
The cypherpunk revolution - oska
http://passcode.csmonitor.com/cypherpunk
======
DonHopkins
Wired Issue 1.02 | May/Jun 1993 | Crypto Rebels | John Gilmore Challenges the
NSA [1]

What if Gilmore wins, and the NSA is forced to reveal all but the most secret
information about cryptography? Would national security be compromised, as the
NSA claims? "I don't think so," says Gilmore. "We are not asking to threaten
the national security. We're asking to discard a Cold War bureaucratic idea of
national security which is obsolete. My response to the NSA is: Show us. Show
the public how your ability to violate the privacy of any citizen has
prevented a major disaster. They're abridging the freedom and privacy of all
citizens -- to defend us against a bogeyman that they will not explain. The
decision to literally trade away our privacy is one that must be made by the
whole society, not made unilaterally by a military spy agency."

[1]
[https://archive.wired.com/wired/archive/1.02/crypto.rebels_p...](https://archive.wired.com/wired/archive/1.02/crypto.rebels_pr.html)

~~~
cicero
I think I read this when it first came out. I loved Wired back then.

------
neaden
A good read but I'm struck by how politically naive so many of the crypto
crowd seems to be. The idea of escaping the government by going into
cyberspace is nonsenical on it's head. You are a body. You buy things for your
body. You go do body things all the time. Besides buying software, ebooks, and
movies everything else you buy with something like bitcoin is physical and
cannot be encrypted. Even with Lackey living on Sealand on San Fransico time
had to be buying canned food, diesel, etc. If any government had been
interested in what he was doing it would have been trivially easy to keep tabs
on him.

ETA: This quote from May especially struck me “Would Hitler and Himmler have
used ‘key recovery’ to determine who the Jews were communicating with so they
could all be rounded up and killed?” The Nazi's wouldn't have really cared
what Jewish people were saying because they just wanted to kill them.
Similarly if we think of something like the Soviet Union while cryptography
would have undeniably been helpful for dissidents for coordination and getting
ideas out ultimately you still need to have people on the streets or in office
to get anything changed.

~~~
pjc50
Here is a more recent example from history: the use of encrypted
communications by the ANC in organising against the South African government.

[https://www.nelsonmandela.org/omalley/index.php/site/q/03lv0...](https://www.nelsonmandela.org/omalley/index.php/site/q/03lv03445/04lv03996/05lv04001.htm)

You're right that you need to have people on the streets or in office to get
anything changed. I think too many people forget this and forgo the slow hard
work of street-by-street politics and downticket races.

~~~
neaden
Agreed. I want to be clear that I do think that encryption has an important
role in organization and social change. I'm just struck by claims from some of
the self-identified cypher-punks that encryption could mean taxation would be
impossible or the idea of escaping into this "Other Plane" as a way to secure
freedom.

~~~
stale2002
Why couldn't it make taxation impossible?

Sure, you still need to buy things in person, which can be done with cash. But
drug dealers seem to be able to do a pretty good job of evading taxes.

Imagine if everything that you bought in person was done with cash, or a
bitcoin payment. That money would be untaxable.

If you buy a house, for sure, the government can track that, and you need to
make sure the money used to buy that is "clean", but a surprising large
percentage of a person expenses could be done in a safe way.

~~~
philipkglass
It's not sufficient to just lean heavily on cash. You also need to have a
legitimate-looking explanation for where the cash came from if the tax
authorities check up on you. Even if you can work anonymously and get paid via
anonymously mailed envelopes of cash or Bitcoin, good luck living a normal
middle class lifestyle while avoiding income taxes.

Buying a house or renting housing leaves a paper trail. So does renting or
buying a car from most places that sell or rent cars. So does paying utility
bills. So does paying for prescription drugs, medical services, car insurance,
life insurance... So does paying for higher education.

I guess if you had some cash-only tax evading side business you could use cash
to buy things like food, clothing, gasoline, and miscellaneous household
goods. But you're not going to be able to dodge the taxes on middle class
life's major expenses -- at least not without tripping the same mechanisms
that catch drug dealers buying cars etc. with cash. I suppose you could live
like an off-the-grid survivalist who never interacts with ordinary businesses.
That looks like a lot more work than living an ordinary life where you work at
jobs that don't involve trusting other criminals, buy things and pay taxes
like usual.

------
wuschel
Very lengthy, well written article about the history, political implications
and principles of public key encryption.

I am a big fan of this technology [1], and still hope that it will be more
wide spread among citizens in a secure form. Like freedom of speech,
information security is definitely an important pillar of the modern state and
empowers citizens. Unfortunately, all attempts to introduce it to the masses
and get it right from the security point of view have failed so far.

It is a tough balancing act to get right [2]: freedom, convenience, safety -
you seemingly can only have two of them.

[1] e.g. in the form of [https://www.gnupg.org/](https://www.gnupg.org/)

[2]
[https://www.schneier.com/blog/archives/2010/11/dan_geer_on_c...](https://www.schneier.com/blog/archives/2010/11/dan_geer_on_cyb.html)

------
__jal
Tim May wrote a (very long) "FAQ" for the Cypherpunks that may be of interest
to folks who are interested in this sort of thing:

[http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.h...](http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html)

The Cypherpunks list was remarkable for a time. Very high-volume, fractious,
competitive, vicious, with at least one participant going to jail for a long
time due to acting on some of the ideas. And very, very full of ideas ranging
from mind-candy to very dangerous.

May's Cyphernomicon[1] is really his interpretation of what was going on,
colored heavily by his politics. Paraphrasing the joke, ask three cypherpunks
what the word meant and you'd get four answers. But the document is an in-
depth look at some of the implications of cryptography, a look at some deeply
non-mainstream politics, and a contemporaneous recounting of the politics and
technology development of a really interesting period of time and a really
interesting mailing list that had, I think, a surprisingly outsized (if hard
to pin down) role in shaping security policy[2].

[1] Stephenson's Cryptonomicon came out at roughly the same time as May's
work, and it was one of those funny little accidents that the name collided.

[2] I do think the Clipper chip fiasco and the ITAR changes wouldn't have
played out the same way without the collaboration that happened on the list,
and it was fertile ground that lead to several companies and weirder entities
being formed.

~~~
DonHopkins
Graffiti found at 16th/Harrison (just outside Wired office), San Francisco,
Mar/Apr 94. Photo by Tom Jennings: tomj@wps.com [1]

    
    
        STOP CLIPPER
        Fuck the NSA.
    

[1] [http://imgur.com/a/npfL7](http://imgur.com/a/npfL7)

~~~
__jal
WiReD was located just off of South Park back then.

~~~
DonHopkins
You're right -- for some reason I'm sure I saw it somewhere around here:

[https://www.google.com/maps/@37.7807772,-122.3941129,3a,75y,...](https://www.google.com/maps/@37.7807772,-122.3941129,3a,75y,325.22h,68.43t/data=!3m6!1e1!3m4!1sHgiX6NLnTKgWYsGIHdd09w!2e0!7i3328!8i1664)

Maybe he was trying to throw off the NSA, and protect the not-so-innocent...
;)

------
jgrahamc
_Back in October 1944, Koenig had suggested a theoretical way of securing a
telephone call by having the recipient of a call add noise to the signal and
then subtract it afterward. Only Bob could subtract the noise, because only he
knew what he had added in the first place. An eavesdropper, Eve, simply would
not know how to modify the noise, because she wouldn’t have access to the
noise that had been added to the phone conversation in the first place._

Since that's not terribly clear, here's the explanation:
[https://techpinions.com/an-old-mystery-solved-
project-c-43-a...](https://techpinions.com/an-old-mystery-solved-
project-c-43-and-public-key-encryption/18205)

------
ChuckMcM
Ah yes, Cryptowars I :-) As part of my involvement in the Java project I was
building crypto classes that you could call from other objects. The
NSA^h^h^hDepartment of Commerce was concerned. A couple of the things that
were patented out of that project had to be cleared by them. Very odd
experience.

The idea that a piece of software could not be legally exported from the US
but could be fetched via FTP from Italy was pretty amazing in its dissonance.
All of the representatives of the federal government I ended up interacting
with all understood that the battle was "lost" but they were doing their part
to slow or chill research or distribution.

~~~
daeken
I know this is a content-free comment, but I've been following your comments
here for years now, and you always have interesting stories. Thank you for
contributing!

------
walterbell
These days, it's challenging to minimize the amount of information given to
commercial communication vendors. At present,
[https://Wire.com](https://Wire.com) (from Skype's founder) is the only cross-
platform and easily usable messaging service that:

    
    
      - has E2E encryption [0] of text, image, audio, video
      - does not require phone # [1]
      - does not require address book upload
      - is not ad-supported
      - has open-sourced code for their desktop and mobile clients
      - has single msg editing & deletion
    

[0] derived from the Signal protocol, implemented in Rust, needs more external
review/audit, [https://wire.com/privacy/](https://wire.com/privacy/)

[1] using a desktop browser, register at
[http://app.wire.com](http://app.wire.com) with email, then login to mobile
app

~~~
ashitlerferad
Are there any that do metadata obscurity?

~~~
dublinben
You would need to use a messaging app that routes your traffic over Tor, or
some other anonymizing network. Some options like Ricochet or Tor Messenger
are being developed.

------
cryptolect
Amusing to note that a site hosting a detailed article on the "cypherpunk
revolution" doesn't support https.

------
clydethefrog
Talking about cyberphunk / cyberpunk culture, why does it feel that the
popular definition and approach nowadays is a defeatist (or sometimes even
glorifying) attitude to an unavoidable future of megacorporations and post-
industrial dystopia, instead of celebrating the punk side of it? Or am I just
checking out the wrong corners like /r/cyberpunk?

~~~
walterbell
Because paid speech is now pervasive on social networks, especially on topics
with commercial consequences, from a variety of competing actors with deep
pockets and diverse agendas. Punk stakeholders likely cannot compete in either
paid speech or mass audience reach for subversive lyrics.

Readers will gradually learn how to select writers with independent
perspectives, filtering out groupspeak, as they have learned to do with
advertising.

Edit: manually curated Twitter whitelists, connected to Flipboard, can provide
an efficient view of reader-prioritized, coherent perspectives. We need better
whitelist support on discussion services.

~~~
knowaveragejoe
Can you quantify what "pervasive" means in this sense?

~~~
walterbell
"Pervasive" is within the context of high-profile topics. One academic study
was "Grassroots for Hire", [https://www.amazon.com/Grassroots-Hire-
Consultants-American-...](https://www.amazon.com/Grassroots-Hire-Consultants-
American-Democracy/dp/1107619017)

For DIY quantification, create a spreadsheet of userids, threads and manually
tagged perspectives from your favorite social network or discussion forum.
Then apply open-source tools for social network graph analysis of node
interactions. With this data, apply exclusion filters to targeted clusters of
userids, then re-read the "mass opinion". Palantir has proprietary software
for network influence analysis, but many algorithms and OSS tools are
available from academia.

------
teod
Steven Levy's "Crypto"
[[http://www.stevenlevy.com/index.php/books/crypto](http://www.stevenlevy.com/index.php/books/crypto)]
is a good read on this topic if you're looking for something more in-depth.

~~~
jaffa214525
$23 for a book from 2001 on an evolving topic? Surprised there's not a 2nd
edition. Anything that includes the 2000-2010 decade as well?

~~~
slgeorge
It's extremely well researched and well written, with fantastic insight - well
worth 23 USD - highly recommend.

------
j2kun
> Back in October 1944, Koenig had suggested a theoretical way of securing a
> telephone call by having the recipient of a call add noise to the signal and
> then subtract it afterward. Only Bob could subtract the noise, because only
> he knew what he had added in the first place. An eavesdropper, Eve, simply
> would not know how to modify the noise, because she wouldn’t have access to
> the noise that had been added to the phone conversation in the first place.

The scheme is called a one-time pad, and while it might be considered
impractical, it was definitely used successfully. In fact Alan Turing
apparently contributed to one such device:
[https://en.wikipedia.org/wiki/SIGSALY](https://en.wikipedia.org/wiki/SIGSALY)

~~~
j2kun
Interestingly, according to Wikipedia the SIGSALY was in production before
Koenig "invented" the technique. And according to the one-time pad page, one-
time pad was first theoretically invented in 1882 by Frank Miller
[https://en.wikipedia.org/wiki/One-
time_pad](https://en.wikipedia.org/wiki/One-time_pad)

~~~
jgrahamc
You should read the article and my comment above. This was not a one time pad
as they was no distribution of a pad. Only one side added and removed the
noise.

~~~
j2kun
The article you posted does not seem to contradict what I said, but rather
support it.

> The Project X method required courier distribution of noise tracks on
> phonograph records. Because the noise had to be as long as the speech it
> masked and each track could only be used once–it was the audio equivalent of
> a Vernam cipher or a one-time pad–the system was exceedingly cumbersome.

~~~
jgrahamc
You don't appear to have read it.

------
nvk
Must see "OpenDime: Real Life Cyberpunk Cred Sticks"
[https://www.youtube.com/watch?v=ypQHc3EQVfE](https://www.youtube.com/watch?v=ypQHc3EQVfE)

~~~
cptskippy
That's a interesting idea but damned if I'm going to stick a random USB device
into my computer.

~~~
M_Grey
Maybe that's how you demonstrate your "creds"? "You want me to do _what_ with
that USB? In my port? Go away."

~~~
cryptolect
Maybe an NFC implementation would be more acceptable.

~~~
M_Grey
I don't know, I kind of like the notion of offering someone an USB killer and
if they put in into their machine, you never trust them again
(cryptographically or otherwise). Jokes aside though, yes, I think NFC would
be less likely to be dangerous to your computer, but maybe easier to eavesdrop
on?

------
nxzero
Revolution amoung subsets of a population is no revolution.

What is need is a mainstream movement to embrace crypto as a fundamental human
right.

____________

Sidebar: The article is part of "Passcode" \- a field guide to security and
privacy from The Christian Science Monitor:
[http://passcode.csmonitor.com](http://passcode.csmonitor.com)

~~~
happyslobro
It always starts underground. When it breaks out into the mainstream, it won't
even be a movement anymore, it will just be life as usual. That green lock
will be gone from the browser, along with any protocols that do not end in
"s". The dozen or so communications apps on your phone will be encrypting
everything, but not exposing any configuration.

And, only one company will sign everyone's public key, because regular users
just want to delegate everything to a familiar name. Then we will need another
revolution, an underground network of public key signers. With names like
51GNpnk and TheRealBob. One of TheRealBobs will come smoke a joint with you in
your parent's basement, and sign your key for $5, so that you can get into the
Minecraft party on the weekend.

~~~
dijit
This is the world I want to live in.

~~~
dublinben
If you join your local Cryptoparty, you will likely find someone who will sign
your public key for free. Check out cryptoparty.in to find the closest one, or
some great resources for starting your own.

~~~
BostonEnginerd
There are a few parties running in the Boston area now. The
cryptoparty.in/boston page hasn't been updated in a bit, but there is almost
always an cryptoparty on the last Wednesday of the month at Parts and Crafts
in Somerville.

------
kyled
"Public-key encryption was revolutionary for a simple reason. It solved the
age-old security problem of key distribution."

Not by itself. That's what protocols are used for. A weak protocol would allow
for an attacker to intercept public keys, allowing the attacker to mitm
communications.

------
20yrs_no_equity
I've been developing software professionally since the 1980s, when I had to
build a computer from scratch. I've seen these three waves first hand-
personal computers, now in your palm, the internet, now ubiquitous with cell
networks, and finally crypto. The third has not yet become mainstream.

I will say this- we are on the verge of the crypto revolution. I have never
before seen so much energy and effort, and finally, money in the crypto
sphere. In large part because now there is cryptographic money (eg: bitcoin et
al.)

For those of you who think that the startup scene has become lame where you're
just building apps to sell advertising, you're missing out.

The thing about the crypto revolution is that it is not nearly as obvious.
Internet and PCs were obviously great in the early days- great for everyone.
Crypto is harder, has a learning curve for consumers and until that's
eliminated it's easy to think that it will go nowhere in the same way that pgp
has effectively gone nowhere for 20 years.

Much in the way that we've given up on "artificial intelligence" and made
great strides in machine learning.. crypto is on the edge.

It's the place you want to be.

------
DanBC
Here's a short interview by Simon Singh with Clifford Cocks about the bits he
did:
[https://www.youtube.com/watch?v=a-xEiOvXux4](https://www.youtube.com/watch?v=a-xEiOvXux4)

Here's a longer clip of the same interview:
[https://www.youtube.com/watch?v=oR0_LPbWxe4](https://www.youtube.com/watch?v=oR0_LPbWxe4)

Sidenote: that Banksy street art (photo in article) has already been
destroyed.

