989 lines
40 KiB
Plaintext
989 lines
40 KiB
Plaintext
|
||
|
||
Crypto Anarchy and Virtual Communities
|
||
|
||
|
||
|
||
Timothy C. May
|
||
|
||
535 Monterey Drive
|
||
|
||
Aptos, CA 95003 U.S.A.
|
||
|
||
tcmay@netcom.com
|
||
|
||
|
||
Extended Abstract
|
||
|
||
The combination of strong, unbreakable public key
|
||
cryptography and virtual network communities in
|
||
cyberspace will produce interesting and profound
|
||
changes in the nature of economic and social sys-
|
||
tems. Crypto anarchy is the cyberspatial realization
|
||
of anarcho-capitalism, transcending national
|
||
boundaries and freeing individuals to make the
|
||
economic arrangements they wish to make consen-
|
||
sually.
|
||
|
||
Strong cryptography, exemplified by RSA (a public
|
||
key algorithm) and PGP (Pretty Good Privacy), pro-
|
||
vides encryption that essentially cannot be broken
|
||
with all the computing power in the universe. This
|
||
ensures security and privacy. Public key cryptogra-
|
||
phy is rightly considered to be a revolution.
|
||
|
||
Digital mixes, or anonymous remailers, use crypto to
|
||
create untraceable e-mail, which has many uses.
|
||
(Numerous anonymous remailers, in several coun-
|
||
tries, are now operating. Message traffic is growing
|
||
exponentially.)
|
||
|
||
Digital pseudonyms, the creation of persistent net-
|
||
work personas that cannot be forged by others and
|
||
yet which are unlinkable to the "true names" of their
|
||
owners, are finding major uses in ensuring free
|
||
speech, in allowing controversial opinions to be
|
||
aired, and in providing for economic transactions
|
||
that cannot be blocked by local governments. The
|
||
technology being deployed by the Cypherpunks
|
||
and others, means their identities, nationalities, and
|
||
even which continents they are on are untraceable--
|
||
unless they choose to reveal this information. This
|
||
alters the conventional "relationship topology" of
|
||
the world, allowing diverse interactions without
|
||
external governmental regulation, taxation, or in-
|
||
terference
|
||
|
||
Digital cash, untraceable and anonymous (like real
|
||
cash), is also coming, though various technical and
|
||
practical hurdles remain. "Swiss banks in cyber-
|
||
space" will make economic transactions much more
|
||
liquid and much less subject to local rules and reg-
|
||
ulations. Tax avoidance is likely to be a major at-
|
||
traction for many. An example of local interest to
|
||
Monte Carlo might be the work underway to devel-
|
||
op anonymous, untraceable systems for "cyber-
|
||
space casinos." While not as attractive to many as
|
||
elegant casinos, the popularity of "numbers games"
|
||
and bookies in general suggests a opportunity to
|
||
pursue.
|
||
|
||
Data havens and information markets are already
|
||
springing up, using the methods described to make
|
||
information retrievable anonymously and untrace-
|
||
ably.
|
||
|
||
Governments see their powers eroded by these
|
||
technologies, and are taking various well-known
|
||
steps to try to limit the use of strong crypto by their
|
||
subjects. The U.S. has several well-publicized ef-
|
||
forts, including the Clipper chip, the Digital Tele-
|
||
phony wiretap law, and proposals for "voluntary"
|
||
escrow of cryptographic keys. Cypherpunks and
|
||
others expect these efforts to be bypassed. Technol-
|
||
ogy has let the genie out of the bottle. Crypto anar-
|
||
chy is liberating individuals from coercion by their
|
||
physical neighbors--who cannot know who they
|
||
are on the Net--and from governments. For libertar-
|
||
ians, strong crypto provides the means by which
|
||
government will be avoided.
|
||
|
||
The presentation will describe how several of these
|
||
systems work, briefly, and will outline the likely im-
|
||
plications of this combination of crypto anarchy
|
||
and virtual cyberspace communities.
|
||
|
||
1.Introduction
|
||
|
||
This paper describes the combination of two major
|
||
technologies:
|
||
|
||
<EFBFBD>.Strong Crypto: including encryption, digi-
|
||
tal signatures, digital cash, digital mixes (re-
|
||
mailers), and related technologies.
|
||
|
||
<EFBFBD>.Cyberspatial Virtual Communities: includ-
|
||
ing networks, anonymous communications,
|
||
MUDs and MOOs, and "Multiverse"-type vir-
|
||
tual realities.
|
||
|
||
These areas have generally remained separate, at
|
||
least in published papers. Certainly the developers
|
||
of cyberspace systems, such as MUDs, MOOs, and
|
||
Habitat-like systems, appreciate the importance of
|
||
cryptography for user authentication, overall secu-
|
||
rity, and certainly for (eventual) digital purchase of
|
||
services. But for the most part the combination of
|
||
these two areas has been the province of the science
|
||
fiction writer, notably writers such as Vernor Vinge,
|
||
William Gibson, Bruce Sterling, and Orson Scott
|
||
Card.
|
||
|
||
The "Cypherpunks" group, a loose, anarchic mail-
|
||
ing list and group of hackers, was formed by sever-
|
||
al of us in 1992 as a group to make concrete some of
|
||
the abstract ideas often presented at conferences.
|
||
We've had some successes, and some failures. [1]
|
||
The Cypherpunks group also appeared at a fortu-
|
||
itous time, as PGP was becoming popular, as Wired
|
||
magazine appeared (they featured us on the cover
|
||
of their second issue), and as the publicity (hype?)
|
||
about the Information Superhighway and the
|
||
World Wide Web reached a crescendo.
|
||
|
||
The site ftp.csua.berkeley.edu has a number of es-
|
||
says and files, including crypto files, in the directo-
|
||
ry pub/cypherpunks. I have also written/
|
||
compiled a very large 1.3 MB FAQ on these issues,
|
||
the Cyphernomicon, available at various sites, in-
|
||
cluding my ftp directory, ftp.netcom.com, in the di-
|
||
rectory pub/tc/tcmay.
|
||
|
||
The Cypherpunks group is also a pretty good ex-
|
||
ample of a "virtual community." Scattered around
|
||
the world, communicating electronically in matters
|
||
of minutes, and seeming oblivious to local laws, the
|
||
Cypherpunks are indeed a community, and a virtu-
|
||
al one. Many members use pseudonyms, and use
|
||
anonymous remailers to communicate with the list.
|
||
The list itself thus behaves as a "message pool," a
|
||
place where information of all sort may be anony-
|
||
mous deposited--and anonymous received (since
|
||
everyone sees the entire list, like a newspaper, the
|
||
intended recipient is anonymized).
|
||
|
||
Legal Caveat: Consult your local laws before apply-
|
||
ing any of the methods described here. In some ju-
|
||
risdictions, it may be illegal to even read papers like
|
||
this (seriously). In particular, I generally won't be
|
||
giving ftp site addresses for copies of PGP, remailer
|
||
access, digital cash systems, etc. These are well-cov-
|
||
ered in more current forums, e.g., sci.crypt or
|
||
talk.politics.crypto, and there are some unresolved is-
|
||
sues about whether giving the address of such sites
|
||
constitutes (or "aids and abets") violation of various
|
||
export and munitions laws (crypto is considered a
|
||
munition in the U.S. and probably else-
|
||
where....some nations consider a laser printer to be
|
||
a munitions item!).
|
||
|
||
2.Modern Cryptography
|
||
|
||
The past two decades have produced a revolution
|
||
in cryptography (crypto, for short) the science of
|
||
the making of ciphers and codes. Beyond just sim-
|
||
ple ciphers, useful mainly for keeping communica-
|
||
tions secret, modern crypto includes diverse tools
|
||
for authentication of messages, for digital time-
|
||
stamping of documents, for hiding messages in
|
||
other documents (steganography), and even for
|
||
schemes for digital cash.
|
||
|
||
Public key cryptography, the creation of Diffie and
|
||
Hellman, has dramatically altered the role of cryp-
|
||
to. Coming at the same time as the wholesale con-
|
||
version to computer networks and worldwide
|
||
communications, it has been a key element of secu-
|
||
rity, confidence, and success. The role of crypto will
|
||
only become more important over the coming de-
|
||
cades.
|
||
|
||
Pretty Good Privacy, PGP, is a popular version of
|
||
the algorithm developed by Rivest, Shamir, and
|
||
Adleman, known of course as RSA. The RSA algo-
|
||
rithm was given a patent in the U.S., though not in
|
||
any European countries, and is licensed commer-
|
||
cially. [2]
|
||
|
||
These tools are described in detail in various texts
|
||
and Conference proceedings, and are not the sub-
|
||
ject of this paper. [3] The focus here is on the impli-
|
||
cations of strong crypto for cyberspace, especially
|
||
on virtual communities.
|
||
|
||
Mention should be made of the role of David
|
||
Chaum in defining the key concepts here. In several
|
||
seminal papers (for example, [4] [5]), Chaum intro-
|
||
duced the ideas of using public key cryptography
|
||
methods for anonymous, untraceable electronic
|
||
mail, for digital money systems in which spender
|
||
identity is not revealed, and in schemes related to
|
||
these. (I make no claims of course that Chaum
|
||
agrees with my conclusions about the political and
|
||
socioeconomic implications of these results.)
|
||
|
||
3.Virtual Communities
|
||
|
||
Notes: cyberspace, Habitat, VR, Vinge, etc. Crypto
|
||
holds up the "walls" of these cyberspatial realities.
|
||
Access control, access rights, modification privileg-
|
||
es.
|
||
|
||
Virtual communities are the networks of individu-
|
||
als or groups which are not necessarily closely-con-
|
||
nected geographically. The "virtual" is meant to
|
||
imply a non-physical linking, but should not be tak-
|
||
en to mean that these are any less community-like
|
||
than are conventional physical communities.
|
||
|
||
Examples include churches, service organizations,
|
||
clubs, criminal gangs, cartels, fan groups, etc. The
|
||
Catholic Church and the Boy Scouts are both exam-
|
||
ples of virtual communities which span the globe,
|
||
transcend national borders, and create a sense of al-
|
||
legiance, of belonging, and a sense of "community."
|
||
Likewise, the Mafia is a virtual community (with its
|
||
enforcement mechanisms, its own extra-legal rules,
|
||
etc.) Lots of other examples: Masons, Triads, Red
|
||
Cross, Interpol, Islam, Judaism, Mormons, Sindero
|
||
Luminoso, the IRA, drug cartels, terrorist groups,
|
||
Aryan Nation, Greenpeace, the Animal Liberation
|
||
Front, and so on. There are undoubtedly many
|
||
more such virtual communities than there are na-
|
||
tion-states, and the ties that bind them are for the
|
||
most part much stronger than are the chauvinist na-
|
||
tionalism emotions. Any group in which the com-
|
||
mon interests of the group, be it a shared ideology
|
||
or a particular interest, are enough to create a cohe-
|
||
sive community.
|
||
|
||
Corporations are another prime example of a virtu-
|
||
al community, having scattered sites, private com-
|
||
munication channels (generally inaccessible to the
|
||
outside world, including the authorities), and their
|
||
own goals and methods. In fact, many "cyberpunk"
|
||
(not cypherpunk) fiction authors make a mistake, I
|
||
think, in assuming the future world will be domi-
|
||
nated by transnational megacorporate "states." In
|
||
fact, corporations are just one example--of many--of
|
||
such virtual communities which will be effectively
|
||
on a par with nation-states. (Note especially that
|
||
any laws designed to limit use of crypto cause im-
|
||
mediate and profound problems for corporations--
|
||
countries like France and the Philippines, which
|
||
have attempted to limit the use of crypto, have
|
||
mostly been ignored by corporations. Any attempts
|
||
to outlaw crypto will produce a surge of sudden
|
||
"incorporations," thus gaining for the new corpo-
|
||
rate members the aegis of corporate privacy.)
|
||
|
||
In an academic setting, "invisible colleges" are the
|
||
communities of researchers.
|
||
|
||
These virtual communities typically are "opaque"
|
||
to outsiders. Attempts to gain access to the internals
|
||
of these communities are rarely successful. Law en-
|
||
forcement and intelligence agencies (such as the
|
||
NSA in the U.S., Chobetsu in Japan, SDECE in
|
||
France, and so on, in every country) may infiltrate
|
||
such groups and use electronic surveillance
|
||
(ELINT) to monitor these virtual communities. Not
|
||
surprisingly, these communities are early adopters
|
||
of encryption technology, ranging from scrambled
|
||
cellphones to full-blown PGP encryption. [8]
|
||
|
||
The use of encryption by "evil" groups, such as
|
||
child pornographers, terrorists, abortionists, abor-
|
||
tion protestors, etc., is cited by those who wish to
|
||
limit civilian access to crypto tools. We call these the
|
||
"Four Horseman of the Infocalypse," as they are so
|
||
often cited as the reason why ordinary citizen-units
|
||
of the nation-state are not to have access to crypto.
|
||
|
||
This is clearly a dangerous argument to make, for
|
||
various good reasons. The basic right of free speech
|
||
is the right to speak in a language one's neighbors
|
||
or governing leaders may not find comprehensible:
|
||
encrypted speech. There's not enough space here to
|
||
go into the many good arguments against a limit on
|
||
access to privacy, communications tools, and cryp-
|
||
to.
|
||
|
||
The advent of full-featured communications sys-
|
||
tems for computer-mediated virtual communities
|
||
will have even more profound implications. MUDs
|
||
and MOOs (multi-user domains, etc.) and 3D virtu-
|
||
al realities are one avenue, and text-centric Net
|
||
communications are another. (Someday, soon,
|
||
they'll merge, as described in Vernor Vinge's pro-
|
||
phetic 1980 novella, True Names.)
|
||
|
||
4.Observability and Surveil-
|
||
lance
|
||
|
||
An interesting way to view issues of network visi-
|
||
bility is in terms of the "transparency" of nodes and
|
||
links between nodes. Transparent means visible to
|
||
outsiders, perhaps those in law enforcement or the
|
||
intelligence community. Opaque mean not trans-
|
||
parent, not visible. A postcard is transparent, a
|
||
sealed letter is opaque. PGP inventor Phil Zimmer-
|
||
mann has likened the requirement for transparency
|
||
to being ordered to use postcards for all correspon-
|
||
dence, with encryption the equivalent of an opaque
|
||
envelope (envelopes can be opened, of course, and
|
||
long have been).
|
||
|
||
Transparent links and nodes are the norm in a po-
|
||
lice state, such as the U.S.S.R., Iraq, China, and so
|
||
forth. Communications channels are tapped, and
|
||
private use of computers is restricted. (This is be-
|
||
coming increasingly hard to do, even for police
|
||
states; many cite the spread of communications op-
|
||
tions as a proximate cause of the collapse of com-
|
||
munism in recent years.)
|
||
|
||
There are interesting "chemistries" or "algebras" of
|
||
transparent vs. opaque links and nodes. What hap-
|
||
pens if links must be transparent, but nodes are al-
|
||
lowed to be opaque? (The answer: the result is as if
|
||
opaque links and nodes were allowed, i.e., full im-
|
||
plications of strong crypto. Hence, any attempt to
|
||
ban communications crypto while still allowing
|
||
private CPUs to exist....)
|
||
|
||
If Alice and Bob are free to communicate, and to
|
||
choose routing paths, then Alice can use "crypto ar-
|
||
bitrage" (a variation on the term, "regulatory arbi-
|
||
trage," the term Eric Hughes uses to capture this
|
||
idea of moving transactions to other jurisdictions)
|
||
to communicate with sites--perhaps in other coun-
|
||
tries--that will perform as she wishes. This can
|
||
mean remailing, mixing, etc. As an example, Cana-
|
||
dian citizens who are told they cannot access infor-
|
||
mation on the Homolka-Teale murder case (a
|
||
controversial case in which the judge has ordered
|
||
the media in Canada, and entering Canada, not to
|
||
discuss the gory details) nevertheless have a vast
|
||
array of options, including using telnet, gopher, ftp,
|
||
the Web, etc., to access sites in many other coun-
|
||
tries--or even in no country in particular.
|
||
|
||
Most of the consequences described here arise from
|
||
this chemistry of links and nodes: unless nearly all
|
||
node and links are forced to be transparent, includ-
|
||
ing links to other nations and the nodes in those na-
|
||
tions, then the result is that private communication
|
||
can still occur. Crypto anarchy results.
|
||
|
||
5.Crypto Anarchy
|
||
|
||
"The Net is an anarchy." This truism is the core of
|
||
crypto anarchy. No central control, no ruler, no
|
||
leader (except by example, reputation), no "laws."
|
||
No single nation controls the Net, no administra-
|
||
tive body sets policy. The Ayatollah in Iran is as
|
||
powerless to stop a newsgroup--alt.wanted.mos-
|
||
lem.women or alt.wanted.moslem.gay come to mind--
|
||
he doesn't like as the President of France is as pow-
|
||
erless to stop, say, the abuse of French in soc.cul-
|
||
ture.french. Likewise, the CIA can't stop
|
||
newsgroups, or sites, or Web pages, which give
|
||
away their secrets. At least not in terms of the Net
|
||
itself...what non-Net steps might be taken is left as
|
||
an exercise for the paranoid and the cautious.
|
||
|
||
This essential anarchy is much more common than
|
||
many think. Anarchy--the absence of a ruler telling
|
||
one what to do--is common in many walks of life:
|
||
choice of books to read, movies to see, friends to so-
|
||
cialize with, etc. Anarchy does not mean complete
|
||
freedom--one can, after all, only read the books
|
||
which someone has written and had published--but
|
||
it does mean freedom from external coercion. Anar-
|
||
chy as a concept, though, has been tainted by other
|
||
associations.
|
||
|
||
First, the "anarchy" here is not the anarchy of popu-
|
||
lar conception: lawlessness, disorder, chaos, and
|
||
"anarchy." Nor is it the bomb-throwing anarchy of
|
||
the 19th century "black" anarchists, usually associ-
|
||
ated with Russia and labor movements. Nor is it the
|
||
"black flag" anarchy of anarcho-syndicalism and
|
||
writers such as Proudhon. Rather, the anarchy be-
|
||
ing spoken of here is the anarchy of "absence of
|
||
government" (literally, "an arch," without a chief or
|
||
head).
|
||
|
||
This is the same sense of anarchy used in "anarcho-
|
||
capitalism," the libertarian free market ideology
|
||
which promotes voluntary, uncoerced economic
|
||
transactions. [6] I devised the term crypto anarchy as
|
||
a pun on crypto, meaning "hidden," on the use of
|
||
"crypto" in combination with political views (as in
|
||
Gore Vidal's famous charge to William F. Buckley:
|
||
"You crypto fascist!"), and of course because the
|
||
technology of crypto makes this form of anarchy
|
||
possible. The first presentation of this was in a 1988
|
||
"Manifesto," whimsically patterned after another
|
||
famous manifesto. [7] Perhaps a more popularly
|
||
understandable term, such as "cyber liberty," might
|
||
have some advantages, but crypto anarchy has its
|
||
own charm, I think.
|
||
|
||
And anarchy in this sense does not mean local hier-
|
||
archies don't exist, nor does it mean that no rulers
|
||
exist. Groups outside the direct control of local gov-
|
||
ernmental authorities may still have leaders, rulers,
|
||
club presidents, elected bodies, etc. Many will not,
|
||
though.
|
||
|
||
Politically, virtual communities outside the scope of
|
||
local governmental control may present problems
|
||
of law enforcement and tax collection. (Some of us
|
||
like this aspect.) Avoidance of coerced transactions
|
||
can mean avoidance of taxes, avoidance of laws
|
||
saying who one can sell to and who one can't, and
|
||
so forth. It is likely that many will be unhappy that
|
||
some are using cryptography to avoid laws de-
|
||
signed to control behavior.
|
||
|
||
National borders are becoming more transparent
|
||
than ever to data. A flood of bits crosses the borders
|
||
of most developed countries--phone lines, cables,
|
||
fibers, satellite up/downlinks, and millions of dis-
|
||
kettes, tapes, CDs, etc. Stopping data at the borders
|
||
is less than hopeless.
|
||
|
||
Finally, the ability to move data around the world at
|
||
will, the ability to communicate to remote sites at
|
||
will, means that a kind of "regulatory arbitrage" can
|
||
be used to avoid legal roadblocks. For example, re-
|
||
mailing into the U.S. from a site in the Nether-
|
||
lands...whose laws apply? (If one thinks that U.S.
|
||
laws should apply to sites in the Netherlands, does
|
||
Iraqi law apply in the U.S.? And so on.)
|
||
|
||
This regulatory arbitrage is also useful for avoiding
|
||
the welter of laws and regulations which opera-
|
||
tions in one country may face, including the "deep
|
||
pockets" lawsuits so many in the U.S. face. Moving
|
||
operations on the Net outside a litigious jurisdic-
|
||
tion is one step to reduce this business liability. Like
|
||
Swiss banks, but different.
|
||
|
||
6.True Names and Anonymous
|
||
Systems
|
||
|
||
Something needs to be said about the role of ano-
|
||
nymity and digital pseudonyms. This is a topic for
|
||
an essay unto itself, of course.
|
||
|
||
Are true names really needed? Why are they asked
|
||
for? Does the nation-state have any valid reason to
|
||
demand they be used?
|
||
|
||
People want to know who they are dealing with, for
|
||
psychological/evolutionary reasons and to better
|
||
ensure traceability should they need to locate a per-
|
||
son to enforce the terms of a transaction. The purely
|
||
anonymous person is perhaps justifiably viewed
|
||
with suspicion.
|
||
|
||
And yet pseudonyms are successful in many cases.
|
||
And we rarely know whether someone who pre-
|
||
sents himself by some name is "actually" that per-
|
||
son. Authors, artists, performers, etc., often use
|
||
pseudonyms. What matters is persistence, and non-
|
||
forgeability. Crypto provides this.
|
||
|
||
On the Cypherpunks list, well-respected digital
|
||
pseudonyms have appeared and are thought of no
|
||
less highly than their "real" colleagues are.
|
||
|
||
The whole area of digitally-authenticated reputa-
|
||
tions, and the "reputation capital" that accumulates
|
||
or is affected by the opinions of others, is an area
|
||
that combines economics, game theory, psychology,
|
||
and expectations. A lot more study is needed.
|
||
|
||
It is unclear if governments will move to a system
|
||
of demanding "Information Highway Driver's Li-
|
||
censes," figuratively speaking, or how systems like
|
||
this could ever be enforced. (The chemistry of
|
||
opaque nodes and links, again.)
|
||
|
||
7.Examples and Uses
|
||
|
||
It surprises many people that some of these uses are
|
||
already being intensively explored. Anonymous re-
|
||
mailers are used by tens of thousands of persons--
|
||
and perhaps abused. [13] And of course encryption,
|
||
via RSA, PGP, etc., is very common in some com-
|
||
munities. (Hackers, Net users, freedom fighters,
|
||
white separatists, etc....I make no moral judgments
|
||
here about those using these methods).
|
||
|
||
Remailers are a good example to look at in more de-
|
||
tail. There are two current main flavors of remailers:
|
||
|
||
1."Cypherpunk"-style remailers, which process
|
||
text messages to redirect mail to another sites, using
|
||
a command syntax that allows arbitrary nesting of
|
||
remailing (as many sites as one wishes), with PGP
|
||
encryption at each level of nesting.
|
||
|
||
2."Julf"-style remailer(s), based on the original
|
||
work of Karl Kleinpaste and operated/maintained
|
||
by Julf Helsingius, in Finland. No encryption, and
|
||
only one such site at present. (This system has been
|
||
used extensively for messages posted to the Usenet,
|
||
and is basically successful. The model is based on
|
||
operator trustworthiness, and his location in Fin-
|
||
land, beyond the reach of court orders and subpoe-
|
||
nas from most countries.)
|
||
|
||
The Cypherpunks remailers currently number
|
||
about 20, with more being added every month.
|
||
There is no reason not to expect hundreds of such
|
||
remailers in a few years.
|
||
|
||
One experimental "information market" is Black-
|
||
Net, a system which appeared in 1993 and which al-
|
||
lows fully-anonymous, two-way exchanges of
|
||
information of all sorts. There are reports that U.S.
|
||
authorities have investigated this because of its
|
||
presence on networks at Defense Department re-
|
||
search labs. Not much they can do about it, of
|
||
course, and more such entities are expected.
|
||
|
||
(The implications for espionage are profound, and
|
||
largely unstoppable. Anyone with a home comput-
|
||
er and access to the Net or Web, in various forms,
|
||
can use these methods to communicate securely,
|
||
anonymously or pseudonymously, and with little
|
||
fear of detection. "Digital dead drops" can be used
|
||
to post information obtained, far more securely
|
||
than the old physical dead drops...no more messag-
|
||
es left in Coke cans at the bases of trees on remote
|
||
roads.)
|
||
|
||
Whistleblowing is another growing use of anony-
|
||
mous remailers, with folks fearing retaliation using
|
||
remailers to publicly post information. (Of course,
|
||
there's a fine line between whistleblowing, revenge,
|
||
and espionage.)
|
||
|
||
Data havens, for the storage and marketing of con-
|
||
troversial information is another area of likely fu-
|
||
ture growth. Nearly any kind of information,
|
||
medical, religious, chemical, etc., is illegal or pro-
|
||
scribed in one or more countries, so those seeking
|
||
this illegal information will turn to anonymous
|
||
messaging systems to access--and perhaps pur-
|
||
chase, with anonymous digital cash--this informa-
|
||
tion. This might include credit data bases, deadbeat
|
||
renter files, organ bank markets, etc. (These are all
|
||
things which have various restrictions on them in
|
||
the U.S., for example....one cannot compile credit
|
||
data bases, or lists of deadbeat renters, without
|
||
meeting various restrictions. A good reason to
|
||
move them into cyberspace, or at least outside the
|
||
U.S., and then sell access through remailers.)
|
||
|
||
Matching buyers and sellers of organs is another
|
||
such market. A huge demand (life and death), but
|
||
various laws tightly controlling such markets.
|
||
|
||
Digital cash efforts. A lot has been written about
|
||
digital cash. [14] [15] David Chaum's company,
|
||
DigiCash, has the most interesting technology, and
|
||
has recently begun market testing. Stefan Brands
|
||
may or may not have a competing system which
|
||
gets around some of Chaum's patents. (The attitude
|
||
crypto anarchists might take about patents is anoth-
|
||
er topic for discussion. Suffice it to say that patents
|
||
and other intellectual property issues continue to
|
||
have relevance in the practical world, despite ero-
|
||
sion by technological trends.)
|
||
|
||
Credit card-based systems, such as the First Virtual
|
||
system, are not exactly digital cash, in the Chaumi-
|
||
an sense of blinded notes, but offer some advantag-
|
||
es the market may find useful until more advanced
|
||
systems are available.
|
||
|
||
I expect to see many more such experiments over
|
||
the next several years, and some of them will likely
|
||
be market successes.
|
||
|
||
8.Commerce and Colonization
|
||
of Cyberspace
|
||
|
||
How will these ideas affect the development of cy-
|
||
berspace?
|
||
|
||
"You can't eat cyberspace" is a criticism often lev-
|
||
elled at argument about the role of cyberspace in
|
||
everyday life. The argument made is that money
|
||
and resources "accumulated" in some future (or
|
||
near-future) cyberspatial system will not be able to
|
||
be "laundered" into the real world. Even such a pre-
|
||
scient thinker as Neal Stephenson, in Snow Crash,
|
||
had his protagonist a vastly wealthy man in "The
|
||
Multiverse," but a near-pauper in the physical
|
||
world.
|
||
|
||
This is implausible for several reasons. First, we
|
||
routinely see transfers of wealth from the abstract
|
||
world of stock tips, arcane consulting knowledge,
|
||
etc., to the real world. "Consulting" is the operative
|
||
word. Second, a variety of means of laundering
|
||
money, via phony invoices, uncollected loans, art
|
||
objects, etc., are well-known to those who launder
|
||
money...these methods, and more advanced ones to
|
||
come, are likely to be used by those who wish their
|
||
cyberspace profits moved into the real world.
|
||
|
||
(Doing this anonymously, untraceably, is another
|
||
complication. There may be methods of doing
|
||
this--proposals have looked pretty solid, but more
|
||
work is needed.)
|
||
|
||
The World Wide Web is growing at an explosive
|
||
pace. Combined with cryptographically-protected
|
||
communication and digital cash of some form (and
|
||
there are several being tried), this should produce
|
||
the long-awaited colonization of cyberspace.
|
||
|
||
Most Net and Web users already pay little attention
|
||
to the putative laws of their local regions or nations,
|
||
apparently seeing themselves more as members of
|
||
various virtual communities than as members of lo-
|
||
cally-governed entities. This trend is accelerating.
|
||
|
||
Most importantly, information can be bought and
|
||
sold (anonymously, too) and then used in the real
|
||
world. There is no reason to expect that this won't
|
||
be a major reason to move into cyberspace.
|
||
|
||
9.Implications
|
||
|
||
I've touched on the implications in several places.
|
||
Many thoughtful people are worried about some of
|
||
the possibilities made apparent by strong crypto
|
||
and anonymous communication systems. Some are
|
||
proposing restrictions on access to crypto tools. The
|
||
recent debate in the U.S. over "Clipper" and other
|
||
key escrow systems shows the strength of emotions
|
||
on this issue.
|
||
|
||
Abhorrent markets may arise. For example, anony-
|
||
mous systems and untraceable digital cash have
|
||
some obvious implications for the arranging of con-
|
||
tract killings and such. (The greatest risk in arrang-
|
||
ing such hits is that physical meetings expose the
|
||
buyers and sellers of such services to stings. Crypto
|
||
anarchy lessens, or even eliminates, this risk, thus
|
||
lowering transaction costs. The risks to the actual
|
||
triggermen are not lessened, but this is a risk the
|
||
buyers need not worry about. Think of anonymous
|
||
escrow services which hold the digital money until
|
||
the deed is done. Lots of issues here. It is unfortu-
|
||
nate that this area is so little-discussed....people
|
||
seem to have an aversion for exploring the logical
|
||
consequences in such areas.)
|
||
|
||
The implications for corporate and national espio-
|
||
nage have already been touched upon. Combined
|
||
with liquid markets in information, this may make
|
||
secrets much harder to keep. ((Imagine a "Digital
|
||
Jane's," after the military weapons handbooks,
|
||
anonymously compiled and sold for digital money,
|
||
beyond the reach of various governments which
|
||
don't want their secrets told.)
|
||
|
||
New money-laundering approaches are of course
|
||
another area to explore.
|
||
|
||
Something that is inevitable is the increased role of
|
||
individuals, leading to a new kind of elitism. Those
|
||
who are comfortable with the tools described here
|
||
can avoid the restrictions and taxes that others can-
|
||
not. If local laws can be bypassed technologically,
|
||
the implications are pretty clear.
|
||
|
||
The implications for personal liberty are of course
|
||
profound. No longer can nation-states tell their cit-
|
||
izen-units what they can have access to, not if these
|
||
citizens can access the cyberspace world through
|
||
anonymous systems.
|
||
|
||
10.How Likely?
|
||
|
||
I am making no bold predictions that these changes
|
||
will sweep the world anytime soon. Most people
|
||
are ignorant of these methods, and the methods
|
||
themselves are still under development. A whole-
|
||
sale conversion to "living in cyberspace" is just not
|
||
in the cards, at least not in the next few decades.
|
||
|
||
But to an increasingly large group, the Net is reality.
|
||
It is where friends are made, where business is ne-
|
||
gotiated, where intellectual stimulation is found.
|
||
And many of these people are using crypto anarchy
|
||
tools. Anonymous remailers, message pools, infor-
|
||
mation markets. Consulting via pseudonyms has
|
||
begun to appear, and should grow. (As usual, the
|
||
lack of a robust digital cash system is slowing
|
||
things down.
|
||
|
||
Can crypto anarchy be stopped? Although the fu-
|
||
ture evolution in unclear, as the future almost al-
|
||
ways is, it seems unlikely that present trends can be
|
||
reversed:
|
||
|
||
<EFBFBD>.Dramatic increases in bandwidth and local,
|
||
privately-owned computer power.
|
||
|
||
<EFBFBD>.Exponential increase in number of Net us-
|
||
ers.
|
||
|
||
<EFBFBD>.Explosion in "degrees of freedom" in per-
|
||
sonal choices, tastes, wishes, goals.
|
||
|
||
<EFBFBD>.Inability of central governments to control
|
||
economies, cultural trends, etc. [9]
|
||
|
||
<EFBFBD>.The Net is integrally tied to economic
|
||
transactions, and no country can afford to "dis-
|
||
connect" itself from it. (The U.S.S.R. couldn't do
|
||
it, and they were light-years behind the U.S.,
|
||
European, and Asian countries. And in a few
|
||
more years, no hope of limiting these tools at
|
||
all, something the U.S. F.B.I. has acknowl-
|
||
edged. [11]
|
||
|
||
Technological Inevitability: These tools are already
|
||
in widespread use, and only draconian steps to lim-
|
||
it access to computers and communications chan-
|
||
nels could significantly impact further use.
|
||
(Scenarios for restrictions on private use of crypto.)
|
||
|
||
As John Gilmore has noted, "the Net tends to inter-
|
||
pret censorship as damage, and routes around it."
|
||
This applies as well to attempts to legislate behav-
|
||
ior on the Net. (The utter impossibility of regulating
|
||
the worldwide Net, with entry points in more than
|
||
a hundred nations, with millions of machines, is not
|
||
yet fully recognized by most national governments.
|
||
They still speak in terms of "controlling" the Net,
|
||
when in fact the laws of one nation generally have
|
||
little use in other countries.)
|
||
|
||
Digital money in its various forms is probably the
|
||
weakest link at this point. Most of the other pieces
|
||
are operational, at least in basic forms, but digital
|
||
cash is (understandably) harder to deploy. Hobby-
|
||
ist or "toy" experiments have been cumbersome,
|
||
and the "toy" nature is painfully obvious. It is not
|
||
easy to use digital cash systems at this time ("To use
|
||
Magic Money, first create a client..."), especially as
|
||
compared to the easily understood alternatives.
|
||
[12] People are understandably reluctant to entrust
|
||
actual money to such systems. And it's not yet clear
|
||
what can be bought with digital cash (a chicken or
|
||
egg dilemma, likely to be resolved in the next sev-
|
||
eral years).
|
||
|
||
And digital cash, digital banks, etc., are a likely tar-
|
||
get for legislative moves to limit the deployment of
|
||
crypto anarchy and digital economies. Whether
|
||
through banking regulation or tax laws, it is not
|
||
likely that digital money will be deployed easily.
|
||
"Kids, don't try this at home!" Some of the current
|
||
schemes may also incorporate methods for report-
|
||
ing transactions to the tax authorities, and may in-
|
||
clude "software key escrow" features which make
|
||
transactions fully or partly visible to authorities.
|
||
|
||
11.Conclusions
|
||
|
||
Strong crypto provides new levels of personal pri-
|
||
vacy, all the more important in an era of increased
|
||
surveillance, monitoring, and the temptation to de-
|
||
mand proofs of identity and permission slips. Some
|
||
of the "credentials without identity" work of
|
||
Chaum and others may lessen this move toward a
|
||
surveillance society.
|
||
|
||
The implications are, as I see it, that the power of
|
||
nation-states will be lessened, tax collection policies
|
||
will have to be changed, and economic interactions
|
||
will be based more on personal calculations of val-
|
||
ue than on societal mandates.
|
||
|
||
Is this a Good Thing? Mostly yes. Crypto anarchy
|
||
has some messy aspects, of this there can be little
|
||
doubt. From relatively unimportant things like
|
||
price-fixing and insider trading to more serious
|
||
things like economic espionage, the undermining
|
||
of corporate knowledge ownership, to extremely
|
||
dark things like anonymous markets for killings.
|
||
|
||
But let's not forget that nation-states have, under
|
||
the guise of protecting us from others, killed more
|
||
than 100 million people in this century alone. Mao,
|
||
Stalin, Hitler, and Pol Pot, just to name the most ex-
|
||
treme examples. It is hard to imagine any level of
|
||
digital contract killings ever coming close to nation-
|
||
state barbarism. (But I agree that this is something
|
||
we cannot accurately speak about; I don't think we
|
||
have much of a choice in embracing crypto anarchy
|
||
or not, so I choose to focus on the bright side.)
|
||
|
||
It is hard to argue that the risks of anonymous mar-
|
||
kets and tax evasion are justification for world-
|
||
wide suppression of communications and encryp-
|
||
tion tools. People have always killed each other,
|
||
and governments have not stopped this (arguably,
|
||
they make the problem much worse, as the wars of
|
||
this century have shown).
|
||
|
||
Also, there are various steps that can be taken to
|
||
lessen the risks of crypto anarchy impinging on
|
||
personal safety. [10]
|
||
|
||
Strong crypto provides a technological means of en-
|
||
suring the practical freedom to read and write what
|
||
one wishes to. (Albeit perhaps not in one's true
|
||
name, as the nation-state-democracy will likely still
|
||
try to control behavior through majority votes on
|
||
what can be said, not said, read, not read, etc.) And
|
||
of course if speech is free, so are many classes of
|
||
economic interaction that are essentially tied to free
|
||
speech.
|
||
|
||
A phase change is coming. Virtual communities are
|
||
in their ascendancy, displacing conventional no-
|
||
tions of nationhood. Geographic proximity is no
|
||
longer as important as it once was.
|
||
|
||
A lot of work remains. Technical cryptography still
|
||
hasn't solved all problems, the role of reputations
|
||
(both positive and negative) needs further study,
|
||
and the practical issues surrounding many of these
|
||
areas have barely been explored.
|
||
|
||
We will be the colonizers of cyberspace.
|
||
|
||
12.Acknowledgments
|
||
|
||
My thanks to my colleagues in the Cypherpunks
|
||
group, all 700 of them, past or present. Well over
|
||
100 megabytes of list traffic has passed through he
|
||
Cypherpunks mailing list, so there have been a lot
|
||
of stimulating ideas. But especially my appreciation
|
||
goes to Eric Hughes, Sandy Sandfort, Duncan Fris-
|
||
sell, Hal Finney, Perry Metzger, Nick Szabo, John
|
||
Gilmore, Whit Diffie, Carl Ellison, Bill Stewart, and
|
||
Harry Bartholomew. Thanks as well to Robin Han-
|
||
son, Ted Kaehler, Keith Henson, Chip Morningstar,
|
||
Eric Dean Tribble, Mark Miller, Bob Fleming, Che-
|
||
rie Kushner, Michael Korns, George Gottlieb, Jim
|
||
Bennett, Dave Ross, Gayle Pergamit, and--especial-
|
||
ly--the late Phil Salin. Finally, thanks for valuable
|
||
discussions, sometimes brief, sometimes long, with
|
||
Vernor Vinge, David Friedman, Rudy Rucker, Dav-
|
||
id Chaum, Kevin Kelly, and Steven Levy.
|
||
|
||
13.References and Notes
|
||
|
||
1.The Cypherpunks group was mainly formed
|
||
by Eric Hughes, Tim May, and John Gilmore. It be-
|
||
gan both physical meetings, in the Bay Area and
|
||
elsewhere, and virtual meetings on an unmoderat-
|
||
ed mailing list. The name was provided by Judith
|
||
Milhon, as a play on the "cyberpunk" genre and the
|
||
British spelling of cipher. The mailing list can be
|
||
subscribed to by sending the single message sub-
|
||
scribe cypherpunks in the body of a message to major-
|
||
domo@toad.com. Expect at least 50 messages a day.
|
||
About 600 subscribers in many countries are pres-
|
||
ently on the list. Some are pseudonyms.
|
||
|
||
2. RSA Data Security Inc., Redwood Shores, Cal-
|
||
ifornia, is the license administrator. Contact them
|
||
for details.
|
||
|
||
3. Many crypto texts exist. A good introduction is
|
||
Bruce Schneier's Applied Cryptography, John Wiley
|
||
and Sons, 1994. This text includes pointers to many
|
||
other sources. The "Crypto" Proceedings (Advances
|
||
in Cryptology, Springer-Verlag, annually) are essen-
|
||
tial references. The annual Crypto conference in
|
||
Santa Barbara, and the Eurocrypt and Auscrypt
|
||
conferences, are where most crypto results are pre-
|
||
sented.
|
||
|
||
4.David Chaum, "Untraceable Electronic Mail,
|
||
Return Addresses, and Digital Pseudonyms,"
|
||
Comm. ACM 24, 2, February 1981, pp. 84-88.
|
||
Cypherpunks-style remailers are a form of
|
||
Chaum's "digital mixes," albeit far from ideal.
|
||
|
||
5.David Chaum, "Security without Identification:
|
||
Transaction Systems to make Big Brother Obso-
|
||
lete," Comm. ACM 28, 10, October 1985. This is an
|
||
early paper on digital cash...be sure to consult more
|
||
recent papers.
|
||
|
||
6.David Friedman, The Machinery of Freedom, 2nd
|
||
edition. A leading theoretician of anarcho-capital-
|
||
ism. (Hayek was another.)
|
||
|
||
7.Tim May, The Crypto Anarchist Manifesto, July
|
||
1988, distributed on the Usenet and on various
|
||
mailing lists.
|
||
|
||
8.The political opposition in Myan Mar--former-
|
||
ly Burma--is using Pretty Good Privacy running on
|
||
DOS laptops in the jungles for communications
|
||
amongst the rebels, according to Phil Zimmer-
|
||
mann, author of PGP. This life-and-death usage un-
|
||
derscores the role of crypto.
|
||
|
||
9.See Kevin Kelly's Out of Control, 1994, for a dis-
|
||
cussion of how central control is failing, and how
|
||
the modern paradigm is one of market mecha-
|
||
nisms, personal choice, and technological empow-
|
||
erment.
|
||
|
||
10.Robin Hanson and David Friedman have writ-
|
||
ten extensively about scenarios for dealing with the
|
||
threats of extortionists, would-be assassins, etc. I
|
||
am hoping some of their work gets published
|
||
someday. (Much of the discussion was in 1992-3, on
|
||
the "Extropians" mailing list.)
|
||
|
||
11.During the "Digital Telephony Bill" debate, an
|
||
FBI official said that failure to mandate wiretap ca-
|
||
pabilities within the next 18 months would make it
|
||
all moot, as the cost would rise beyond any reason-
|
||
able budget (currently $500 million for retrofit
|
||
costs).
|
||
|
||
12."Magic Money" was an experimental imple-
|
||
mentation of Chaum's digital cash system. It was
|
||
coded by "Pr0duct Cypher," a pseudonymous
|
||
member of the Cypherpunks list--none of us knows
|
||
his real identity, as he used remailers to communi-
|
||
cate with the list, and digitally signed his posts.
|
||
Many of us found it too difficult to use, which is
|
||
more a measure of the deep issues involved in us-
|
||
ing digital analogs (no pun intended) to real, phys-
|
||
ical money.
|
||
|
||
13.Abuse, according to some views, of remailers is
|
||
already occurring. A Cypherpunks-type remailer
|
||
was used to post a proprietary hash function of
|
||
RSA Data Security, Inc. to the Usenet. (Let me has-
|
||
ten to add that it was not a remailer I operate, or
|
||
have control over, etc.)
|
||
|
||
14.article on digital cash, The Economist, 26 No-
|
||
vember 1994. pp. 21-23.
|
||
|
||
15. article on digital cash, Steven Levy, Wired. De-
|
||
cember 1994.
|