.
For example: Whistle blowing. You may work for some government
agency that's doing some particularly horrible thing and you want
to blow the whistle on them. Or they ripped someone off or they
did LSD experiments or something like that. You can use crypto-
graphy, anonymous remailers, to blow the whistle on people.
Anonymous transactions. Again, as more and more people are doing
business over the Net you can conduct transactions with complete
untraceability. Perry, I think, I hope, will be talking a little
bit about digital cash.
PM: I will.
DM: Digital cash is another application of cryptography, where people
can buy, sell, do banking on the Net without anyone knowing
anything -- like an electronic Swiss bank account. People can
buy and sell stuff from each other without even knowing who the
parties are -- a drug deal, let's say, or whatever, and no one
will know who either party is.
Underground economy, that falls into the same category. Digital
cash. Again, if all this stuff is encrypted then it's basically
untraceable, untrappable by the government, the I.R.S., whomever.
Sending illegal information. The safe example that Tim May used
when I interviewed him on my radio show was, "RU-486?" Is that
still illegal? Or what's the deal?
TM: Yes.
DM: So let's say you want to get information out to people on RU-486,
the abortion pill, which is illegal in the U.S. Again, you can
encrypt it, send it anywhere in the world, completely untraceable.
Okay. That's basically it. What this means is -- and this is
where the anarchy part comes in. Borders, national borders, are
Swiss cheese. Basically as things move more and more over to
electronic form, borders -- whether they like it or not, the
governments -- territorial gangsters as a friend of mine calls
them -- borders become Swiss cheese. They become completely
irrelevant. At the push of a button you can send anything you
want basically anywhere in the world. No one will know what
you're sending, where you're sending it, nothing.
There's a quote. There's a quote in a Cypherpunks article in
"Whole Earth Review." You can hide encrypted information on
a DAT, a music cassette or a digital audio tape, so, for example,
Anyone carrying a single music cassette bought in a store could
carry the entire computerized files of the Stealth Bomber and it
would be completely and totally imperceptible. Nothing anyone
can do about it. Again, basically what this does is sort of
renders obsolete a lot of the laws, or most of the laws, or the
whole basis for laws that are in place now. Borders can't be
enforced, taxes can't be enforced, and so on and so on. You get
the idea.
So to cut to the chase, the main goals of crypto-anarchy, the
main goals of the Cypherpunks, are: (1) to spread the use of
strong cryptography. Everyone should use encryption. You
should send all your E-mail encrypted.
People say, "Why do I need to encrypt my E-mail? All I'm doing
is saying, you know, meet me for lunch at 12:30. I don't need to
encrypt it." The answer we usually give is most of the mail you
send out isn't that secret either, but you wouldn't send it all
on postcards. So sending your E-mail unencrypted is like sending
all your mail on postcards. Encrypting your E-mail is like
putting all your mail in envelopes. One further reason for that
is, again, this traffic analysis thing. If you send all your
mail out unencrypted, hundreds of pieces of E-mail a day, and
then all of a sudden tomorrow at 5:00 p.m. you send out an
encrypted piece of E-mail, people might get a little suspicious
and look a little further into things.
That's one reason that we promote the use of encryption all the
time. If everything is encrypted-- if things are just flying
all around the world, no one knows anything. Half of them may
be, "Meet me for lunch at 12:30," and the other half may be, you
know, "Let's make a drug deal," or whatever. So the more people
use cryptography the more the lines get blurred and the more
powerless the authorities become. There is a dark cloud which
Perry is going to talk about in a second, that unfortunately
-- I would prefer it if we could just stick to this stuff, but
actually there have been developments recently mainly with some-
thing called the Clipper Chip that is really, really, ugly
and -- the Clipper Chip, and also the Digital Telephony Bill
that -- sort of bring a dark cloud in over all this stuff.
One thing I'm always talking about is how in the last few years
anarchists or anarchist activists have sort of maybe been getting
an inferiority complex, because it seems like the cops don't care
about us that much anymore. As much as I don't want to be a
martyr, you know that if the cops are tapping all your phones
you at least know that you're probably doing something right.
But I sort of get the impression lately a little bit that, you
know, the cops just think "Fucking anarchists Who cares?
They're not doing anything."
Well, you can put those fears to rest, because this stuff is
actually of great interest to the government, and the government
is going to tremendous lengths to stifle this stuff. It
definitely has the government's undivided attention, and I guess
Perry is going to tell you more about that now.
PM: All right. Now I was touching on this a little bit earlier, but
-- this gives you a little bit of motivation, why this is so
interesting. It's one thing to say that the government is
interested in this, but does anyone -- I know that some people
in the audience already know the answer to this, but do most of
you -- if most of you are asking yourself what's the biggest and
most secret agency that the United States government operates,
you probably think the Central Intelligence Agency.
MALE: National Reconnaissance Office.
MALE: The Federal Reserve.
PM: No. It is the not the N.R.O., either. The N.R.O. is bigger than
the C.I.A., but it is not bigger than the N.S.A.
MALE: Is DISCO more secret than the N.S.A.?
PM: Pardon?
MALE: DISCO?
PM: DISCO?
MALE: I guess it is.
PM: It must be. The National Security Agency -- spends more money
and has more employees than all of the other intelligence
organizations the United States government operates combined.
Okay? It spends over $30 billion a year only on signal
intelligence operations (SIGINT). I'm about to get into what
those are. This is something that the government cares about
extremely passionately. They spend vast amounts of money on it.
You should ask yourself why.
Now what exactly is the business of the National Security Agency?
The business of the National Security Agency is signals
intelligence. Most people aren't aware of it, but signals
intelligence is considered by most intelligence analysts to be
the most important form of intelligence. Signals intelligence
played incredibly important roles all through World War II. How
many people here knew that the Battle of Midway was won entirely
because of signals intelligence intercepts? Okay. A couple of
people.
MALE: Seven percent.
PM: How many people in this audience knew that the Battle of the