[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Feb 17 Transcript Part 3
But unfortunately, the Four Horsemen of the Apocalypse are still
there and the government is trying to use them as an excuse right
now. How many people saw the articles on the front page of the
New York Times about Clipper? Okay. A bunch of people have.
How many people saw the front page article in the New York Times
about the F.B.I. Digital Telephony Bill? Ah. Fewer people. I'll
start with the F.B.I. Digital Telephony Bill, because it's much
easier to understand.
The F.B.I. is not satisfied with the fact that our phone system
is not like the phone systems in Eastern Europe, and wants it to
be that way. [Laughter] They want the capacity to be able to
push a button in Washington at any time they like and tap any
telephone in the country at will. That's basically it in a
nutshell.
They claim that they need this capability because modern digital
telephone systems are becoming increasingly difficult to listen in
on. Computer Professionals for Social Responsibility did an
F.O.I.A. [Freedom Of Information Act] request on the F.B.I. and
managed to get documents which said, "By the way, we know this is
a lie but we're trying to get this bill through. So please lobby
for it." In fact no one has ever found that they have any
difficult tapping the existing telephone systems, but never mind
that. They are saying that because of advances in technology
they need the capacity to be able to sit in Washington, push a
button and listen to any telephone conversation in the country
at will. This is of course in order to stop the terrorists, drug
dealers, pornographers and child molesters. If they can find some
one who is all of those at once I am sure it will make their day.
Anyway, at the same time the National Security Agency has been
having these nightmares about cryptography so they've gotten the
Clinton Administration to front for them on a really, really
stupid idea.
MALE: Ten copies of the Justice Department announcements, the five
press releases from a week ago.
PM: Okay. Well, basically what's happened -- maybe we'll pass these
out in a minute -- is that this has been in the works for some
time and people have been fighting it, and so many people have
been fighting it that we thought it was dead, but it seems to
have come back from the dead. The government wants you to use
their cryptosystems.
What they want is they want to give you a little cryptography box
called "Clipper" that you can use, so that you don't have to
complain that all of your communications are insecure. But
Clipper has a built-in bugging feature in it, so that if the
government wants to listen in on your communications they can do
so.
Isn't that special of them? And they expect that everyone in the
country will want to use this.
MALE: And each one's got a serial number.
PM: Yes, yes. The way this basically works is that they store
basically the equivalent of a master key to the cryptography
system inside -- I'm trying to keep this from being too technical
-- essentially every time you use the Clipper chip to communicate
with something that also contains a Clipper chip, well, what it
does is it includes information about the key you are using in
the data stream that it sends to the other machine, and it's
encrypted with an encryption key that is known to the government
-- to keep everyone nice and honest. You know, we don't want to
keep those terrorists, child molesters, pornographers, drug
dealers from being able to encrypt things.
(Ie: "We're your government. Trust us, we know what's good
for you; but we don't trust you.")
However, they say that this standard is voluntary. Now if you
were a card-carrying terrorist would you use the government's
cryptography system, especially if it's voluntary to use it?
No. What you're probably going to do is go out and get yourself
a decent cryptography system. Hell, if you're actually being
armed by the Libyans they probably have nice KGB crypto equipment
that they can hand to you. You don't have to worry about going
to the store to buy your cryptography equipment.
So in general the notion that they can impose this as a voluntary
standard for encryption, which you're not compelled to use, is
ludicrous, and almost everyone in the community thinks that what
they're doing is preparing to try to ban all forms of encryption
other than the ones that they specifically approve. So we've got
these two interesting government movements right now, the one to
make tapping all of your telephones easier and the one to make it
easy to decrypt the communications on the telephones that they've
made it very easy to tap.
I thought that the Berlin Wall had fallen and the Stazi was out
of business, but apparently they've all just moved to Washington.
[Laughter] It's kind of annoying. But on the other hand, ignoring
all of this, they're -- by the way, I'll mention that every
industry group, groups like the Electronic Frontier Foundation
and Computer Professionals for Social Responsibility, all the
trade magazines, everyone on earth has come out saying this is a
stupid idea.
DM: The 700 Club did a ...
PM: The 700 Club actually did a story about how evil the government's
cryptography plan is. It's amazing. Everyone and their mother
has come out against this, but it doesn't seem to matter.
According to an article that's going to be published in next
month's "Wired" several administration officials have admitted
that this might be their Bay of Pigs, something really stupid that
they inherited from the previous administration, which they did,
which they're going to push forward anyway full steam ahead.
MALE: So whose head's going to explode like a flying -- you know, in
Dallas -- as a result of this thing?
PM: I don't know. Well, anyway, so -- now ignoring what the
government is trying to do to stop cryptography, I'll point out
that all is not rosy with cryptography. You can encrypt your
communications, you can try to be really careful about all of the
dealings you do, and if you try to live, say, purely in an
underground economy one day you sit in a caf� with the wrong guy
and he pulls out his I.R.S. credentials and says, "Can we do an
audit, please?"
Now it might be difficult for them to be able to spend the
resources necessary to try to track lots of people down for
abusing this sort of thing. In fact, I would argue that there's
no way that they have all the resources necessary to do that.
But nonetheless, let's point out you can't do everything in
cyberspace. You can't live in cyberspace. You have to live in
a home somewhere. You have to go to the corner store to eat.
You have a physical body. They can still get you. They
can still pass laws to try to restrict your freedoms.
Cryptography, however, does make them much weaker in many ways.
One of the things that's been pointed out repeatedly is that
government feeds on money. The lifeblood of government is money.
If they don't have money -- what traditionally happens in a Third-
World country that's experiencing hyperinflation? At some point
the soldiers discover that their pay no long will buy them food,
and they start revolting. Government workers are like everyone
else -- well, sort of like everyone else, but [LAUGHTER] --
government workers do have families, they do have mouths to feed.
They need to be paid. And when the government tries to print
money to pay them the money becomes less worthwhile. So they
depend on taxes in order to be able to control people.
In an environment where it becomes increasingly difficult to tax
activities, it becomes increasingly difficult for the government
to exert control over the population. In fact, the more people
move into some sort of cryptographic black market, the more
difficult it becomes for the government to try to stop it because
the fewer resources the government has. It's sort of a vicious
cycle for them. They need to have money in order to try to get
money, and the less resources they have to -- actually, Duncan,
you know this off the top of your head. How many millions of
Americans are thought to evade taxes right now?
DUNCAN: The Feds say officially there are ten million nonfilers who should
be filing, and at least another ten million filers who file
incorrectly on purpose. That's out of 114 million personal tax
returns filed last year, down from 117 million predicted. They
undershot by 4 mil.
FEMALE: They had like 900 convictions out of ...
PM: How many convictions were there for tax fraud last year?
DUNCAN: It's only about three or four hundred a year.
PM: In spite of this -- it's very, very difficult for them to expend
the resources to try to get a tax fraud conviction.
DUNCAN: It costs $50,000 bucks, or -- and then you got to imprison 'em. I
mean it costs half a mil or a mil.
MALE: Usually there's one other factor, and that is that there's only
one Treasury agent per 900 filers. So the enforcement bureaucracy
is actually very small. This came up in the debate over the gun
issue, where there's a mention of 240,000 gun dealers and about
one enforcement bureaucrat for every 240. That's a highly
regulated field by comparison with general tax filers.
PM: Anyway -- Dave points out that I'm kind of dragging this on, and
we should open it up for questions.
MALE: ... one other factor that hampers the I.R.S.?
PM: Yes?
MALE: They've got infiltrators.
PM: Oh?
MALE: There are people in the I.R.S. who are on our side.
PM: Okay. Anyway, if we're done with the major, initial part of the
talk -- I think we made some of the interesting --I've missed
talking about a bunch of things, like the fact that you can put
-- there are all sorts of neat things people have discovered
about cryptography over the years. You can play poker with people
by computer without having to trust the dealer or any of the other
players, and you can mathematically prove that no one has cheated
in the course of the game.
There are all sorts of neat tricks that cryptographers have come
up with over the last few years, and if people -- anyone with a
mathematical background, I strongly encourage you to go out and
buy a copy of one of the books on the subject. Actually the best
book on the subject right now is Bruce Schneier's Applied
Cryptography. This is a technical text. If you're not interested
in cryptography on a technical level, if you stopped with math
before algebra or something -- I'm not trying to denigrate anyone.
Some people are not interested in math. There's nothing wrong
with not being interested in math. But this is a math book,
basically. It's full of math. If you want to know the details,
however -- published by John Wylie & Sons.
There are some very good books -- it'll be up here. If you're
interested in the history of cryptography, David Kahn wrote an
extremely good book that only covers the world up to about 1970.
He mentions the N.S.A. These were the days before they admitted
that they existed, but he has chapters discussing them. The book
is called The Code Breakers, by David Kahn. It is still an
interesting book to read, because it gives you some idea about
how hard it is to produce good codes and how important it has
been in history. Most people are completely unaware of the
historical importance of secret communications and breaking
secret communications.
MALE: The British government for about seventy years claimed they
weren't breaking any telegrams, and in fact they were taking
every one into a room and trying to ...
MALE: The N.S.A. lied about it for years, also.
PM: The so-called Black Chambers. All through the 19th century
virtually every government in Europe had something called a
Black Chamber, which was the room into which all diplomatic
correspondence coming into and out of the country was brought to
be read. Most of it was encrypted, but some countries had pretty
good cryptographers. This has been going on for centuries.
There is nothing new about this. The only thing new about this is
that suddenly world-class cryptography is in the hands of
everyday people.
Lastly, there's a great book about the N.S.A. that Lou mentioned
a moment ago, called The Puzzle Palace by ...
DM: Bamford.
PM: The Puzzle Palace is, again, about ... (Inaudible; overlap)
DM: It's available in cheap paperback. Very good book.
PM: Oh, by the way. If you get a copy of The Codebreakers by David
Kahn, do not get the paperback. Get the hard-cover. The text is
different. The text of The Puzzle Palace in softcover is exactly
the same. It's a really good book. It's unfortunately about a
decade old, but it covers them in an enormous amount of detail.
Most people are completely oblivious to what the largest
intelligence agency in the U.S. is. You should inform yourselves.
DM: So let's open it up ...
PM: For questions.
* * *
Q: I don't understand the details of Chaum's method of electronic
banking, but I thought it required that the bank would issue
essentially denominations of bills that were public keys.
PM: Are they publicly keys? I could go into the details, but I don't
know ...
Q: My point is, how do you get this going without the cooperation of a
bank?
PM: Form your own bank. That's basically the answer. You have a digital
bank that issues digital money, basically.
MALE: If you have a couple of hundred people you can form your
own credit union.
PM: In fact there are some people in Texas who are now forming a credit
union on the premise that the credit union is going to permit people
to make electronic cryptographic transactions.
MALE: The problem with this digital bank and any other under-ground economy
is that if your digital cash is stolen or if this digital
underground economy collapses you will have no recourse in law
enforcement, in civil suits or FDIC insurance.
PM: Well, first of all -- I don't want to claim that the FDIC is a
wonderful thing here, but even assuming that it was I honestly trust
AAA-rated Swiss banks far more than I trust any bank in the United
States -- or the full faith and credit of the United States
government.
MALE: Here, here.
PM: Which is going down every day as the deficit increases.
Q: But who issues digital cash?
PM: No, the point is that you cannot steal digital cash. It doesn't
work that way. You can -- now the bank can defraud you. You
admittedly have to trust your bank. However, you cannot really
steal digital cash. It doesn't work that way.
MALE: It's protected using encryption. It's very complicated.
Q: Are you claiming that Virtual Virtue has been invented?
PM: No. I'm claiming cryptography has been invented. It does not --
the bank can defraud you. Someone cannot steal your digital cash.
Q: Why wouldn't this be an attractive notion to most Americans, and
subsequently why would this seem to be a scary notion to the
government?
PM: I will explain it to you right now. In this city, most people think
that most people comply with the tax regulations and with Federal
regulation. New York City is one of the most fascistly-run places
in the United States, so it would not be surprising that we have the
most thriving underground economy. Go downtown to Chinatown and you
will find building after building after building of off-books
businesses: clothing manufacturers, import-export businesses,
everything you can imagine, being run in a completely underground
manner.
The garment industry would not exist in New York City if it was not
for the underground economy in New York City. Okay, forget what
middle-American people will do. The underground economy already
exists, and this sort of thing is going to move forward and there's
probably going to be demand from people who are already in it.
As for the question of "virtue", as I said I would go into the
cryptographic protocols in detail, but -- you cannot be robbed of
your digital cash from your wallet the way that you can be robbed of
real cash.
MALE: They can't rob you any more than a regular bank can.
PM: It's not actual cash. It's really an anonymous transfer.
Q: Doesn't digital cash (?) to the maximum capitalists and fascists,
too, or are we just catching up with things?
MALE: This is a problem.
PM: Whether you like it or not, it's there. The computers are out there.
The technology has been invented. It cannot be uninvented. It can't
be put back in the bottle. There are tens of thousands of people in
this country who understand how to build these things. At this point
it's impossible to stop it. So whether you like capitalism or don't
like capitalism, whether you like technology or dislike technology,
this is a reality. I would advise personally that you try to use it
to your benefit. Perhaps other people have different opinions.
That's what I would think.
Q: A two-point question. First of all, have you seen the article in the
Humanist(?) about digital cash?
PM: I'm afraid I have not.
Q: Have you?
DM: Can't say I have. No.
Q: Okay. Secondly -- now the promo for this talk says it'll make the
State a thing of the past.
PM: I think that's something of an exaggeration.
DM: Basically what we're talking about, and it remains to be seen how far
it's going to go, is the withering of the State in the sense that
governments can no longer say -- now they can say we won't let this
book cross our borders, you can't do certain kinds of financial
trans-actions, you're not allowed to read this stuff, you're not
allowed to make bootleg copies of this record. All this stuff is
going to be going on more and more, and it's unstoppable by the
government. So in other words, a lot of these laws are just
unenforceable, superfluous, as this stuff starts travelling over the
Net in encrypted forms.
MALE: That's victory to some extent.
DM: Right.
PM: Oh, yes. It is very much -- it's sort of the exponentiation of (?).
As soon as you allow in -- the Chinese discovered this at Tiennamen
Square. Fascists and totalitarian governments and Communist
governments have known this for a long time. You want to keep the
copy machines in your country as difficult to get to as possible.
You want to keep the telephones difficult to get to, and make them
bad and tap them all the time.
You want to restrict the flow of information. One of the things that
happened after Tiennamen Square were these informal fax networks came
into existence all over China, and within hours people all over the
country knew the truth about what was going on.
Information from satellite broadcasts and from foreign radio stations
got in and swept over the country. This just compounds that problem.
If you're going to take part in the modern world, if you're not going
to be like Albania, you're going to have to allow in the Internet.
As soon as you allow in the Internet, people are going to start
exchanging data. As soon as they start exchanging data some of that
data might be encrypted, and you have no way of knowing what it is
that they're bringing in or putting out. You can't control it, not
short of controlling every single computer that exists in your
country.
Q: Has there ever been a case where the government has broken the code
and ... (Inaudible; overlap)
PM: In the thirties all the time. Bootleggers would use primitive
cryptographic systems to communicate with each other and would get
hauled into court. In fact Kahn's book, The Codebreakers, talks a
lot about this. You bring up a very important point. Not all
cryptography is good cryptography. The program WordPerfect is really
popular out there. It has a little function that will let you save
an encrypted version of your file. It's totally useless. With a
couple of milliseconds' worth of work, another program can just
break that wide open.
You need strong cryptography. Just any cryptography won't do.
Insist on -- but in the past very often people using secret codes
for communication have been hauled into court by the United States
government. It's happened.
Q: Were they drug dealers?
PM: In Prohibition they were drug dealers. Yes.
Q: Recently.
PM: Recently, no. It has not happened recently. One of the things
that's very strange is that more of them are not using cryptography.
There are companies in the U.S. that will sell you commercially phone
scramblers that are really, really good.
MALE: [INAUDIBLE]. I'm not sure who is reading my mail. It takes a lot of
effort to do something, to cause anarchy to happen, and everyone
would have to be involved, and I don't see that there's any payback.
PM: I disagree for the following reason. First of all, the people who
know these programs are reasonably smart, and most of them are
actually talking to each other right now. And there are real
attempts made to try to make sure that they all communicate with
each other fairly well. This is intentionally so that people do
not face the question of having: "Well, I've got Encryption
Program A and you've got Encryption Program B. Yes, we can talk."
One of things also by the way in public key is that it makes it easy.
Just so long as I know that you're -- Duncan can give you two disks.
If you want you can just throw one at one of your friends. Hopefully
he'll catch it and it won't hit the floor. And you don't actually
have to communicate with each other in advance or communicate with
any of your other friends in advance in order to exchange information.
You just have to have compatible software. And the marketplace is
taking care of that, because people want to communicate with each
other.
MALE: But it is not anything the government can't regulate. I know you
say that it can't, but you can regulate it that kind of stuff.
PM: They can try to stop it.
MALE: I don't see any way [INAUDIBLE] ...
MALE: It also benefits me. I may consider that I benefitted from breaking
Midway(?) codes or Atlantic codes or whatever it is. [INAUDIBLE].
PM: Well, there might be benefits to you, but unfortunately it's --
whether this is fortunate or unfortunate in fact, it's not your
choice. It's not up to me, it's not up to you, it's not up to
anyone. The cat's out of the bag.
MALE: It's not.
PM: Oh, yes, it is. Anyone can buy a copy of this book.
MALE: I can get anything I want off your computer. Anything I want.
You send any kind of electronic mail, I can get it (?).
PM: How?
MALE: There's always a way.
PM: No. I'm an electronic mail administrator. There are ...
MALE: I can use a rubber hose cryptosystem.
PM: Yes. Admittedly. I can come up to you and I can beat you up. At
which point what does it matter?
MALE: I can change your computer so it doesn't -- I can monitor your
keyboard, watching you type. I mean there's all these ways. It's
not a question of [INAUDIBLE].
PM: It becomes very rapidly prohibitively expensive ...
(Inaudible; overlap)
DM: There's a question of how much it'll cost the government. There are
estimates that if the N.S.A. used every computer they have and they
ran it for eighty years nonstop, they'd be able to break -- you know,
it's like angels on the head of a pin. I mean ...
PM: He points out very correctly that if they're willing to spend enough
money they can monitor -- they can break you. On the other hand,
it's extremely expensive for them to do that and cryptography is
really cheap. In fact if you have a computer already cryptography
is absolutely free. Now admittedly, computers are not absolutely
free. But anyone who has a computer right now, anyone who has a
computer right now can communicate with anyone else who has a
computer right now securely, securely enough that what they spent a
couple of hundred dollars setting up the government will have to
spend tens of thousands of dollars trying to go after.
MALE: It's actually millions probably.
PM: Not necessarily. If they come after you with rubber hoses it might
be relatively cheap ... [LAUGHTER]
MALE: Forty dollars.
PM: You say things like, "Well, I have to coordinate these things, and I
have to come up with..." Yes. Admittedly you have to have standards.
But remember, most people in the world who do technical stuff very
naturally try to follow standards. You won't go to the average
telephone store and buy a telephone that does not plug into your wall,
and that's not because they particularly like you or they
particularly like modular jacks; it's because they want to make sure
-- because they know that if you buy a phone that doesn't plug into
your wall -- well, you won't buy a phone that doesn't plug into your
wall. Put it that way.
DM: Perry, you know, keep in mind that a lot of this stuff is the
ground floor. It's square one, whatever, and the idea is to let
people know what's going on, let people know what the problems are,
let people know what the solutions are now, and maybe five years
from now -- again, the problem I sort of hinted at before was that
because it's still early the government's trying to do things like
slip in the Clipper chip and stuff to prevent these things before
they happen. It's just important for people to know about this
stuff. As time goes by new systems, new software, will have all
this stuff built into it and ...
MALE: You won't even know you're encrypting.
DM: Yeah.
Q: What about the falling price of processing power?
PM: Well, this has two interesting effects. There is an extent to which
this makes it easier to crack codes. However, not as much as you
would think.
Q: What about lengthening the number of digits in the prime that you ...
PM: We won't get into these details, but basically one of the features
of things like public key cryptosystems is that if you have twice as
much computer power lying around you can encrypt things much more
securely using the same amount of time and it takes exponentially
longer for the people who are trying to break what you've done.
MALE: Not only -- as processing power falls -- it is cheaper...
PM: It becomes faster.
MALE: As the specific cost of processing falls, of processing power falls,
it becomes progressively cheaper to use longer and longer keys,
which cost more and more time ...
FEMALE: Witfield Diffy says to use three crypto scans ABA.
PM: Well, that's DES. Never mind. We're getting into details that we
shouldn't, probably.
MALE: The point is the cheaper ...
PM: As computers get cheaper, it will become harder for them to break
codes using non-rubber hose techniques. That's true.
MALE: Decryption becomes more costly.
DM: Steve, in the back.
STEVE: First of all, it's been very interesting subject, thanks but I'm
goin to rain on your parade... A couple of things come to mind.
[INAUDIBLE]. One thing of course is the issue of acces. Most of
the population doesn't have access to the equipment, and certainly
if they have access to the equipment have very limited knowledge,
and really it winds up ... [INAUDIBLE] ... being a very small group
of individuals. [INAUDIBLE] ... If we're talking about this in the
context of -- this is creating a new, nonauthoritarian society, that
can't be done by a small group of individuals acting through an
Internet or electronic data process. It requires a [INAUDIBLE]
social organization. You know, you mentioned Tiannemen Square.
Well, the efforts [INAUDIBLE] ... You get an Army that is willing
to repress the rest of the population for the resources of the rest
of the population. As long as that happens ... [INAUDIBLE] ...
One other thing I should mention, when we talk also about the issue
about people pulling out, about the underground economy -- one you
mentioned, the underground economy of Chinatown. I'm not sure
[INAUDIBLE] ... exactly a model we'd want to impose for the rest of
society. Suppose you get a lot of people to stop paying taxes
[INAUDIBLE] ... without an overt social organization when
sanitation services collapse and social services collapse -- unless
you're [INAUDIBLE] ... It comes back to ultimately what anarchy