
Julian Assange: Cryptographic Call to Arms - gbrindisi
http://cryptome.org/2012/12/assange-crypto-arms.htm
======
mtgx
I think this is very relevant here - interview with the NSA whistleblower,
William Binney, on how NSA is storing _every post_ people are making online,
so they (and FBI) can use it later:

<http://www.youtube.com/watch?v=TuET0kpHoyM>

No wonder NSA and FBI want warrantless access to private companies by lobbying
for new laws like CISPA, and trying to build backdoors in services like
Facebook, Skype, Twitter etc. They want to know absolutely everything you do
online, besides your public posts:

[http://www.wired.com/threatlevel/2012/05/fbi-seeks-
internet-...](http://www.wired.com/threatlevel/2012/05/fbi-seeks-internet-
backdoors/)

I don't know if they are doing it out of malice/power grabbing/control, or
purely as a way to make their jobs more "efficient". But their #1 priority
should always, _always_ , be respecting the Constitution, and not trying to
skirt around it. And I think they've forgotten all about that long ago.

~~~
bluedanieru
Forget about the Constitution. Rather, they should respect basic human rights
and the principles of the Enlightenment. All this focus Americans put on their
Constitution makes it _easier_ for their government to become oppressive,
because it encourages complacency. As though you could write the perfect set
of laws, that you could define the perfect set of operating principles for
your government, and in that way free yourself of tyranny forever and
guarantee a free and open society for you and all your descendants. No, the
price of liberty is eternal vigilance.

~~~
wissler
Insightful. I'm curious as to what you think are the basic human rights and
the principles of the Enlightenment.

~~~
bluedanieru
Does it matter? I'm not debating the principles of the Constitution here, but
rather the American focus on the document rather than the principles
themselves.

~~~
wissler
I don't think the principles are common knowledge. Of course they matter.

~~~
sliverstorm
I think his deflection of your question suggests he was using them as
rhetorical literary devices.

~~~
wissler
Insightful. ;)

Yes, I was surprised by his responses, I thought his initial remark was great,
but people mean quite different things by those lofty abstractions.

~~~
bluedanieru
How about the both of you rub those brain cells together and see if you can
organize a cogent point. Otherwise, piss off.

~~~
sliverstorm
So much for insightful.

------
anigbrowl
_First, recall that states are systems through which coercive force flows.
Factions within a state may compete for support, leading to democratic surface
phenomena, but the underpinnings of states are the systematic application, and
avoidance, of violence. Land ownership, property, rents, dividends, taxation,
court fines, censorship, copyrights and trademarks are all enforced by the
threatened application of state violence._

As if we lived in a halcyon utopia prior to that. I can't buy into Assange's
Manichean view of government, given the pre-governmental state of society as
war of all against all, _qua_ Hobbes: "In such condition there is no place for
industry, because the fruit thereof is uncertain, and consequently, not
culture of the earth, no navigation, nor the use of commodities that may be
imported by sea, no commodious building, no instruments of moving and removing
such things as require much force, no knowledge of the face of the earth, no
account of time, no arts, no letters, no society, and which is worst of all,
continual fear and danger of violent death, and the life of man, solitary,
poor, nasty, brutish, and short."

Back when Wikileaks first came to prominence, it exposed malfeasance by
private actors as often as states, notwithstanding the desire of those private
actors to keep their doings private or even encrypted; Trafigure being a prime
example (<http://en.wikipedia.org/wiki/Trafigura>).

States can certainly be destructive of liberty, but the absence of a state
(either literally or by legal limitation ) does not necessarily yield liberty;
often it results in mere libertinism.

~~~
ef4
Your argument is a non sequitur: states are necessary, therefore states are
not systems through which coercive force flows.

If you want to argue that states are necessary, fine. But call a spade a
spade. Can you imagine a state that doesn't wield violence? That's what a
state _is_.

The lack of clarity on this issue leads to a lot of bad conclusions. When we
argue that the state should solve any particular problem, we are explicitly
saying the problem needs to be solved by coercive force. Maybe that's
necessary. But let's not have any illusions about how states work and how laws
are enforced.

~~~
anigbrowl
_Your argument is a non sequitur: states are necessary, therefore states are
not systems through which coercive force flows._

I did not say that at all. I am OK with states being systems through which
coercive force flows, because I think channeling and supervising said force
usually results of less of it flowing than otherwise would.

 _Can you imagine a state that doesn't wield violence? That's what a state
is._

It's hardly the only distinguishing feature. States also build infrastructure,
promulgate laws, provide forums for resolution of disputes and so forth. Your
argument as made here is both narrow and immature.

~~~
georgeorwell
I believe his point is that taken to its logical conclusion, states are able
to do all of the things that they do because there is inevitably the
consequence of violence for non-compliance. All of your examples result in
violence for disobedience: destroying infrastructure, breaking laws, ignoring
subpeonas. A core idea is that property ownership requires the threat of
violence to work; don't pay your rent but don't move out and the sheriff will
show up sooner or later. Do you have an example of something a state does that
is not actually supported by its power to wield violence?

~~~
jeremyjh
Regardless of whether a state exists or not, the only meaningful definition of
"property" includes a threat of violence. It is not meaningful to say "this is
mine" without the implied threat of violence against those who would take it -
whether carried out by the individual themselves or outsourced to the local
emperor.

Without property there is not commerce, there is not agriculture, no civil
growth and development to speak of.

~~~
jamoes
There is a difference between defensive violence and offensive violence. For
example, do you believe that you own your body? I do, and I would defend
myself if necessary. I would only use violence against those that are
threatening me though. If you hold that you own your body, then by extension
you own the output of the things you create with your body.

There has been much thought on this line of philosophy, it's called the non-
aggression principle (<https://en.wikipedia.org/wiki/Non-
aggression_principle>)

------
acabal
I agree with the sentiment, but Assange's prose is a little dense. Maybe it's
OK for his target audience, as I assume the layman won't be reading
cryptome.org.

What we really need is a champion to explain in relatable, plain English why
encryption is essential even for mom and dad, and to explain it in a more
mainstream venue. I think a big reason why people don't encrypt mail, etc., is
because:

1) they don't know why it's important because nobody can explain it to them in
relatable terms (like saying: when you send an email, Google keeps a copy
forever, and the FBI can read it just by picking up a phone and asking
nicely), and

2) if they do know the importance, the practicalities of encryption are
explained impenetrably. A blur of acronyms, bad metaphors ("keys?" terrible
choice of metaphor, considering how a pair is intertwined and their actual
use), and no well-known authority you can trust to explain it all simply.

The problem isn't that people don't care. They would care if they knew the
realities of how their communications are stored, processed, and exposed to
their governments. The problem is that nobody can explain it to them in a way
that's not ridiculously complex or laden with terms like "Platonic realm" and
"transnational dystopia".

~~~
zobzu
The main reason I think, is because its hard.

Either you use a 3rd party service to encrypt, its easy and also extremely
dumb (since its not end to end encryption).

Either you use PGP or SMIME and guess what: it's too hard. Their design is
fine. I especially like GnuPG (PGP), but the UI, even in CLI, is terrible,
terrible!

Most people don't even understand that a GnuPG keychain generally contains 2
private keys, not one (one for signing, one for encryption!) or the concept of
master signing key and subkeys.

These concepts are relatively simple, but their use is hard. Terribly hard.

~~~
Egregore
My idea was that public key cryptography should be done under the hood, so I
created a easy to use ResoMail, but people still were not interested (or I was
a bad marketer).

~~~
zobzu
It uses it's own protocol/port/programs it seems. Too many people rely on
email right now. Else, we could just use XMPP.

Thus the solution should work over email, and with our current email clients.
S/MIME/GnuPG/PGP do, but their implementation is far from friendly.

~~~
Egregore
The part of the solution is to switch to secure domain names, each domain name
comes with bundled key pair (like SSL) this is why it's easier to work
securely with public key encryption under the hood - the signing of the e-mail
public key is done under the hood, the user doesn't have to do it manually.

------
scarmig
A sufficiently motivated government has a nearly infinite amount of tools
available for breaking encryption. Ignoring the possibility that it might know
proprietary weaknesses to various systems (a hypothesis that is unknowable),
there's just so much you need to secure at each node in a computer system.

Are you personally sure no backdoors exist in the physical hardware you use?
In the operating system you use? In the compiler used to build your OS? In any
of the applications on your system? Are you sure that there's not a hardware
keylogger on your keyboard, and do you check every day before sitting down
that there's not one? Are there any secret cameras pointed at your keyboard,
or sensitive microphones hidden nearby that can distinguish what keys you hit?

And once you're sure of all that, are you just as sure everyone you
communicate with is equally diligent?

And, while we're at it, have you come up with a solid patch to prevent the
well-known rubber hose vulnerability that exists in all cryptographic systems?

That doesn't mean the crypto-anarchist project must fail. Encryption is
invaluable: while the vast majority of other technological advances--sedentary
agriculture, writing, maths, roads, sewage systems, paper, the telegraph,
electricity, the light bulb, cars, "computers," satellites, Google--have all
increased the legibility of the world to the State, encryption does the
opposite. The panopticon isn't an existing, established system but instead an
equilibrium point that the State has to constantly push us toward: anytime the
economic cost of that push is increased, it gives us more opportunities for
creating spaces of genuine human autonomy.

But once you recast crypto-anarchism in that more moderate and stronger form,
encryption moves from "our one hope against total domination" and a "hope that
with courage, insight and solidarity we could use to resist" to something more
banal: one tool of many. Not even a particularly effective tool: governments
don't care about a bunch of nerds throwing PGP parties, and all the encryption
in the world hasn't prevented the State from throwing Assange into jail (a
pleasant jail with some fine Ecuadorian decor, but a jail nonetheless) and
obliterating his organization.

~~~
mtgx
In Cory Doctorow's talk at Google, he said that all routers today have
interception technology in them. It's only a matter of being enabled or not in
some countries or in others. But it seems so many have asked for it, that they
don't even bother to build routers _without_ that interception technology in
them, so now their default router has interception built-in by default.

<http://www.youtube.com/watch?v=gbYXBJOFgeI>

~~~
tptacek
Sigh. Routers _are_ an interception technology.

~~~
IheartApplesDix
Routers are a routing technology.

------
georgeorwell
This kind of over-the-top writing confirms what I already thought, which is
that despite whatever good he might do in terms of exposing corrupt
governments in the world, Julian Assange is just desperate for attention.

Being this paranoid he should be advocating "post-quantum cryptography", i.e.
cryptographic methods that are secure even once somebody develops a quantum
computer.

<https://en.wikipedia.org/wiki/Post-quantum_cryptography>

~~~
mtgx
Nice username you got there. So you're saying this all conspiracy theory
stuff? I think we've gotten way passed the point where the fact that the
government monitors everyone online is just a conspiracy theory.

~~~
georgeorwell
Thanks :) I don't think it's a conspiracy theory, I just think that the way he
frames it is a bit overly dramatic. Personally I just try to stay relatively
anonymous and I operate under the assumption that whatever I say or do is
basically public information. I can't be bothered with encryption when I'm
talking to my friends because those conversations usually consist of things
like, "Where do you want to eat?"

~~~
neilk
I see, so you think if you just try to be as boring as possible, then you have
nothing to fear from surveillance? Good luck with that.

What if the world changes, and yesterday's orthodoxy is tomorrow's heresy?
This used to happen in the old Soviet Union, all the time.

What if, unknown to you, you are friends with a guy who the government doesn't
like? This very thing happened to Maher Arar - actually it was _two_ hops
away, his friend's brother signed his lease, and that's all that was needed
for the US government to whisk him from JFK airport to be tortured in a Syrian
dungeon. Maher Arar is a guy just like you and me - he works in wireless tech,
and crossed from Canada to America all the time. See <http://maherarar.net/> .

Why do I have to explain this to someone whose nick is georgeorwell?

~~~
georgeorwell
Why would I mention anything except boring stuff over an insecure channel? Why
would I even assume that secure channels or trustworthy conversation partners
truly exist? As for Arar, like it or not, it seems like his problem was that
he was born Syrian.

~~~
parasight
Times change. 12 years ago being born Syrian wasn't such a risk.

------
unimpressive
I think that more focus, at least in the short term; needs to be put on making
crypto accessible to windows users. As an example, consider the following
project website:

<https://www.gpg4win.org/>

An invalid security certificate, and even that only if you go out of your way
to specify https. If the vast majority of users saw this, they'd go running;
including myself. I can't in good conscious recommend crypto that doesn't have
it's own security certificates under control.

I have as yet not seen any less shady open implementations of PGP out there.

Of course, because of the proprietary nature of windows, it is totally
possible for them to have back doors which will break your encryption, but I'm
fairly sure that there are ways to verify, even without source code; that
Microsoft isn't pulling any funny business.[0]

[0]: Besides, I'd prefer a situation where politically unsavory backdoors have
to be used to read your data, as opposed to it being plain text and free for
all.

~~~
rdl
I feel pretty safe predicting that most communications are moving to mobile,
vs. desktops. Even if you have a desktop, most of your communications will
happen on a mobile device.

The thing we really need (and what I'd fund if I had a spare $Xmm or so) is a
great crypto API and solution to the user key management problem for iOS and
Android, hooked into apps. It's technically easier to do on Android. On iOS,
you're kind of stuck due to the core apps (mail, messages, etc.) being first-
party Apple). It basically would take Apple deciding they cared about this
issue, then building it into the OS in a way which didn't actually require
trusting Apple completely, to work very well. Android has some steps toward
this with some NSA projects, and wouldn't even necessarily require a full
forking.

Some way to do tokenization and thus fairly transparent encryption on the
client (phone) inside apps like the Facebook App, Twitter, etc. would also be
nice. That's both a technical challenge and a UI/UX problem.

Silent Circle (from Jon Callas, Phil Zimmerman, Vinnie Moscaritolo (the PGP
team...) and some Navy SEALs and defense contractors I knew from Iraq)
actually seems like a pretty viable choice for sms, email, and voice right
now. It unfortunately doesn't integrate into the social networks and other
services people use, though.

~~~
rattus
Silent Circle appears to be for people who both

1) Want military-grade(ish) hardened coms

and also

2) Aren't willing to set it up themselves, but trust a service provider to do
it for them

I read their docs a bit ago and don't really get it. I didn't really get
Whisper Systems offering either as it appeared to have a broken trust model on
a variety of levels.

If I cared about this kind of thing, and I really don't, I'd likely want to
own all parts of the transport system and have the only available threat
surface be the encryption algorithm as much as possible <http://www.voip-
info.org/wiki/view/Asterisk+encryption>

Might it all be pointless without massive amounts of traffic padding based on
this attack? I wouldn't know.
[http://link.springer.com/article/10.1007%2Fs10207-010-0111-4...](http://link.springer.com/article/10.1007%2Fs10207-010-0111-4?LI=true)

------
rdl
I'd prefer to stick to <http://www.activism.net/cypherpunk/manifesto.html>

I also find Eric Hughes much easier to rally behind than Julian Assange,
although John Gilmore is better still (although largely focuses on drug
policy, now). Or John Perry Barlow or Mitch Kapor.

~~~
derrida
I'd be interested to know what you think of the Cryptoparty 'movement', rdl?
Eric Hughes talked in Amsterdam. Would you get involved?

~~~
rdl
It's too broad in scope for me to be really interested, I think -- meetings
more focused on specific problems and solutions to those problems, vs. "the
overall concept of cryptography and secure communications" seem more likely to
be productive.

There are really no shortage of events like this in the Bay Area. I think "how
to help mainstream developers build and operate services securely" would be
the only thing I'm really into; end users are too varied and stressful for me.
(there are usually a critical number of true tinfoil hat, "I've been
marginalized by society and need someone who hack my girlfriend's email" types
at open end-user crypto meetings...) At least based on the previous several
attempts at this kind of thing (2600, Ian/Len's key signing parties,
cypherpunks physical meetings, etc.)

~~~
derrida
I've certainly found the experience of talking about Tor to end users quite
stressful, but I haven't had the experience of tin-foil hat users. There was
an obvious low-level cop asking about the Silk Road at one of them.

In-fact if I look around the room, I'm the one talking about what William
Binney has said & Echelon, so I'm probably the tin foil hat.

I agree about the focus. What's interesting is some of the bugs that I've
found because I don't often see things from a UI perspective, and talking to
end users has made me see some new bugs, also see problems that remain to be
solved that I am currently working on.

I think the bay area is unique, there is nothing much of it's kind like this
in Sydney.

------
spindritf
> The world is not sliding, but galloping into a new transnational dystopia.
> This development has not been properly recognized outside of national
> security circles.

I agree with Moxie Marlinspike on that, we were preparing for fascism but got
social democracy[1]. Assange is still preparing for fascism.

[1] <https://www.youtube.com/watch?v=eG0KrT6pBPk>

~~~
droithomme
"Assange is still preparing for fascism."

You mean the guy who is in internal exile in Britain because as a journalist
he revealed war crimes committed by Britain's partner the United States? He's
the guy who is delusional about the form of government that surrounds him,
huh? Glad it's as simple as that.

~~~
blablabla123
To add some more complexity: the reason he is in a dodgy situation in the
first place are rape allegations. Looking at some "leaked" parts of his
biography this doesn't sound too far-fetched to me.

I definitely appreciate his engagement in disclosing many interesting
documents about the micro-social diplomatic environment. But after all, what
about the more interesting stuff? Leaked documents from the center of the
turbo capitalist universe are still pending. (IIRC those were promised for
around last christmas...)

~~~
chunkyslink
There have been no charges laid against Julian Assange. The only 'dodgy
situation' as you put it is that there has been so much effort to get him
extradited to Sweden by a UK government who would not normally be interested
in 'allegations' without substance from abroad.

~~~
sliverstorm
_There have been no charges laid against Julian Assange_

Isn't this because he refuses to undergo questioning? As I understood it, the
laws under which he is to be charged prohibit laying charges against him until
they question him. So in this case, to say he has not been charged is devoid
of meaning.

~~~
whopper1
He offered to be questioned from the embassy, where he cannot be extradited
from. Officials said no.

He offered to go in for questioning under the condition that it was agreed
that there would be no extradition. Officials said no.

So he sought asylum in the embassy under the pretense that he would otherwise
face torture and death at the hands of the United States. Ecuador agreed that
this was a valid concern, so they let him stay.

Seems telling.

~~~
sliverstorm
I don't remember the reason for the first one, but in regards to the second
line item, I am told that again, their legal process simply does not allow
them to make such promises.

Honestly, to me it looks a lot like Assange's argument boils down to, "I've
asked for special treatment, but they won't give it to me. Clearly, they are
conspiring against me."

------
yason
In maybe five to ten years, the internet will effectively split in two. There
will be major, commercial service providers such as Facebook-type social media
hubs, major news sites but there will also be an invisible internet that is
everything internet used to be, and in addition to that encrypted, anonymous,
and untraceable.

How it shows most prominently at the moment is file sharing. Setting the
endless copyright debates aside, what happens is that governments and large
companies want to interfere with the privacy of what citizens are doing with
their own bits. They say copying is theft while citizens consider twiddling
their own bits a private matter that's none of anyone else's business. The
citizens don't understand that while it's de facto legal to form a
sneakernet—the actual legal status probably varies from place to place but
nobody has ever been sued for sneakernet filesharing because nobody else never
knows about it—it's illegal to form a filesharing network over the internet.

I don't promote or demote filesharing per se: it's just the cutting edge where
the future trends will show years before they land elsewhere and that's what
it makes it so interesting. A marginal slice of file sharing has already moved
to anonymous darknets but in a few years and after a few more bad
copyright/freedom-of-speech incidents with bad publicity, there will
eventually be a breakthrough and the whole filesharing activity will go
underground en masse.

When the masses go for it, the capacity and availability of invisible darknets
will raise in orders of magnitude. That means there will be other providers in
the anonymous networks as well, websites and services. There already are some,
from anonymous wikis, anonymous project pages to anonymous forums but
currently those are playgrounds. That is not so in ten years: there will be a
major "bazaar" going on underground. While everything is anonymous and
untraceable, everything is also secure. An online bank could very well operate
in the anonymous network because the traffic is already cryptographically
signed, and users _can enjoy strong authentication_ if they wish to or remain
a pair of anonymous public/private keys.

At that point the traditional grasp of internet control is lost.

The institutions governing the internet and the copyright and whatnot are
faced with a big dilemma: do they dare to ban and make illegal anything that's
not specifically permitted on the internet and if so, how to go about it in
actuality. Do they lobby for laws that only allow ISPs to let citizens connect
to a http proxy that validates all traffic to be "approved"? Do they extend
the charges for any use of the invisible internet that is deemed illegal, to
cover all users of the invisible internet?

We're still in the _shadowdancing mode_ but the stakes are going higher, and
in at most ten years the problem of control versus anonymity will have come
out in the public.

We better know what we want, at that point.

~~~
pemulis
> _I don't promote or demote filesharing per se: it's just the cutting edge
> where the future trends will show years before they land elsewhere and
> that's what it makes it so interesting._

One interesting thing I've noticed that the people behind the best filesharing
networks tend to have tremendous success with their later projects.

Napster is the obvious one. After Napster went down, Shawn Fanning co-founded
Rupture and Path, and Sean Parker went on to become the first president of
Facebook, key investor in Spotify, and managing partner at the Founders Fund.

Kazaa is another great example. After their legal walloping, the founders and
development team behind Kazaa regrouped to form Skype.

And then there's The Pirate Bay, which is still rolling merrily along, court
rulings notwithstanding. Its team hasn't created any billion-dollar companies
yet (we'll see what happens with Flattr), but they created a political party
that's won elections in multiple countries, as well as the webhosting company
PRQ, which was Wikileaks' home in its early days.

I don't think all of these later successes are a coincidence. Filesharing
involves hard technical problems, hard logistical problems, and intense
competition. If you were an investor, a blind strategy of giving money to the
best pirates you can find seems like it might be surprisingly sound.

~~~
rmc
_they created a political party that's won elections in multiple countries_

"won elections" is a bit of a stretch. In countries with multi-seat
constituancies and proportional representation, there are often minority/niche
candidates.

~~~
pemulis
They haven't won many heads-up elections, but they have won a few.[1] They're
also pulling significant percentages in Germany, and close to a full percent
in a few other countries. They're active in 40 at the moment. They're hardly a
major party, but doing pretty well for one that's only six years old.

[1]
[http://en.wikipedia.org/wiki/Pirate_Party#National_Pirate_Pa...](http://en.wikipedia.org/wiki/Pirate_Party#National_Pirate_Parties)

------
mtgx
This is why I'm glad HTTP 2.0 intends to implement SPDY's always-on
encryption. It probably won't be long until governments find a way around
that, especially the US government, who can pretty easily gain access to
companies like Google, Verisign, and even ICANN, but it would be a good first
step in the right direction. Hopefully future steps like web crypto will help
increase the security of people's conversations online further.

~~~
hughw
Alway-on encryption is necessary but not sufficient. As long as Facebook or
Google have the decrypted information, you are still subject to the
transnational dystopia.

The other day I found this fellow's idea for a peer-to-peer social network
service: <http://code.google.com/p/peer-book/>

"Your data is stored in a distributed fashion, across the network, so that
even when you turn off your instance of PeerBook, your friends will still be
able to view your Profile and send you messages.

"Of course, all of this data is encrypted and backed up several times, so that
even if Alice's data is being stored on Eve's machine, Eve will only be able
to read it if she is Alice's friend; and Eve will only ever be able to delete
her local copy of Alice's data which has no effect on its overall availability
to the rest of Alice's friends."

He's got the right idea. I haven't examined the project, and it doesn't seem
active.

~~~
ef4
<https://github.com/diaspora/diaspora>

~~~
moe
How on earth can you bring up diaspora in this context? Some kind of cruel
joke?

I'm downvoting parent and giving you the right link:
<https://freenetproject.org/>

~~~
ef4
Heh, I probably should have said it's not an endorsement. Just another example
of a (dubious) attempt at a distributed social network.

~~~
hughw
Thanks, it was useful to learn of the project.

------
aurelianito
This xkcd strip was never more on-topic than now.

<http://xkcd.com/538/>

~~~
gregsq
Yeah but,

<http://en.wikipedia.org/wiki/Rubberhose_(file_system)>

~~~
aurelianito
They will torture you just in case.

------
yakiv
Does it seem strange to anyone that the whole book isn't available for free?
This doesn't appear to be intended as mere entertainment. This is supposed to
be about maintaining freedom . . . it seems like a case where you'd want to
get your ideas out and save the day over earning money from it.

------
coopdog
I think his call to action at the end is too abstract. It's important to
understand that there is a problem, but the solution lies in understanding why
the government is the way it is and why people vote to have such a government
(fear).

The battle is winning the minds of the average person, by showing them that an
encrypted, unmonitored, uncensored internet is in their best interests and not
something to fear.

Or in the worst case, show that an all powerful (and therefore eventually
corrupt) government is the greater of two evils. The proper tool for this is
probably cheap, scalable marketing stunts and compelling media that spells
this out in layman's terms.

------
skrebbel
_Strong cryptography can resist an unlimited application of violence. No
amount of coercive force will ever solve a math problem._

Not entirely false, but <http://xkcd.com/538/>

~~~
elux
Long before Wikileaks, Assange worked on a project called "Rubberhose". (A
hidden encrypted filesystem designed to offer protection against cryptanalysis
by torture.)

<http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis> |
<http://en.wikipedia.org/wiki/Rubberhose_(file_system)>

Wired in 2008: "Among other achievements, he [Assange] co-invented Rubberhose
deniable encryption, which would let a dissident being tortured reveal one key
to unlock a hard drive, while not giving away that there was a second or third
password-locked folder of information."

[http://www.wired.com/politics/onlinerights/news/2008/07/wiki...](http://www.wired.com/politics/onlinerights/news/2008/07/wikileaks?currentPage=all)

~~~
jalada
See also: TrueCrypt hidden volumes.

------
contingencies
It is interesting that this preface has been extracted and hosted on Cryptome.
Given the history of Cryptome and Wikileaks; and having had the opportunity
back in 2009 to ask Assange in person about his views of Cryptome, I am no
doubt his eyebrows would raise as well. I wonder if John Young posted it
himself or it was submitted. IIRC part of Assange's concerns around Cryptome
were some well reasoned arguments around editorial and source protection
policy.

------
strictfp
I feel that we have to understand that using technology to fight legal battle
never is the right answer. As soon as the government sees a particular
technology as a hinder, threat or even an inconvenience, they can legislate
against it. This holds true for encryption, VPNs and all other technological
"saviours" that internet evangelists keep ranting about.

The truth is that the only reasonable thing to do is to become politically
active.

If you can't beat them, join them.

~~~
AnthonyMouse
Yes and no. Sure, we have to fight bad laws. Here's the thing: Encryption is
legal now, but what good is it if we don't use it?

We need to build and use technologies that respect human rights _and_ we need
to fight to make sure that they remain legal. One without the other is
nothing. There is no point fighting to keep something legal if you don't have
the technology and infrastructure to use it.

------
genuine
> and if all else fails, to accelerate its self-destruction.

Unfortunately, that is how you know if someone has gone off the deep end.

I agree though that we should all be encrypting communication, but our
government helped develop the methods of encryption, and some methods have
been known to have backdoors: [http://www-cs-
faculty.stanford.edu/~eroberts/cs201/projects/...](http://www-cs-
faculty.stanford.edu/~eroberts/cs201/projects/ethics-of-
surveillance/tech_encryptionbackdoors.html)

Why it is highly recommended not to implement your own encryption method, we
shouldn't be using something that could easily be decrypted by the wrong
people either. We need to study methods that we use extremely well, and be
aware that encryption susceptible to decryption via brute-force with
significant resources are just as dangerous as backdoors.

I also advocate development of wireless mesh networking technology to handle
larger adhoc networks. While those that wish to spy could still become a
member of an adhoc network, it would significantly complicate things for them.

------
mseebach
Tim Bray said it better:

 _Why It Matters: [...] This blog isn’t terribly controversial. But if only
the “controversial” stuff is private, then privacy is itself suspicious. Thus,
privacy should be on by default._

<https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS>

EDIT: Ironically, I accidentally linked to the non-HTTPS version. Fixed.

------
jimmytucson
My initial thoughts are, I don't know if this is the right way to combat
widespread warrantless search and seizure, although maybe it is. I'm not sold
either way.

Let's say there were some massive breech of probable cause before billions of
people used the internet every day. Maybe some king is issuing multitudinous
search warrants to go and seize all postal mail correspondence within some
large sector of the population. I'm thinking of something "old tymey" here.

Okay. Well, it seems to me, the 18th century version of Julian Assange would
essentially argue that people need to start getting good at writing in and
decoding cryptograms. What we really need is the 21st century version of James
Otis.

I know, it's a very, very unfair analogy. But it explains my point. If this
stuff that William Binney is talking about is really going on, wouldn't a
legal or a socio-political (not sure if I'm even using that term correctly)
response be more lasting and effective than having everybody start writing
letters in the form of a NY Times crossword puzzle?

------
mrich
This article seems to propose that encryption is the solution to everything.
However, it should be relatively easy to discern an encrypted message from an
unencrypted one. When everbody starts encrypting and this really poses a
threat to intelligence agencies and governments it will simply be outlawed and
payload that is deemed encrypted will not be routed.

------
ChristianMarks
I'm toying with a very low bit rate protocol for short length messages. Low
bit rates are associated with high signal to noise ratios at low power. Most
of the messages people send aren't worth sending or receiving, and among those
that are worth sending, many are short and non-urgent. There is a need for a
slow, highly obfuscated messaging service...

------
CorsairSanglot
Here's another excerpt from "Cypherpunks" at Salon:

[http://www.salon.com/2012/12/02/julian_assange_the_web_can_c...](http://www.salon.com/2012/12/02/julian_assange_the_web_can_create_revolutions_or_jail_revolutionaries/)

You can only buy this book direct from the publisher. Amazon isn't carrying
it.

~~~
rdl
You can also find it on popular torrent sites, as information wants to be
free. (I would have bought it if it had been on Amazon, but, well.)

1dc2e5b6f0d5036a182e85ab34da839d15eaf1ed cypherpunks.epub

5d546aaa83aebd43a2342f6dc737d271a34ff684 cypherpunks.mobi

ccaf1c45fc31633c9728dcd2cd4545b55a27be7c cypherpunks.pdf

~~~
CorsairSanglot
Wait...so your two options are buy from Amazon or pirate? Amazon is basically
the worst corporation on the face of the earth. Supporting a small publisher
-- especially a small publisher willing to publish Julian Assange, books about
Bradley Manning, and books about Wikileaks, is basically a decent thing to do.

~~~
rdl
Yeah, it's not so much a moral argument as that I'm willing to pay ~10 seconds
and up to $20 (and ideally, $10) for a book.

~~~
rdl
Actually I poked around the site more; it's not as bad as I thought (it takes
normal credit cards, although authorize.net is kind of a pain). And the non-
DRM ebooks are fairly acceptable. I'd still strongly prefer Amazon, but
wouldn't pirate out of spite.

------
BoredAstronaut
Even the strongest encryption is only as strong as the will of the person who
knows the key. And what if the state decides to enforce controls over access
to encryption algorithms and software? What if it's a crime to use unbreakable
encryption?

The only defence against tyranny is the effort of a sufficient number of
people, with the will and means to resist, choose to actively support freedom
and dismantle tyranny. Specifically, people in power: politicians, judges,
lawyers, and police. If the people who run the state, and exert force in its
name, prefer tyranny, then tyranny is what we'll get. And that's exactly what
happens when those who oppose tyranny abandon the state those who support it.

------
Egregore
I'm afraid until most people will understand the use of cryptography, there
will not be move forward.

I've spent a lot of time on ResoMail, a an easy to use open source secure
alternative mail, but during beta testing it didn't show user interest, people
don't understand the dangers of trusting their data to corporation and didn't
use it, so now the project is on hold, now I'm looking for new opportunities
to develop it.

------
mullingitover
>"Strong cryptography can resist an unlimited application of violence. No
amount of coercive force will ever solve a math problem."

No, but most average citizens' crypto is still ridiculously vulnerable to the
three Bs: Burglary, Blackmail, and Blunt force trauma.

------
nnq
very platonic, but totally oblivious to "rubber hose cryptanalysis" ...unless
you have a group of fanatically loyal people at the core of your "freedom
protectors" group and the "engineers" that implement your cryptography systems
part of this group, force and bribery will always win.

...and if you have a group of people truly loyal to freedom, then you don't
need much crypto anyway ...just spoken words, physical transfer
written/printed papers or usb sticks (this is how bin laden supposedly
communicated his speaches if I remember well, right?) or other media and a
brotherly handshake...

~~~
marshray
You might be interested to learn that Assange had developed the Rubberhose
file system. <https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29> So I
don't think he's oblivious to the concept.

~~~
nnq
do you how does it compare to similar features offered by TrueCrypt?

~~~
rattus
TrueCrypt's plausible deniability system is dependent on a passphrase instead
of an auth key iirc.

Another likely difference is that truecrypt works.

Neither will stand up to scrutiny for the purposes of deniability. It's
obscurity which is effective in the scenarios that the docs outline below.

<http://www.truecrypt.org/docs/?s=plausible-deniability>

------
lucb1e
And you can't donate with Bitcoin? What is this?

~~~
gasull
This is Cryptome, who isn't associated with Wikileaks. You can donate to
Wikileaks using Bitcoin.

------
TranceMan
Many governments now have no fear of encryption - trust no one....

~~~
IheartApplesDix
SHA-1024 Should only take a million square foot datacenter filled with GPUs an
hour or so.

------
guscost
TLDR: P ≠ NP

~~~
marshray
It's not proven that anything in TFA is actually NP.

------
b1daly
It's funny, I've come to think of the HN community as being the most skeptical
and contrarian of all internet forums. (Jokingly, to the point that if someone
posted a blog about how Hitler was evil, there would be an a reliable
proportion of posters here pointing out how the citation free post was
rhetorically weak and that there were some little understood benefits to the
Nazi regime).

Now, this short excerpt of Assange's argument strikes me as outlandish, and
there's only a couple of skeptical posts to be found!

There are a bunch of problems that I can see with it, I'll just list a few off
the top of my head.

1) It's a predictive argument, which is hard (prediction). The prediction is
that society will become worse because of the internet.

2) Glorification of the past: a casual consideration of societies and
governments of the past highlights that they are, all of them, horrible. You
don't have to go back far in US history to get to an amazingly evil government
(1970s CIA activities for example)

3) The increased transparency brought on by the internet is a good thing. ,I'm
glad Petraeus got his ass busted, as the phony hero creation meme has been
weakened that provides cover for US misdeeds in the war theaters. Governments
have been literally getting away with murder since time immemorial. There is a
better chance of stopping them if there is, in general, more public,
unencrypted communication (this is precisely what brought Petraeus down)

4) There is no way the public at large is going to start encrypting their
communication. That kind of secrecy is just not that useful to the average
citizen. It is also too complicated to understand for busy non-hackers.

5) The benefits created by network effects will be significantly diminished by
introducing private encryption. One of the main uses of the internet is the
creation of large scale markets. Markets are by definition public, or at least
open to a group. To get efficient markets you need a sizable group. To keep
access to a market private gets harder the more participants it has. Fairly
determined efforts to conduct secret, anonymous actions by hacker groups like
Anonymous have proved to be easily broken by law enforcement. And these are
hackers!

6) Efforts at resisting tyranny can be demonized, and crushed, more readily if
conducted in secret. The fact that Wikileaks acted somewhat non-anonymously to
release supposedly secret data to public is what made it effective. If Assange
had tried to undermine the secret making apparatus of the power structure in
secret, he would have been just another terrorist (and maybe dead)

I could go on, but my point is that I think what Assange is promoting here is
pointless. I can't even conceive of how private keys could be distributed to a
large network without being easily compromised. I would love to hear some of
you smarter folk comment on this.

~~~
narag
_1) It's a predictive argument_

We might be there already.

 _2) Glorification of the past_

I don't think so. More like a broken promise.

 _3) The increased transparency brought on by the internet is a good thing.
,I'm glad Petraeus got his ass busted_

That's just disingenuous. The secrets that really matters about military
operations are not public in any way, while you are happy because this guy
gets caught cheating his wife. Meh.

 _4) There is no way the public at large is going to start encrypting their
communication._

Oh, that's a predictive argument. Make something usable and we'll see.

 _5) The benefits created by network effects will be significantly diminished
by introducing private encryption._

So that networks effects are more important that freedom, aren't they?

 _6) Efforts at resisting tyranny can be demonized, and crushed, more readily
if conducted in secret._

Sorry, that's total nonsense.

~~~
b1daly
I can see how you can think I'm being disingenuous on point three, let me
expand a bit. I'm not glad he got busted for cheating on his wife just
because. My point is that the military uses propaganda, spread through the
mainstream media, to further it's agenda (which I think is bad). Petraeus'
image as a straight shooting, old school, unimpeachable hero type was used as
a cover for the morally unsavory aspects of our recent wars. It just happens
that he was brought down by a very human indiscretion which was revealed
through the use of an insecure network.

It illustrates that the indiscriminate sharing of information on public
networks gives increased transparency into the lives of people, including the
rich and powerful. Even if they know how to cover their tracks, they can be
exposed through the insecure practices of "civilians" with whom they interact.

Something that Assange doesn't quite address in the excerpt is that not only
do people not care about about secure communications, they actually want their
personal information on the "public" web. Most people do not have a group of
people they would like to communicate with but in a highly secure manner. The
exception would be for affairs.

Even people working for companies that have requirements for secrecy need low
friction method of exchange of information with larger networks of individuals
that they don't know well.

There are negative consequence to this (specifically the ease with which the
govt can spy on its citizens, as Assange points out).

But the cost to individuals, and to society, is too high for whatever benefits
a widely used "darknet" would have. The value of the internet is connecting
large numbers of people who are engaged in the various life activities that
people do. It is not compatible with secure networks. The porousness is a
feature not a bug.

I mean really, what sort of activities would an average person find it useful
to use a secure network for? Illicit, illegal, or insurgent. Not a real high
demand for this.

FWIW, I think what Assange has done with Wikileaks is heroic. I just think his
vision of a sort of private internet is impossible. It would have to be based
on "insiders" and "outsiders," a sort of division in the population. Those
sorts of division are only maintained through nasty applications of "real
life" power as far as I can see.

~~~
narag
_I mean really, what sort of activities would an average person find it useful
to use a secure network for? Illicit, illegal, or insurgent. Not a real high
demand for this._

I think that that's our fundamental point of disagreement. Demand doesn't
follow needs at once because people still doesn't know what they need. But
they will. Cases like Petraeus' will contribute to raise awareness.

Also sometimes people tend to use at home what they've learned to be useful at
work. Increased security in companies could contribute to the success of an
easy-to-use product.

More: piracy, people living under tyrannic regimes, cheaters, etc.

------
beloch
Assange certainly has a flair for the dramatic... but he doesn't understand
encryption.

[http://www.zdnet.com/blog/btl/wikileaks-insurance-file-
decry...](http://www.zdnet.com/blog/btl/wikileaks-insurance-file-decrypted-
names-of-informants-exposed/56553)

Wikileaks has distributed AES encrypted files that it claims are full of
government secrets. They have withheld the information needed to decrypt some
of those files ( although some keys have leaked from wikileaks, oddly enough)
as a deterrent to persecution by governments. There's just one minor
problem... This is effectively publication with delay, and it forces
governments to go after them hard rather than deterring them.

AES is based on computationally difficult to crack algorithms. If you assume
there will be no advances in algorithms, no new types of computers, no
weaknesses found in the implementation of AES, etc. then it will take a
comfortingly long period of time for these files to be cracked. These
assumptions are bad. Cracking algorithms are advancing rapidly. It is
astronomically improbable, but not impossible that someone could come up with
an efficient algorithm for factoring tomorrow that would render all factoring-
based cryptography impotent overnight. The prospect of quantum computing on
the horizon also places a time limit on how long these files can remain
secure.

 _When you commit secrets to a current form of encryption based on
computationally difficult problems and distribute the cypher text broadly, you
have effectively published those secrets with an unknown delay._

This is why governments want Assange so badly. He's not keeping secrets to
deter them, he's publishing them with a delay because he doesn't know what the
heck he's doing when it comes to encryption. If he used a one-time-pad (Vernam
cipher) and kept the key on his person he'd be in a far better position, but
he's apparently too stupid to do this. How do you use a one-time pad?

Cipher = message XOR key (XOR = exclusive OR)

10110101... (secret message in binary)

11010111... (true random key)

\--------

01100010... (ciphertext)

For this to work, Assange would have to distribute the ciphertext and keep the
random key secret, perhaps on a USB key around his neck. This method of
encryption has been mathematically proven to completely secure provided the
key is truely random and not from a pseudo-random number generator. True
random number generators can be bought for relatively cheap these days. If
Assange had encrypted the files this way they would be safe from any
cryptographic attack, safe from quantum computers, or anything else out there.
For all time. The only thing that could unlock these files would have been his
USB key. Obviously, this is not a convenient method for online transactions,
since transmitting the secret gives eavesdroppers all they need to decode the
ciphertext. However, for the use Assange has been putting AES to, one-time
pads are _perfect_.

Why didn't Assange use a one-time pad? The only answer can be that, for all
his bluster, he remains utterly ignorant of how encryption works. Thanks to
his ignorance the governments of the world have a vested interest in taking
him down. Even if someone else picks up where Assange left off, hopefully that
someone will understand how encryption works.

~~~
psykotic
> AES is based on factoring.

And you say _he_ doesn't understand cryptography?

~~~
beloch
I'm not in classical crypto, so I occasionally mess up and call algorithms
based on computational difficult "based on factoring". The end result is the
same though. Publication with delay.

~~~
jlgreco
RSA and AES are _wildly_ different animals. You break RSA by factoring very
large numbers. Currently this is done with GNFS, which is steadily improving.
Theoretically, it may also be possible to do it _much_ faster. Nobody brute
forces RSA.

In order to crack AES though you need to either brute force it (which you will
_never_ do. Not that many bits, just forget about it.) Or you need a
cryptanalytic attack that allows you to do it with reasonable computation and
memory complexity. An attack that is currently unknown.

But surely such an attack could conceivably appear.. so what is the
difference? The difference is that while RSA _is_ a ticking clock (worse case
scenario: slap on another ~256 bits to "factor-able" every 5 to 10 years), AES
is only a ticking clock in the sense that we cannot rule out the possibility
that one day it may start to tick.

If anyone in the world can crack AES, or will be able to crack AES anytime
soon, it's the NSA, And it _does not matter_ to Assange if they can crack it
(unless the entire insurance file is a bluff).

AES was and is absolutely the correct choice for an insurance file. _(I
believe this is about when tptacek steps in, correctly calls me an idiot, and
points out that another symmetric key cipher is a better choice.)_

~~~
CryptoGap
The NSA doesn't use code it can't crack...

AES is broken on-the-fly now.

Even if information is encrypted. They now just store EVERYTHING indefinitely
until they can crack it.

Makes you wonder if in the future, when they crack your encrypted content if
your grandchildren will get a visit...

The nazi's did that kind of thing too...

