CYPHERPUNK LEGACIES
Post by Rusty


The most important aspect to an individual's digital rights in the 21st
century is encryption. And it's under threat once again. The problem--one
common to many internet issues--is that despite its overwhelming
importance, encryption's neither easy to fully comprehend nor does it make
for a simple, sexy narrative.

***

"Privacy is the power to selectively reveal oneself to the world."
-- Eric Hughes, from "A Cypherpunk's Manifesto."

***

I've been combing through the Cypherpunks listserv archives from
1992-1998, trying to glean philosophical insights into the first major
fight over whether safe & complete encryption could be available to
everyone on the web. Of course, cypherpunks were never a cohesive group;
they are more of a loose confederation of folks who see encryption as a
liberatory foundation for individual autonomy. But what an intersection of
minds: mathematicians, programmers, engineers, lawyers, shitkickers.

The listserv grew out of a meeting of what mathematician Eric Hughes
sarcastically dubbed Cryptology Amateurs for Social Irresponsibility
(CASI). This invitation-only meeting took place in Hughes' home in
Berkeley, CA. Twenty cryto activists were invited including John
Gilmore--who had founded the Electronic Frontier Foundation with Mitch
Kapor & John Perry Barlow only 2 years previously--& Timothy May, an
electronic engineer who founded a crypto-anarchist movement. Many in this
crew shared deeply libertarian beliefs in the sanctity of the individual &
a suspicion of governmental power. According to Stephen Levy, May,
"produced a fifty-seven page handout, along with an elaborate agenda
including discussion of 'societal implications of cryptography,' 'voting
networks,' and 'anonymous information markets'" (210). Participants played
games & exchanged PGP public keys. Judith Milhon, going by the handle St.
Jude at the time, declared at one point, "You guys are cypherpunks!" (Levy
211). The name stuck to the group.

Hughes decided to keep the momentum going by starting the Cypherpunks
listserv on John Gilmore's server (with the delightful domain name of
toad.com). In a few weeks, 100 participants had joined & by 1993, the
number mushroomed to 700 (Levy 211-2). The community connected through the
listserv was incredibly active with multiple thought-provoking posts being
fired off in a single day. Participants shared transcripts of lectures on
cryptography, reading lists, manifestos, & sometimes line-by-line
responses to each other's posts. As in much of the early internet, there
is a freewheeling, iconoclastic tenor to their conversation, but there's
also scientific precision & passionate belief. The cypherpunks were trying
to give the public the tools to encryption not for personal gain, but in
order to make the internet safer for all of us. Here in the U.S.,
cypherpunks helped fight the Crypto Wars against the FBI & the NSA,
forcing the government to stop considering cryptographic alogorithms as
classified munitions & seeing them as protected speech.

***

"'The world has already been taken over. You may have noticed this. We're
just trying to get some of it back.'"
-- Judith Milton AKA St. Jude, "Cypherpunk Movement," from an email dated
1992-09-25

***

I'm not a programmer & my grasp of mathematics has never moved much beyond
high school algebra so there's much in the Cypherpunks listserv that I do
not understand. I see heated discussions about program bugs & I treat them
like tricks in a magic show: I clap at the appropriate times, but I don't
always grasp the inner workings. However, the emails between members
fascinate me because they articulate a vision for a less abusive world, a
world where individuals maintain control.

***

Reading through these archives can be eerie; cypherpunks saw how
governments wanted shoddy encryption with back door vulnerabilities so
that they could collect information on their citizens. As early as 1992,
some members predicted how a government could just gather as much data as
possible on all citizens, then retroactively examine it when needed,
weaponizing it against individuals deemed to be threats. Look at this
scenario that electrical engineer Keith Henson articulates in an email on
1992-10-27

"One consequence of this proposal would be the capturing of *all* email
traffic for (possible) subsequent decryption under a court order.  After
all, how could you complain?  They couldn't read your messages of the last
ten years unless they happened to get a court order.  Knowing how easy it
is to get a pliant judge to issue an order, this would be really
chilling."

Henson essentially predicts the NSA's post-9/11 PRISM program in which
metadata on all Americans' calls were gathered, the very same program that
Edward Snowden leaked to the public.

***

"You don't understand the theory of power.  Simply make the penalty for
encryption without registry, larger than the penalty for any other crime.
Then no crime can be hidden behind it.  It's like getting Al Capone for
income tax evasion; if you investigate someone and they are enforcing
privacy on their communications, you can put them in jail for life for
that, and can stop worrying about the original suspected offense."
--John Gilmore in an email dated 1992-10-27.

***

Reading the list can also be surreal. Basic encryption programs that we
all take for granted like PGP [Pretty Good Privacy] were considered
illegal if they crossed U.S. borders. I'm thinking of how PGP's inventor
Phil Zimmerman was charged with "exporting munitions without a license" in
1993 because PGP was being used to protect the communications of
grassroots political groups across the globe. Members in the Cypherpunks
listserv followed Zimmerman's trial closely, of course, & debated the
relative safety of being found by government officials with encryption
programs. In 1994-1995, some members discussed whether U.S. Customs would
be able to spot encryption programs on laptops. Carol Anne Braddock in a
1995-01-01 email, writes:

"I couldn't agree with the general drift much more. The real objective is
to get the customs officials used to the procedure of dealing the
cryptograhic materials. Your best asset is a good feature reporter and a
photograher. Right now, I don't think U.S. Customs is going to ask you if
you have PGP in your PC if you leave the country, or return either. They
should, and I'd be proud to say yes."

Bringing computer code on a plane treated like carrying a bomb! After a
protracted battle, Zimmerman ultimately won his case. He smartly published
PGP in a book, arguing that it was protected speech. In this way, the
fight over encryption also became a fight over what kinds of information
citizens are allowed to share with each other.

***

I saw this meme circulating on Mastodon the other day: DANCE LIKE NO ONE'S
WATCHING, ENCRYPT LIKE EVERYONE IS.

***

At its core, the Cypherpunks mailing list considers the issue of trust in
a world that so often is lacking it. A lot of the cypherpunks saw that
trust would be even harder to maintain in an online world because the
difficulty of authentication. Eric Hughes proclaims in a 1992.10.06 email:
"In the electronic world, all you have are persistent pseudonyms." Hughes
argues that what matters in digital interactions is not trust, but rather
persistence. In other words, I don't care who you "really" are, just that
I know you'll consistently act in a particular way. This idea led many
cypherpunks to ask the question: can we create an internet that does not
require trust to operate? One can see how these early conversations would
lead to the development of blockchain & zero knowledge architectures, or
ledgers of interpersonal transactions that both allow anonymity, but don't
allow manipulations in the record.

***

The fight to protect encryption never ends. The FBI is currently pissed
that Apple won't break the encryption on the San Bernadino shooter's
iPhone. The Attorney General William Barr has made it quite clear that he
views encryption with deep suspicion. And now there are various forms of
legislation trying to attack encryption indirectly, to hold internet
platforms liable for how users employ it.

***

My recent letter to Lindsey Graham:

Dear Senator Graham:

I strongly urge you to reconsider pursuing the EARN IT Act legislation
because it threatens the very existence of end-to-end encryption. While
EARN IT's explicitly stated goal is to work against child sex abuse
material (CSAM) on internet platforms, it actually is trying to eviscerate
Section 230 of 1996's Communications Decency Act (CDA), which holds that
internet platforms cannot be held liable for what users do or say. First
of all, federal law already fights against CSAM. According to Stanford's
Center for Internet & Society: "Federal law, specifically Chapter 110 of
Title 18 of the U.S. Code (18 U.S.C. §§ 2251-2260A), already makes
everything about CSAM a crime: producing, receiving, accessing, viewing,
possessing, distributing, selling, importing, etc." The problem with EARN
IT is that, in its current form, it would create a commission not elected
by voters who would write a set of "best practices" for platforms that
would attack one of the core American rights: the right to privacy. Many
parts of the federal government, include the FBI & the Attorney General,
have made it clear that they despise encryption. I believe EARN IT would
grant both the oversight commission & the Attorney General powers to
attack encryption in its foundational role in the communications of
everyday, law-abiding people. I believe that this piece of legislation is
hiding its full intent under two cloaks: trying to fight CSAM & popular
outrage against social media companies. Senator Graham, if you truly care
about protecting Americans & limiting the powers of our federal
government, you will stop pursuing EARN IT.

***

These daring words from John Perry Barlow feel like a good ending.
Certainly dramatic: "You can have my encryption algorithm when you pry my
cold dead fingers from its private key."

***

Resources

Zipped files of Cyberpunk listserv:
<http://cryptome.org/cpunks/cpunks-92-98.zip>

Eric Hughes' "A Cypherpunk's Manifesto":
<https://www.activism.net/cypherpunk/manifesto.html>

Steven Levy, Crypto: How the Code Rebels Beat the Government--Saving
Privacy in the Digital Age, New York: Penguin, 2001.

Riana Pfefferkorn,"The EARN IT Act: How to Ban End-to-End Encryption
Without Actually Banning It," Stanford Center for Internet & Society.
<https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it>

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.