[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Feb 11 Transcript (LONG)




                  FEB 17  CYPHERPUNKS TRANSCRIPT

        Crypto-anarchy:  How new developments in cryptography,
        digitial anonymity,  and untraceable digital cash will
        make the State a thing of the past.
 
        [an anarchist's forum.]   With  cypherpunks Dave Mandl
        and Perry Metzger.   Thursday Feb 17,1994 7:30pm, NYC.
          
     Copyright (C) 1994, [email protected]  All Rights Reserved.      

  This article may be redistributed provided that the article and this 
  copyright  notice  remain  intact.   This  article may not under any 
  circumstances be sold or redistributed for compensation of any kind.



MODERATOR:  In any event, again this is part of a monthly series we've 
            been doing for -- close to twenty years now.  The announcements
            of our March forum, which is (inaudible) with people like 
            Judith Molina and Hannah Resnikoff from the theater, Richard
            Kostelanetz and (inaudible) and such -- announcements are on
            the table back there, some information about the book club you 
            might be interested in, and our mailing list.  Sign up for our 
            mailing list and you will never get off it again.  Unless you
            send us a contribution and become a life member.  Then we take
            you off right away.
            
            We have lots of -- certainly lots of anarchist literature for
            sale in the back.  Please feel free to peruse and spend a lot
            of money.  At some point, usually after the speakers 
            finish, we get into questions and discussion.  We're going to
            pass a donation box around.  We've got the door locked so you
            can't sneak out.  Just to let you know in advance, the suggested 
            donation is $5, more if you can, less if you can't.

MALE:  Much more if you can.

MODERATOR: Right.  Let's see.  Here we have some souvenir flyers.  Anyone
           who gives more, they can get a souvenir copy or have their 
           program tonight autographed by the speakers. Let's see.  Before
           I introduce them, a couple of sort of "for your information"
           announcements.  Let's see.  All right.  One, old friend and book
           club participant Bruce Caton does a regular series of radical
           walking tours.  Next one is Saturday, March 12th, 1:00 p.m. in
           Chelsea.  I have the material.  If anyone is interested in the
           literature, take one back.  This Saturday, 2:00 p.m., we're going
           to be having a first gathering of anarchists in the lower Hudson
           Valley, Westchester-Rockland area.  And yes, there are anarchists
           in the Westchester-Rockland area.  You're looking at one.  Anyone
           who's interested, see me in the back.  I can give you the details
           of when and where and so on.  Coming up in April is the Socialist
           Scholars Conference, April 1st through 3rd.  Despite the name,
           anarchists do participate in this thing.  We've had anarchist 
           panels in the past, and we'll probably have both anarchist panels
           and literature tables at the event so, again, see us if you're
           interested.  So -- without further ado, our subject tonight is
           Crypto-Anarchy, and for those of you who saw the original flyer
           that's the Scandinavian version for the Olympics Kripto-Onarchy.
           And our speakers tonight are Cypherpunks Perry Metzger, long-time 
           cryptographer and lots of other stuff, and Dave Mandl, long-time 
           book club member and Cypherpunk.  So -- I'll let them take it 
           away, and just enjoy it.
           
                                    *   *   *
DAVE
MANDL:    I'm gonna start off with just sort of a general overview of some
          of the issues and techniques and stuff.  Then Perry is going to
          -- if anyone is taping this, by the way, if anyone out there 
          besides this guy is making an audio tape I'd appreciate it if 
          you'd let me know afterwards, because I think people, some of
          them, might want to get copies from you eventually.  Okay.  I'm 
          going to start off with just a -- sort of a general overview
          of what this stuff is all about.  Then Perry is going to talk
          about some more specifics, and then we hope --hopefully we can 
          get that over relatively quickly and then we can have a
          discussion, question and answer, whatever.  But first Perry is
          going to say something.

PERRY
METZGER:  Yeah.  Just trying to get a sense of how much people  know about
          this topic already.  How many people here have any real knowledge
          about what Cryptography is?   Just raise your hand.  Okay.  Call
          it about -- one quarter, one third maybe.  No, less than a
          quarter.  Okay.  How many people here know what the National 
          Security Agency does? And I don't mean just to the level of 
          knowing what "National Security" might mean.  So we're talking,
          again -- a couple more.  Okay.  How many people -- well, actually
          that already more or less says it.  This should be interesting for
          you.  Go on.
           
DM:       Okay.  Perry and I are involved with a group called the 
          Cypherpunks, which I'm sort of hesitant to say just because it's 
          a very loose-knit group of people very -- anarchically 
          constructed, and there are no official spokesmen or leaders or
          anything like that.  Just mentioning it for informational purposes
          only, as they say on all those petitions and stuff. Cypherpunks
          is a pun obviously on Cyberpunk, with "Cypher" being a reference
          to codes and cyphers.  More on that in a second.  If the 
          Cypherpunks have a particular philosophy, party line, approach,
          we generally refer to it as Crypto-Anarchy.  Crypto-Anarchy is a 
          term that was coined by Tim May, one of the founders of the 
          group, Cypherpunks, and it's a reference to like Crypto-Fascist
          or Crypto-Authoritarian or whatever, and the pun being in --
          "Crypto" because the core of what the Crypto-Anarchists or 
          Cypherpunks do is cryptography.  That's  the basis of everything
          we're going to be talking about tonight, basically achieving 
          anarchy or sort of working towards anarchy using cryptography and
          other things.  So let me just briefly for the whatever -- twenty-
          seven percent of you who don't know what cryptography is, let me
          just give a brief explanation.

MALE:     Seventy-seven.

DM:       Seventy-seven.  Sorry.  Cryptography is -- I guess a dictionary 
          definition would be the study -- the science of codes and cyphers.
          Hiding, encrypting, encoding information so that other people 
          can't read it.  Cryptography in one form or another has been 
          around for probably thousands of years, probably more than that
          -- as long -- as far back as people had things they needed to 
          hide. 
           
          Let me just give you some really simple examples of what crypto-
          graphy might be.  Let's say that we're planning on doing a bank
          job tomorrow (ridiculous) and I want to pass along to my friend
          over here the name of the guy who's going to be going in and
          opening the vault, who happens to be Perry, let's say.  So I'm
          going to hand him a slip of paper with Perry's name on it, but 
          I don't want to write "P-e-r-r-y" and give it to him because 
          someone else may grab the piece of paper away or see it over his
          shoulder or something and then to the -- to the pokey with Perry.
          
          So what I might do is instead of writing "Perry" on a piece of
          paper maybe I'll scramble the letters up and write "Y-p-r-e-r"
          and he knows based on some previously agreed upon formula that 
          I take this cryptic message here and move this letter here and
          move this letter here and lo and behold there it is --"Perry".
          And if anyone else intercepts it they just see a bunch of junk, 
          and they don't know who it is that's gonna be opening the bank
          vault.
          
          Another way I might hide this information from enemy eyes would be
          to substitute the letters, so instead of writing "Perry" I might
          write "Xwssp" where X represents the letter P and W represents the
          letter E and so on, and again we have some previously agreed-up
          code or formula that says when you see X substitute P and so on,
          and again you put it together and there it is, "Perry". 
          
          Okay.  So that's the most basic kind of cryptography.  In fact
          codes that simple haven't been used for probably many centuries,
          and -- especially in I guess the last forty years cryptography
          has made tremendous, tremendous leaps forward so now it's not
          just a matter of shifting letters around.  If you look in 
          Newsday, the newspaper, every day they have a little puzzle
          called the "Cryptoquote" where they have a quote by some famous
          guy and you have to figure out which letter is substituted for
          which.  So that's baby stuff now basically.  
          
          In the last forty years  it's changed so that now it's not based
          on just jumbling letters around but it's based on higher
          mathematics -- extremely, extremely advanced, sophisticated
          mathematics, so sophisticated that the strongest -- the codes
          that are widely used today by like the government or even banks
          would require all the computer power in the world and more to
          crack.  So cryptosystems have gotten much, much, much, much, 
          much more sophisticated.  So a couple of new developments that 
          are of interest to us:  
          
          Well, the main thing is this ultrastrong state-of-the-art
          cryptography has become available to the hoi polloi, people like
          us.  With advances in computer technology, just a simple PC that
          a lot of you, maybe even most of you, have, in your bedroom,
          you can run software that does extremely sophisticated crypto-
          graphy, in fact so sophisticated that even the NSA, we think, can't
          break it.  
          
          So military strength -- for obvious reasons, military strength is
          generally the name they use for the strongest cryptosystems in the
          world, because those are the ones that would be used by the 
          President for the codes to the nuclear weapons or something like
          that.   Perry and I are going to be giving those codes out a 
          little later on in the evening.   [LAUGHTER]
          
          Another thing which Perry is going to talking more about is the
          N.S.A., National Security Agency.  That's the super tip-top-secret
          U.S. government agency that specializes in cryptography.  For
          years they had a complete monopoly on cryptography.  Well, not
          complete, but effectively a monopoly on cryptography.  That's 
          sort of changed now, or that has changed now, and like I said 
          jerks like us have access to extremely powerful cryptography, 
          which is a good thing. 

          Okay.  So what does this mean?  Who cares?  What do we need crypto-
          graphy for?  Who gives a damn?  Well, I'll tell you.  There are a
          whole bunch of different things you can do now with this extremely
          strong cryptography, and I usually just arbitrarily for no parti-
          cular reason; just to make it easier I usually split it up into 
          two different categories: defensive applications of cryptography, 
          and offensive applications.
          
          Let's start with the defensive stuff, or passive as opposed to
          active.  First of all, more and more -- a lot of you probably know
          this.  Some of you haven't really seen it yet maybe. Everything's
          moving more and more into digital form, and moving to the Net. 
          We're probably going to be throwing the term "the Net" around a 
          lot.  
          
          People say the Net they're usually referring to the Internet, 
          which you probably have heard, most of you, because it's plastered
          all over magazines every day now.  The Internet basically in a 
          nutshell is a massive international network of computers that is
          --basically is totally anarchic.  It spans the whole world, 
          probably just about every country at this point?
          
          
PM:       No, but every industrialized country at this point.


DM:       A whole shitload of countries.  And over the Net, using these
          amorphous connections to computers around the world, you can send
          information almost instantaneously anywhere in the world at the
          push of a button.  That also means that as time goes by more and
          more of your personal information let's say is going to be stored 
          on the Net and stored in electronic form.  So it's -- we're still
          at the very, very early stages of this happening and it's a really
          important time because first of all while before this infra-
          structure is fully developed the government wants to sort of slip
          by certain laws.  
          
          The Net, as I said, is still basically anarchic, and the govern-
          ment doesn't like that, and while we're still at square one they 
          want to slip in laws that will restrict this ultimate freedom of 
          movement that people have on the Net.             
               
          Okay.  Let me get into some of these applications.  First of all,
          electronic mail.  Over time -- I mean you'll still be sending mail
          in envelopes to your friends, but more and more mail will be sent
          over the Net. E-Mail.  Electronic Mail.  Electronic mail is 
          completely insecure.  I don't mean it has an inferiority complex.
          [LAUGHTER]  I mean basically it's completely unprotected.  So we 
          -- a lot of you here probably use electronic mail every day.  It's
          growing by leaps and bounds.  If I send an electronic mail message
          to someone out here:  "Hi.  Meet me tomorrow night at 7:30."  
          That message goes out over the Net.  It may be passing through
          several other machines on the way from me to him, and it goes out
          in the clear as cryptographers would call it, meaning it's not
          encrypted.  It's not protected in any way.  Anyone who taps into
          the line, anyone who has the appropriate access to the computer
          system I'm using, can just pick it right out, read the text of the
          message I'm sending, no problem.  That's that. 
          
          That's not good, especially if I'm sending sensitive messages 
          over the Net.  So using cryptography -- this is the most obvious
          use of cryptography -- what you can do is take the message you're
          going to send, encrypt it so that it's scrambled and cannot be
          read by anyone except the person it's intended for, and then 
          send it out.  Someone intercepts the message, someone reads it, 
          fine.  Go ahead.  Do whatever you want.  It's a bunch of junk.  
          You can't make sense of it unless you have the key.  I guess I 
          sort of skipped over that.  In cryptography, it depends on keys, 
          so ...

PM:       I'll get into that.

DM:       Okay.  So basically if I send you a message that's encrypted and
          it's intended for you, you will have the key to read it.  No one
          else will.  And like I said, this stuff is basically uncrackable,
          unreadable by anyone, including the N.S.A. as far as we know.  
          So -- you want to send E-mail to somebody, you encrypt it, send
          it out, that's it.  That problem is solved.  No one can read it.
          No one. 
           
          There's another problem, however, and that's what cryptographers
          call traffic analysis.  For example if the Chase Manhattan Bank on
          Seventh Avenue in Park Slope is knocked over every Monday evening
          and they see that every Monday afternoon an E-mail message passes
          from me to Perry even though they can't read it 'cause it's 
          encrypted they may say, "Hmm. Something fishy's going on here.  
          There's E-mail going from Dave to Perry every Monday.  Ten minutes
          later the bank gets knocked over."  So without actually being able 
          to read my message, they still can sort of infer some information
          by using what's called traffic analysis, by the mere fact that 
          mail is going from this person to that person.  So you want to be 
          able to hide that also if you can. 
          
          The main technique that people have been using and talking about
          and developing to foil traffic analysis is something we can anony-
          mous remailers, which are like mail drops [OR MAIL FORWARDING
          SERVICES].  Most of you know what mail drops are.  Any criminals
          in the audience?  They're like the electronic -- the Net version
          of mail drops.  The way an anonymous remailer would work is -- it
          might be out in Berkeley, California, let's say.  There actually
          are a lot of them out in Berkeley.  There's one in Finland that's
          really heavily used.  I might take my E-mail message saying,
          "Perry.  Chase Manhattan Bank.  The usual.  Seventh Avenue."  Send
          it to this remailer in Berkeley with instructions to the remailer,
          which is an automatic machine -it's a computer program -- saying,
          "Take this message and forward it over to Perry Metzger."
          
          Okay.  So now what happens?  What's going out from me is an 
          encrypted, that is completely unreadable message, out to Berkeley.
          A minute later, ten minutes later, an hour later however we set it
          up, a message goes from Berkeley over to Perry.  Okay?  So no one
          can read the mail because it's encrypted. No one can do traffic
          analysis because it's -- it's blurred.  I can even -- without 
          getting into too much painstaking detail I can bounce it off ten
          different remailers.  I can send it to Berkeley, to Finland, to 
          here, to there, to there, and then to Perry.  No one looking at
          this -- where the mail is going can possibly figure out what's 
          going on.    
          
          Okay.  That's number one.  More applications for cryptography, 
          more of these --what I'm calling defensive applications.  Let's
          say you have people on the Net a lot of times asking embarrassing
          questions.  Let's say --there are groups, there are discussion
          groups out there for -- to discuss sex or to discuss like -- you 
          know people who were sexually abused when they were children, all
          kinds of stuff with all kinds of personal information.  You don't
          necessarily want to send out E-mail saying, "Oh, you know, I've 
          never slept with a woman.  Can anyone tell me about, you know, 
          how?"
            
          That's the kind of thing you see all the time and you don't 
          necessarily want your name attached to that, so, again, you can 
          -- you can use encryption to hide the contents of what you're
          sending out.  You can bounce it off these remailers so no one is
          the wiser. 
           
          Tim May mentioned this next one, actually.  You can actually lead
          several lives.  Let's say you're like a high government official. 
          This is sort of unlikely.  Let's say you work for the Defense
          Department or you're the Vice President or something like that but
          you actually have some -- or you're a fancy straight respected 
          scientist but you have some bizarre views that you don't want your
          name to be tainted with.  Let's say you're a fancy scientist and 
          you have an interest in UFO's or crop circles or something like 
          that.  Using cryptography, anonymous remailers and all this stuff
          you can lead a double or triple life, and, you know, lead your
          straight, respected Nobel Prize life and at the same time discuss
          crop circles with some lunatics over in England.  [LAUGHTER]

          And -- you see that all the time.  You see people on the Net who
          use pseudonyms, and actually establish reputations under a 
          particular pseudonym.  There's someone in the Cypherpunks group 
          --there have been several people in the Cypherpunks group 
          -- there was a guy -- he used the name "The Wonderer" and he would
          ask -- you know, he was asking like very simple, basic questions, 
          and for all we know he might have been -- it might have been 
          Perry?  And he was embarrassed to say, like "What's cryptography?"
          You know? [LAUGHTER]
          
          So he used this pseudonym, "The Wonderer."
          
PM:       You found me out.

DM:       I always suspected.  You can't fool me.      [LAUGHTER]

DM:       Okay.  You might want to hide certain political activities.  We're
          going to go over to the Federal Reserve and knock it over 
          tomorrow.  Whatever.
          
          What else?  Purchases.  Over time people will be making purchases
          over the Net.  You may be buying and selling stuff over the Net.  
          You don't want The Man or The Woman -- Janet Reno, I guess -- to
          know that you buy $300 worth of sex toys every month.  Or you 
          send out your credit card number over the Net to buy stuff and you
          don't want people grabbing your credit card number, which, as I
          said, is very easy to do.  So, again, you can encrypt this stuff
          and that's the end of people being able to track these purchases
          or rip off your credit card number.  
          
          All kinds of other personal information.  Again, more and more of 
          this stuff's going to be stored in electronic form. Medical
          records, credit history, stuff like that.  If you use cryptography
          to send all the stuff around then you have a little bit less of 
          a worry about people being able to just circulate it around 
          freely.   Okay, that's some of the basic -- what I'm calling 
          the defensive stuff.  Basically just, you know, protect your 
          privacy because your privacy is going to be in more and more 
          jeopardy as the Net grows, as Big Brother grows. 
          
          
          Okay, but let's get on to the fun stuff.  There's what I call
          offensive, not defensive, tactics, but more fun offensive stuff.  
          
          For example:  Whistle blowing.  You may work for some government
          agency that's doing some particularly horrible thing and you want
          to blow the whistle on them.  Or they ripped someone off or they
          did LSD experiments or something like that.  You can use crypto-
          graphy, anonymous remailers, to blow the whistle on people.  
          
          Anonymous transactions.  Again, as more and more people are doing
          business over the Net you can conduct transactions with complete
          untraceability.   Perry, I think, I hope, will be talking a little
          bit about digital cash.
          
PM:       I will.

DM:       Digital cash is another application of cryptography, where people
          can buy, sell, do banking on the Net without anyone knowing
          anything -- like an electronic Swiss bank account.  People can 
          buy and sell stuff from each other without even knowing who the 
          parties are -- a drug deal, let's say, or whatever, and no one 
          will know who either party is.  
          
          Underground economy, that falls into the same category.  Digital
          cash.  Again, if all this stuff is encrypted then it's basically
          untraceable, untrappable by the government, the I.R.S., whomever. 
          
          Sending illegal information.  The safe example that Tim May used 
          when I interviewed him on my radio show was, "RU-486?"  Is that
          still illegal?  Or what's the deal?
          
TM:       Yes.

DM:       So let's say you want to get information out to people on RU-486,
          the abortion pill, which is illegal in the U.S.  Again, you can
          encrypt it, send it anywhere in the world, completely untraceable.
          
          Okay.  That's basically it.  What this means is -- and this is 
          where the anarchy part comes in.  Borders, national borders, are 
          Swiss cheese.  Basically as things move more and more over to 
          electronic form, borders -- whether they like it or not, the 
          governments -- territorial gangsters as a friend of mine calls
          them -- borders become Swiss cheese.  They become completely
          irrelevant.  At the push of a button you can send anything you
          want basically anywhere in the world. No one will know what 
          you're sending, where you're sending it, nothing.
            
          There's a quote.  There's a quote in a Cypherpunks article in 
          "Whole Earth Review."  You can hide encrypted information on 
          a DAT, a music cassette or a digital audio tape, so, for example,
          Anyone carrying a single music cassette bought in a store could
          carry the entire computerized files of the Stealth Bomber and it 
          would be completely and totally imperceptible.  Nothing anyone 
          can do about it.  Again, basically what this does is sort of
          renders obsolete a lot of the laws, or most of the laws, or the
          whole basis for laws that are in place now.  Borders can't be
          enforced, taxes can't be enforced, and so on and so on. You get
          the idea.
     
          So to cut to the chase, the main goals of crypto-anarchy, the 
          main goals of the Cypherpunks, are:  (1) to spread the use of 
          strong cryptography.  Everyone should use encryption.  You
          should send all your E-mail encrypted.  
          
          People say, "Why do I need to encrypt my E-mail?  All I'm doing 
          is saying, you know, meet me for lunch at 12:30.  I don't need to
          encrypt it."  The answer we usually give is most of the mail you
          send out isn't that secret either, but you wouldn't send it all 
          on postcards.  So sending your E-mail unencrypted is like sending
          all your mail on postcards.  Encrypting your E-mail is like 
          putting all your mail in envelopes.  One further reason for that 
          is, again, this traffic analysis thing.  If you send all your 
          mail out unencrypted, hundreds of pieces of E-mail a day, and 
          then all of a sudden tomorrow at 5:00 p.m. you send out an 
          encrypted piece of E-mail, people might get a little suspicious 
          and look a little further into things.

          That's one reason that we promote the use of encryption all the 
          time.  If everything is encrypted-- if things are just flying 
          all around the world, no one knows anything.  Half of them may 
          be, "Meet me for lunch at 12:30," and the other half may be, you 
          know, "Let's make a drug deal," or whatever.  So the more people 
          use cryptography the more the lines get blurred and the more 
          powerless the authorities become.  There is a dark cloud which 
          Perry is going to talk about in a second, that unfortunately 
          -- I would prefer it if we could just stick to this stuff, but 
          actually there have been developments recently mainly with some-
          thing called the Clipper Chip that is really, really, ugly 
          and -- the Clipper Chip, and also the Digital Telephony Bill 
          that -- sort of bring a dark cloud in over all this stuff.
            
          One thing I'm always talking about is how in the last few years 
          anarchists or anarchist activists have sort of maybe been getting
          an inferiority complex, because it seems like the cops don't care
          about us that much anymore.  As much as I don't want to be a 
          martyr, you know that if the cops are tapping all your phones 
          you at least know that you're probably doing something right.  
          But I sort of get the impression lately a little bit that, you
          know, the cops just think "Fucking anarchists  Who cares?  
          They're not doing anything." 
           
          Well, you can put those fears to rest, because this stuff is 
          actually of great interest to the government, and the government
          is going to tremendous lengths to stifle this stuff.  It 
          definitely has the government's undivided attention, and I guess 
          Perry is going to tell you more about that now.


PM:       All right.  Now I was touching on this a little bit earlier, but 
          -- this gives you a little bit of motivation, why this is so 
          interesting.  It's one thing to say that the government is 
          interested in this, but does anyone -- I know that some people 
          in the audience already know the answer to this, but do most of 
          you -- if most of you are asking yourself what's the biggest and
          most secret agency that the United States government operates,
          you probably think the Central Intelligence Agency.

MALE:     National Reconnaissance Office.

MALE:     The Federal Reserve.

PM:       No.  It is the not the N.R.O., either.  The N.R.O. is bigger than
          the C.I.A., but it is not bigger than the N.S.A.
          
MALE:     Is DISCO more secret than the N.S.A.?

PM:       Pardon?

MALE:     DISCO?

PM:       DISCO?

MALE:     I guess it is.

PM:       It must be.  The National Security Agency -- spends more money
          and has more employees than all of the other intelligence 
          organizations the United States government operates combined.  
          Okay?  It spends over $30 billion a year only on signal 
          intelligence operations (SIGINT).  I'm about to get into what 
          those are.  This is something  that the government cares about 
          extremely passionately.   They spend vast amounts of money on it.
          You should ask yourself why.
          
          Now what exactly is the business of the National Security Agency?
          The business of the National Security Agency is signals 
          intelligence.  Most people aren't aware of it, but signals 
          intelligence is considered by most intelligence analysts to be 
          the most important form of intelligence.  Signals intelligence 
          played incredibly important roles all through World War II.  How
          many people here knew that the Battle of Midway was won entirely
          because of signals intelligence intercepts?  Okay.  A couple of 
          people.

MALE:     Seven percent.

PM:       How many people in this audience knew that the Battle of the