Jump to content

Cypherpunk: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Added direct link to A.P. for Jim Bell mention
Replaced accidentally deleted pic of John
Line 289: Line 289:


Cypherpunks list participants included many notable computer industry figures. Most all were list regulars, although not all would call themselves "cypherpunks"[http://www.wired.com/culture/lifestyle/news/2002/09/55114].
Cypherpunks list participants included many notable computer industry figures. Most all were list regulars, although not all would call themselves "cypherpunks"[http://www.wired.com/culture/lifestyle/news/2002/09/55114].

[[File:John Gilmore 2009.jpg|thumb|right|John Gilmore is one of the founders of the Cypherpunks mailing list, the [[Electronic Frontier Foundation]], and Cygnus Solutions. He created the alt.* hierarchy in [[Usenet]] and is a major contributor to the [[GNU]] project.]]


* [[Julian Assange]]: — [[WikiLeaks]] founder, [[Rubberhose (file system)|deniable cryptography]] inventor, journalist, co-author of ''[[Underground (Suelette Dreyfus book)|Underground]]''
* [[Julian Assange]]: — [[WikiLeaks]] founder, [[Rubberhose (file system)|deniable cryptography]] inventor, journalist, co-author of ''[[Underground (Suelette Dreyfus book)|Underground]]''

Revision as of 20:34, 21 August 2010

A cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change.

Originally communicating through the cypherpunks mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s, heavily influenced by the hacker tradition and by libertarian ideas. Many cypherpunks were quite active in the intense political and legal controversies around cryptography of the 90s, and most have remained active into the 21st century.

Origins of the term

The term cypherpunk, derived from cipher and punk, was coined by Jude Milhon as a pun to describe cyberpunks who used cryptography.[1] In November 2006, the word was proposed for inclusion in the Oxford English Dictionary.[2] The Cypherpunks included several notable computer industry figures, for example Ian Goldberg, Bram Cohen and Nikita Borisov.

History

Before the mailing list

Until about the 1970s, cryptography was mainly done in secret by military or spy agencies. However, in the 70s, there were two publications that brought it out of the closet, into public awareness. One was the US government publication of the Data Encryption Standard, a block cipher which became very widely used. The other was the publication by Whitfield Diffie and Martin Hellman of the first publicly available work on public key cryptography.

From that time on, cryptography was openly discussed and people began to examine its political and social consequences. There are substantial issues there; cryptography can be used to protect personal privacy or government and corporate secrets, but it can also be used by criminals to hide their schemes or their profits. Should strong cryptography be widely used or strictly limited? From the beginning, some of the speculations and some of the arguments were along lines we would now call cypherpunk.

Sometime in the late 80s, these ideas coalesced into something like a movement.

Cypherpunk mailing list

The cypherpunk originated as an informal group of people interested in privacy and cryptography who originally communicated through the cypherpunks mailing list. Through most of the 90s, cypherpunks communicated largely through the cypherpunks mailing list, although there were also cypherpunk "physical meetings" and parties.

The list was started in 1992, peaked around 1997, and has one remaining node as of August 2010: "cypherpunks@al-qaeda.net". At its peak, "cypherpunks" was a very active list with technical discussion ranging over mathematics, cryptography, computer science, political and philosophical discussion, personal arguments and attacks, etc., with some spam thrown in. An email from John Gilmore shows an average of 30 messages a day Dec 1, 1996 to March 1, 1999, and suggests that the number was probably higher earlier.[3] There were well over a thousand subscribers at the peak

For a time, the cypherpunks mailing list was a popular tool with mailbombers,[4] who would subscribed a victim to the mailing list in order to send him or her a deluge of messages (this was usually done as a prank, in contrast to the syle of terrorist referred to as a mailbomber). This precipitated the mailing list sysop(s) to institute a reply to subscribe system. Approximately two hundred messages a day was typical for the mailing list, divided between personal arguments and attacks, political discussion, technical discussion, and early spam.[5][6]

The cypherpunks mailing list had extensive discussions of the public policy issues related to cryptography and on the politics and philosophy of concepts such as anonymity, pseudonyms, reputation, and privacy. Of course these discussions are continuing elsewhere since the list shut down.

Events such as the GURPS Cyberpunk raid lent weight to the idea that private individuals needed to take steps themselves to protect their privacy. In its heyday, the list discussed the public policy issues related to cryptography, as well as more practical nuts-and-bolts mathematical, computational, technological, and cryptographic matters themselves. The list had a range of viewpoints and there was probably no completely unanimous agreement on anything. The general attitude, though, definitely put personal privacy and personal liberty above all other considerations.

Early discussion of online privacy

In at least two senses, people on the list were ahead of more-or-less everyone else. For one thing, the list was discussing questions about privacy, government monitoring, corporate control of information, and related issues in the early 90s that did not become major topics for broader discussion until ten years or so later. For another, at least some list participants were more radical on these issues than almost anyone else.

Those wishing to understand the context of the list might refer to the history of cryptography; in the early 90s, the US government considered crypto software a "munition" for export purposes, which hampered commercial deployment with no gain in "national security", as knowledge and skill was not limited to US citizens. (PGP source code was published as a paper book to bypass these regulations and demonstrate their futility.) The US government had tried to subvert cryptography (eg by requiring SkipJack and key-escrow). It was also not widely known among the lay population that all communications were logged by government agencies (cf NSA and ATT scandal) though this was taken as an obvious axiom by listmembers. See Crypto Anarchist[original research?]

The list entertained novel social ideas enabled by such increasingly known cryptographic techniques as anonymity and private communication. One example is Bell's Assassination Politics, as an inevitable consequence of anonymous cash. Reputation-based systems (and their weaknesses) were also popular, in part because they provide a distributed anarchic alternative to central authenticators.[original research?]

The original cypherpunk mailing list, and the first list spin-off, "coderpunks", were originally hosted on John Gilmore's toad.com, but after a falling out with the sysop over moderation, the list was migrated to several cross-linked mail-servers in what was called the "distributed mailing list".[7][8] The coderpunks list, open by invitation only, existed for a time. Coderpunks took up more technical matters and had less discussion of public policy implications. There are several lists today that can trace their lineage directly to the original Cypherpunks list: the "Cryptography" list (cryptography@metzdowd.com), the "Finncial Cryptography" list (fc-announce@ifca.ai), and a small group of closed (invitation-only) lists as well.

Toad.com continued to run with the existing subscriber list, those that didn't unsubscribe, and was mirrored on the new distributed mailing list, but messages from the distributed list didn't appear on toad.com.[9] As the list faded in popularity, so too did it fade in the number of cross-linked subscription nodes.

To some extent, the cryptography list acts as a successor to cypherpunks; it has many of the people and continues some of the same discussions. However, it is a moderated list, considerably less zany and somewhat more technical. A number of current systems in use trace to the mailing list, including Pretty Good Privacy, /dev/random in the Linux kernel (the actual code has been completely reimplemented several times since then) and today's anonymous remailers.


Main principles

The basic ideas are in this quote from the Cypherpunk Manifesto:

Privacy is necessary for an open society in the electronic age. ...

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy ...

We must defend our own privacy if we expect to have any. ...

Cypherpunks write code. We know that someone has to write software to defend privacy, and ... we're going to write it. ...[10]

Many cypherpunks are technically quite sophisticated; they do understand ciphers and are capable of writing software. Some are or were quite senior people at major hi-tech companies and others are well-known researchers (see list with affiliations below). However, the "punk" part of the name indicates an attitude:

We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.[10]

This is crypto with an attitude, best embodied by the group's moniker: Cypherpunks.[11]

The first mass media discussion of cypherpunks was in a 1993 Wired article by Steven Levy titled Code Rebels:

The people in this room hope for a world where an individual's informational footprints -- everything from an opinion on abortion to the medical record of an actual abortion -- can be traced only if the individual involved chooses to reveal them; a world where coherent messages shoot around the globe by network and microwave, but intruders and feds trying to pluck them out of the vapor find only gibberish; a world where the tools of prying are transformed into the instruments of privacy.

There is only one way this vision will materialize, and that is by widespread use of cryptography. Is this technologically possible? Definitely. The obstacles are political -- some of the most powerful forces in government are devoted to the control of these tools. In short, there is a war going on between those who would liberate crypto and those who would suppress it. The seemingly innocuous bunch strewn around this conference room represents the vanguard of the pro-crypto forces. Though the battleground seems remote, the stakes are not: The outcome of this struggle may determine the amount of freedom our society will grant us in the 21st century. To the Cypherpunks, freedom is an issue worth some risk.[11]

The three masked men on the cover of that edition of Wired were prominent cypherpunks Tim May, Eric Hughes and John Gilmore.

Later, Levy wrote a book Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age[12] covering the "crypto wars" of the 90s in detail. "Code Rebels" in the title is almost synonymuous with "cypherpunks".

The term "cypherpunk" is mildly ambiguous. In most contexts in means anyone advocating cryptography as a tool for social change. However, it can also be used to mean a participant in the cypherpunks mailing list described below. The two meanings obviously overlap, but they are by no means synonymous.

Documents exemplifying cypherpunk ideas include the Crypto Anarchist Manifesto,[13] the Cypherpunk Manifesto[10] and the Ciphernomicon.[14]

Privacy of communications

A very basic cypherpunk issue is privacy in communications. John Gilmore said:

That's the kind of society I want to build. I want a guarantee -- with physics and mathematics, not with laws -- that we can give ourselves real privacy of personal communications.[15]

Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography. See politics of cryptography for discussion.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act.[10]

This was a central issue for many cypherpunks. Most were passionately opposed to various government attempts to limit cryptography — export laws, promotion of limited key length ciphers, and especially escrowed encryption.

Privacy and self-revelation

A whole set of issues around privacy and the scope of self-revelation were perennial topics on the list.

Consider a young person who gets "carded" when he or she enters a bar and produces a driver's license as proof of age. The license includes things like full name and home address; these are completely irrelevant to the question of legal drinking. However, they could be useful to a lecherous member of bar staff who wants to stalk a hot young customer, or to a thief who cleans out the apartment when an accomplice in the bar tells him you look well off and are not at home. Is a government that passes a drinking age law morally obligated to create a privacy-protecting form of ID to go with it, one that only shows you can legally drink without revealing anything else about you? In the absence of that, is it ethical to acquire a bogus driver's license to protect your privacy? For most cypherpunks, the answer to both those questions is "Yes, obviously!"

What about a traffic cop who asks for your driver's license and vehicle registration? Should there be some restrictions on what he or she learns about you? Or a company that issues a frequent flier or other reward card, or requires registration to use its web site? Or cards for toll roads that potentially allow police or others to track your movements? Or phone company and Internet records? In general, how do we manage privacy in an electronic age?

Cypherpunks generally consider suggestions of various forms of national uniform identification card too dangerous; the risks of abuse far outweigh any benefits.

Financial privacy

Questions of privacy in financial matters were another perennial topic.

Cash is almost anonymous; if I pay for dinner with a few bills, then the restaurant (short of doing an analysis of DNA traces on the bills) learns almost nothing about me and my menu choices are not in any record tied to my identity. However, if I pay with a credit card, the bank and the restaurant get more data. This might be used to my disadvantage, perhaps by a data-trolling marketer or a divorce lawyer wondering who my dinner companion was. Various government bodies may also use financial records — the tax department, efforts to seize gangsters' assets, the related effort to trace "money laundering" schemes, attempts to collect financial intelligence, or some countries' controls on currency exchange.

Can we combine the anonymity of cash with the convenience of electronic payment? Technically, the answer is almost certainly yes (see digital cash), but what are the social implications? In particular, what happens to the tax system, or other government controls, if anonymous financial transactions become commonplace? The more radical cypherpunks would say those controls would be destroyed, and that would clearly be a good thing.

This is probably the area where the libertarian influence on cypherpunk thinking is most obvious. Some argued that digital cash could eliminate a whole range of problems brought on by government "interference" in what should naturally be "open markets".

Anonymity and pseudonyms

The questions of anonymity, pseudonymity and reputation were also extensively discussed.

Arguably, the possibility of anonymous speech and publication is vital for an open society, an essential requirement for genuine freedom of speech — this was the position of most cypherpunks. A frequently cited example is that some of the leaders of the American Revolution published anonymously. On the other hand, the possibility of anonymity may facilitate various forms of criminal activity, notably conspiracy and libel.

On the net, one can use a pseudonym, often shortened to just nym. This has some of the advantages and problems of anonymity, but adds its own complications. A pseudonym can be tied to a public key so that only an authorised person can use it. Several people might share a pseudonym, as for the mathematician Nicolas Bourbaki who published a number of papers but never actually existed. One person might have multiple pseudonyms. A pseudonym can acquire a reputation — if clever things often appear under the pseudonym, then a new message using that name will be taken seriously. On the other hand, if many messages from a nym are idiotic, a new one may not even be read and will certainly not be accepted without caution.

Censorship and monitoring

Questions of censorship and government or police monitoring of various things were also much discussed. Generally, cypherpunks opposed both.

In particular, the US government's Clipper chip scheme for escrowed encryption of telephone conversations (encryption secure against most attackers, but breakable at need by government) was seen as anathema by many on the list. This was an issue that provoked strong opposition and brought many new recruits to the cypherpunk ranks. List participant Matt Blaze found a serious flaw[16] in the scheme, helping to hasten its demise.

Some cypherpunks make analogies with gun laws. Widespread use of strong cryptography is desirable for exactly the same reason that an armed citizenry is; it limits the power of a repressive government. Legal restrictions on cryptography, like restrictions on guns, only create problems for honest citizens; criminals naturally ignore such laws.

Activism

Cypherpunks are by no means just a bunch of people chatting about ideas; they are often activists, using a variety of tactics to further their goals. Of course they have been rather vocal in various public debates. They have also written software, built hardware, written papers, filed Freedom of Information Act requests, started lawsuits, and advocated civil disobedience.

Software projects

As the Manifesto says "Cypherpunks write code";[10] the notion that good ideas need to be implemented, not just discussed, is very much part of the culture.

John Gilmore, whose site hosted the original cypherpunks mailing list, wrote:

We are literally in a race between our ability to build and deploy technology, and their ability to build and deploy laws and treaties. Neither side is likely to back down or wise up until it has definitively lost the race.

Cypherpunks have built and deployed quite a bit of code. Anonymous remailers such as the Mixmaster Remailer were almost entirely a cypherpunk development. Among the other projects they have been involved in were PGP for email privacy, FreeS/WAN for opportunistic encryption of the whole net, Off-the-record messaging for privacy in Internet chat, and the Electronic Freedom Foundation EFF's TOR project for anonymous web surfing.

Hardware

In 1998, the Electronic Frontier Foundation built a $200,000 machine that finds a Data Encryption Standard key in a few days; details are in Cracking DES.[17] See DES for background.

The project leader was John Gilmore, and the goal of the project was to demonstrate beyond question that DES was insecure. As many cypherpunks saw it, this was necessary because the US government had been telling deliberate lies about the security of DES for some time.

Expert panels

Cypherpunks also participated, along with other experts, in several reports on cryptographic matters.

One such paper was Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security.[18] It suggested 75 bits was the minimum key size to allow an existing cipher to be considered secure and kept in service. At the time, the Data Encryption Standard with 56-bit keys was still a US government standard, mandatory for some applications.

Other papers were critical analysis of government schemes. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption,[19] evaluated escrowed encryption proposals. Comments on the Carnivore System Technical Review.[20] looked at an FBI scheme for monitoring email.

Lawsuits

Cypherpunks have filed a number of lawsuits, mostly suits against the US government alleging that some government action is unconstitutional.

Phil Karn sued the State Department in 1994 over cryptography export controls [21] after they ruled that, while the book Applied Cryptography[22] could legally be exported, a floppy disk containing a verbatim copy of code printed in the book was legally a munition and required an export permit, which they refused to grant. Karn also appeared before both House and Senate committees looking at cryptography issues.

Daniel Bernstein, supported by the EFF, also sued over the export restrictions, arguing that preventing publication of cryptographic source code is an unconstitutional restriction on freedom of speech. He won, effectively overturning the export law. See Bernstein v. United States for details.

Peter Junger also sued on similar grounds, and won.

John Gilmore has sued two US Attorneys General (Ashcroft and Gonzales), arguing that the requirement to present identification documents before boarding a plane is unconstitutional.[23] These suits have not been successful to date.

Civil disobedience

Cypherpunks encouraged civil disobedience against what they saw as idiotic laws, in particular US law on the export of cryptography. Until about 2000, cryptographic code was legally a munition and export required a permit.

Adam Back wrote a version of the RSA algorithm for public key cryptography in three lines of Perl[24][25] and suggested people use it as an email signature file:

 #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
 $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) 

People did use it that way, so then every time they sent email to a foreigner or to an international mailing list, they were violating the export laws. There were also T-shirts sold with the code and mailing labels with it printed on them. A few people even got the code put into tattoos; would that make it illegal for them to go abroad?

Vince Cate put up a web page that invited anyone to become an international arms trafficker; every time someone clicked on the form, an export-restricted item — originally PGP, later a copy of Back's program — would be mailed from a US server to one in Anguilla.[26] There were options to add your name to a list of such traffickers and to send email to the president registering your protest.

These protests did get some attention. According to the sites, the New York Times covered the mailing labels, the BBC mentioned the T-shirts, and CNN showed the arms trafficker page.

Cypherpunk fiction

In Neal Stephenson's novel Cryptonomicon many characters are on the "Secret Admirers" mailing list. This is fairly obviously based on the cypherpunks list, and several well-known cypherpunks are mentioned in the acknowledgements. Much of the plot revolves around cypherpunk ideas; the leading characters are building a data haven which will allow anonymous financial transactions, and the book is full of cryptography. But, according to the author[27] the book's title is — in spite of its similarity — not based on the Cyphernomicon,[14] an online cypherpunk FAQ document.

There was a pornographic cypherpunk movie called Cryptic Seduction, produced by someone using the pseudonym Randy French. It caused great amusement in cypherpunk circles, but did not make money. At one point the copyright for it was up for auction.[28]

Jim Bell and "Assassination Politics"

Jim Bell took the general cypherpunk tendencies toward anarchism or libertarianism farther in an essay titled "Assassination Politics":[29]

Imagine for a moment that as ordinary citizens ... see an act by a government employee or officeholder that they feel violates their rights ... If only 0.1% of the population, or one person in a thousand, was willing to pay $1 to see some government slimeball dead, that would be, in effect, a $250,000 bounty on his head. Further, imagine that anyone considering collecting that bounty could do so with the mathematical certainty that he could not be identified, ... Perfect anonymity, perfect secrecy, and perfect security.

He worked out the mechanisms for this in considerable detail, and speculated extensively on the political consequences. Naturally, the discussion on the list was intense. Later, Bell was arrested and convicted[30] for tax evasion, with accusations of attempts to intimidate IRS agents. Still later, another case was brought against him, alleging "stalking and intimidating local agents of the IRS, Treasury Department and BATF"[31] Another list subscriber, Carl Johnson, was also convicted[32] of sending threatening emails. Discussion of Bell's essay played a prominent part in all three trials.

Cypherpunk logins

Cypherpunk, cypherpunks or cpunks are also occasionally used as a username and password on websites which require registration, especially if the user does not intend to return or does not wish to reveal information about himself. The account is left for later users. As of August 2010, username "cypherpunks01" with password "cypherpunks01" seems to be one of the few of these "public use accounts" which seems to be widely available. Many such accounts were publicly announced on the list.

Well Known or otherwise Notable Cypherpunks

Cypherpunks list participants included many notable computer industry figures. Most all were list regulars, although not all would call themselves "cypherpunks"[1].

John Gilmore is one of the founders of the Cypherpunks mailing list, the Electronic Frontier Foundation, and Cygnus Solutions. He created the alt.* hierarchy in Usenet and is a major contributor to the GNU project.
  • indicates someone mentioned in the acknowledgements of Stephenson's Cryptonomicon

See also

References

This article incorporates material from the Citizendium article "Cypherpunk", which is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License but not under the GFDL.
  1. ^ Re: Jude Milhon in WIRED
  2. ^ ResourceShelf » Oxford English Dictionary Updates Some Entries & Adds New Words; Bada-Bing, Cypherpunk, and Wi-Fi Now in the OED
  3. ^ http://jya.com/cp-who.htm
  4. ^ Re: POST: The Frightening Dangers of Moderation
  5. ^ Re: Re: Add To Your Monthly Income!!
  6. ^ Cypherpunks Date Index for 1997 04
  7. ^ Re: Sandy and the Doc
  8. ^ Newgroup - distributed mailing list on the way?
  9. ^ Switching to full traffic mode
  10. ^ a b c d e Eric Hughes (1993) A Cypherpunk's Manifesto
  11. ^ a b Steven Levy (May 1993), Code Rebels, Wired
  12. ^ Steven Levy (2001). "Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age. Penguin. p. 56. ISBN 0-14-024432-8. {{cite book}}: Cite has empty unknown parameter: |1= (help)
  13. ^ Tim May (1992) Crypto Anarchist Manifesto
  14. ^ a b Tim May, Cyphernomicon
  15. ^ John Gilmore, home page
  16. ^ Matt Blaze (1994), Protocol failure in the escrowed encryption standard
  17. ^ Electronic Frontier Foundation (1998), Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation, ISBN ISBN: 1-56592-520-3 {{citation}}: Check |isbn= value: invalid character (help)
  18. ^ Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson & Wiener (1996). "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security". {{cite journal}}: Cite journal requires |journal= (help)CS1 maint: multiple names: authors list (link)
  19. ^ Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller & Bruce Schneier (1998), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption{{citation}}: CS1 maint: multiple names: authors list (link)
  20. ^ Steven Bellovin, Matt Blaze, David Farber, Peter Neumann & Eugene Spafford, Comments on the Carnivore System Technical Review{{citation}}: CS1 maint: multiple names: authors list (link)
  21. ^ "The Applied Cryptography Case: Only Americans Can Type!".
  22. ^ Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9 {{citation}}: Check date values in: |date= (help)CS1 maint: extra punctuation (link)
  23. ^ Gilmore v. Gonzales
  24. ^ Adam Back, export-a-crypto-system sig, web page
  25. ^ Adam Back, post to cypherpunks list, RSA in six lines of Perl
  26. ^ Vince Cate, ITAR Civil Disobedience (International Arms Trafficker Training Page)
  27. ^ Neal Stephenson, Cryptonomicon cypher-FAQ {{citation}}: Cite has empty unknown parameter: |1= (help)
  28. ^ Andrew Orlowski (March 2002), "Alice, Bob and Eve too: Crypto porno movie goes up for auction", The Register
  29. ^ Jim Bell (1997) Assassination Politics
  30. ^ Associated Press (December 1999), Jim Bell sentenced
  31. ^ Deborah Natsios (June 2001), Homeland Defense and the Prosecution of Jim Bell
  32. ^ Carl Johnson files