From extropians-request@extropy.org Mon Oct 4 18:08:48 1993 Return-Path: Received: from usc.edu by chaph.usc.edu (4.1/SMI-4.1+ucs-3.0) id AA21430; Mon, 4 Oct 93 18:08:45 PDT Errors-To: Extropians-Request@gnu.ai.mit.edu Received: from ude.tim.ia.ung.gnu.ai.mit.ed (ude.tim.ia.ung.gnu.ai.mit.edu) by usc.edu (4.1/SMI-3.0DEV3-USC+3.1) id AA22667; Mon, 4 Oct 93 18:08:36 PDT Errors-To: Extropians-Request@gnu.ai.mit.edu Received: by ude.tim.ia.ung.gnu.ai.mit.edu id AA01306; Mon, 4 Oct 93 20:54:23 EDT Received: from news.panix.com by ude.tim.ia.ung.gnu.ai.mit.edu via TCP with SMTP id AA01296; Mon, 4 Oct 93 20:53:54 EDT Received: by news.panix.com id AA00483 (5.65c/IDA-1.4.4 for exi-maillist@ung.gnu.ai.mit.edu); Mon, 4 Oct 1993 20:53:47 -0400 Date: Mon, 4 Oct 1993 20:53:47 -0400 Message-Id: <199310050053.AA00483@news.panix.com> To: Extropians@extropy.org From: Extropians@extropy.org Subject: Extropians Digest X-Extropian-Date: October 5, 373 P.N.O. [00:53:35 UTC] Reply-To: extropians@extropy.org Errors-To: Extropians-Request@gnu.ai.mit.edu Status: RO Extropians Digest Tue, 5 Oct 93 Volume 93 : Issue 277 Today's Topics: BLACKNET: The truth is thought provoking [1 msgs] BLACKNET: The Truth is thought provoking [1 msgs] BLACKNET: The truth is thought provoking [2 msgs] Community construction & the Crypto Shops of Isher [1 msgs] DIET: Too little fat causes brain damage! [1 msgs] EXTROPY/Extropy Institute information [1 msgs] Events in Russia [1 msgs] FWD: A Cure for the Common Code [1 msgs] SSubscription Information [1 msgs] Administrivia: No admin msg. Approximate Size: 54044 bytes. ---------------------------------------------------------------------- Date: Mon, 4 Oct 1993 10:52:06 -0700 From: dkrieger@Synopsys.COM (Dave Krieger) Subject: DIET: Too little fat causes brain damage! >From: hfinney@shell.portal.com (Hal Finney) >Subject: DIET: Too little fat causes brain damage! >X-Extropian-Date: Remailed on October 4, 373 P.N.O. [16:52:31 UTC] >X-Message-Number: #93-10-137 > >It is important to realize that Brooks' post was a hoax, as he clearly stated. I looked at Brooks' post THREE TIMES after reading this message from Hal, looking for the statement he mentioned, and was preparing to flame Hal saying there was no such disclaimer, when I finally did find it (if you haven't seen it yet, it's waaay off the bottom of the message): >I hope my hoax was sufficiently authentic-sounding to have a few of you >going for awhile. If you enjoyed it, buy some shares of BROOX which I just >registered! > >Robert Hal goes on: >Frankly, I think this was an unfortunate and inappropriate hoax. I, too, >was taken in by the first few paragraphs. I have read of studies in the >past which gave VERY TENTATIVE HINTS that suicide rates were higher in >people with very low fat diets. Brooks' hoax was all too plausible given >this background. > >If you want to perpetrate a hoax, make it funny, or give it some other >reason for existing. Damn straight. Don't expect BROOX to trade at anything above .01 for a long time. dV/dt "Fool me once, shame on thee; Fool me twice, and start checking your morning oatmeal for landmines" ------------------------------ Date: Mon, 4 Oct 93 14:06:35 EDT From: chrism@ksr.com Subject: FWD: A Cure for the Common Code This was posted yesterday to talk.politics.crypto: ----- begin forwarded message ----- Denver Westword, Vol. 17 Number 5, Sept. 29 1993 Cover Story: Secrets Agent The Government wants to break him, but Boulder's prince of privacy remains cryptic. Contents: A Cure for the Common Code, p.12 Worried about your privacy? Your secret is safe with this guy. by ERIC DEXHEIMER This post brought to you by Information Liberation Front (ILF) Cyberspatial Reality Advancement Movement (CRAM) BlackNet cypherpunks === Late last month, much to the satisfaction of sheriff's deputies in Sacramento County, California, William Steen began serving 68 months in prison for trafficking in child pornography over computers and then attempting to hire a man to kill one of the teenagers who had testified against him. Detectives who worked on the case say the sentence represents an almost entirely gratifying end to the two-year-old effort to track down and convict Steen. The prosecution was not quite perfect, though. Police were unable to nail any of Steen's network of child porn associates, which officials suspect was extensive. Neither were Sacramento County law enforcement officers-- nor outside computer experts, for that matter-- able to read Steen's computer diary, which police think may contain the names of his other teenage victims. The reason is that Steen, of Santa Clara, California, had installed a powerful code on his computer to electronically scramble what he had written. Although experts were quickly able to determine the name of the encoding program-- called Pretty Good Privacy, or PGP-- efforts to break it failed miserably. "The task was given to us to decrypt this stuff," recalls William Sternow, a California computer-crime expert called in on the case. "And to this day we have not been able to do it." Sternow and the other experts-- including the Los Angeles Police Department, which tired to dismantle PGP as well-- probably shouldn't hold their breaths waiting for a breakthrough. It is unlikely that they will crack Steen's diaries anytime soon, probably not in their lifetimes. Forget your cereal-box decoder rings. Pretty Good Privacy, a computer program designed by a short, slightly round Boulder programmer named Philip Zimmermann, is, as far as the current technology is concerned, about as accessible as Fort Knox. While PGP has frustrated the California cops, it has done wonders for its inventor's reputation among a thriving underground network of electronic cowboys. In the two years since he published Pretty Good Privacy, the program has propelled Zimmermann from a struggling Colorado software author missing mortgage payments to something of a folk hero among hackers, both in the U.S. and across the world, where the program has been translated into nearly a dozen languages. "I can go anywhere in Europe," boasts Zimmermann, "and not have to buy lunch." Not everyone wants to feed Phil Zimmermann. Count among his enemies the U.S. Customs Service, which is investigating him for violating export laws. Add RSA DAta Security, a Redwood City, California, company that says it is considering taking him to court for swiping its encoding technology. And of course, top off the list with any number of frustrated law enforcement agencies, from the supersecret National Security Agency (NSA) all the way down to the Sacramento sheriff's department. "Phil Zimmermann? He's a dirtbag," spits out Brian Kennedy, the detective who headed up the Steen investigation. "He's an irresponsible person who takes credit for his invention without taking responsibility for its effect. He's protected people who are preying on children. I hope that someday he'll get what he deserves." === What Phil Zimmermann deserves more than anything this gray morning is a few more hours of sleep. "I was up until four this morning working on the computer," he grumbles with not-very-well-disguised irritation. "Give me 45 minutes to become human." One hour later, this is what Phil Zimmermann looks like, human: a short guy, a little paunchy. He wears large aviator glasses, a heavy beard and an easy elfin grin. Today he is also wearing beige pants, a green shirt, and blue Etonic sneakers. Although separately none of the parts looks askew, for some reason the package still looks rumpled. His living room feels small and is crammed with books, a respectable percentage of which are bona fide, Noam Chomsky-certified leftist tracts. The back room of the north Boulder house serves as Zimmermann's computer lab. Three machines are on-line. Outside light is denied entrance by shaded windows. Books and magazines-- _The_ _Journal_ _of_ _Cryptology_-- carpet the floor in no discernible order. In the southwest corner of the room lies a small mattress, where for the past several days a Toronto college student has slept. The student, whose name is Colin Plumb, learned about the Boulder programmer about a year ago after plucking PGP off a computer network. He composed a letter to Zimmermann expressing admiration for the encrypting software, one of the thousands of pieces of fan mail that have poured into Zimmermann's mailbox and computer since June 1991, when PGP was first published. Now Plumb is here for two weeks as a volunteer assistant, helping Zimmermann update Pretty Good Privacy. He is not the first admirer to make the hajj to Boulder. "I get people here all the time," says Zimmermann. "A month ago I got a visit from a guy from Brazil. He used PGP back in Rio de Janeiro, and he was touring the country and he wanted to meet the guy who invented it." Zimmermann continues: "I get mail from people in the Eastern Bloc saying how much they appreciate PGP-- you know, 'Thanks for doing it.' When I'm talking to Americans about this, a lot of them don't understand why I'd be so paranoid about the government. But people in police states, you don't have to explain it to them. They already get it. And they don't understand why we don't." What we don't understand, at least according to an explanation of Pretty Good Privacy that accompanies the software, is this: "You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be doing something that you feel shouldn't be illegal, but is. Whatever it is, you don't want your private electronic mail or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution." Simple stuff, But Zimmermann and PGP have done more than provide an electronic cloak for the steamy computer messages of a few straying husbands. In fact, the publication of Pretty Good Privacy has probably done more than any other single event to shove the arcane-- and, until recently, almost exclusively government-controlled-- science and art of cryptology into the public consciousness. Much of that is inevitable. The explosion of electronic mail and other computer messaging systems begs a megabyte of privacy questions. While a 1986 federal law prevents people from snooping into computer mail without legal authorization, the fact remains that electronic eavesdropping is relatively simple to do. To an experienced hacker, unprotected computer communications are like so many postcards, free for the reading. Encryption systems simply put those postcards inside secure electronic envelopes. This may sound innocuous. But it is highly distressing to those branches of the government that say they occasionally need to listen in to what citizens are saying. In recent public debates in Congress and in private meetings, representatives of the FBI and the NSA have argued vigorously that they need high-tech tools to provide for the public and national security. They contend that this includes the capability to read any and all encoded messages that whip across the ether. To these computocops, widely available encryption in general-- and specifically, PGP-- is dangers. "PGP," warns Dorothy Denning, a Georgetown University professor who has worked closely with the National Security Agency, "could potentially become a widespread problem." To those who increasingly rely on the swelling network of computer superhighways to send, receive, and store everything from business memos to medical records to political mailing lists, however, the idea of a CIA spook or sheriff's department flunky listening in to their conversations and peeking at their mail is chilling. They fear that without basic privacy protection, the promise of the Information Age also carries with it the unprecedented threat of an electronic Big Brother more powerful than anything ever imagined by George Orwell. === When Phil Zimmermann moved to Boulder from Florida in 1978, he had every intention of earning a master's degree in computer science. Instead he went to work for a local software company. And he began fighting the good fight against big bombs. "In the early 1980s it looked like things were going to go badly," he recalls. "There was talk of the Evil Empire. Reagan was going berserk with the military budget. Things looked pretty hopeless. So my wife and I began preparing to move to New Zealand. By 1982 we had our passports and traveling papers. That year, though, the national nuclear freeze campaign had their conference in Denver. We attended, and by the time the conference was over we'd decided to stay and fight." He attended meetings. He gave speeches. He marched on nuclear test sites in Nevada. ("I've been in jail with Carl Sagan and Daniel Ellsberg," he says. "Daniel Ellsberg twice.") He taught a course out of the Boulder Teacher' Catalogue called "Get Smart on the Arms Race." ("The class is not anti-U.S.; it is anti-war," a course summary in the 1986 catalogue explains." In the snatches of free time between nuke battles, Zimmermann continued feeding a lifelong fascination with secret codes. "I've always been interested in cryptology, ever since I was a kid," he says. "I read _Codes_ _and_ _Secret_ _Writings_ by Herbert Zimm, which showed you how to make invisible ink out of lemon juice. It was pretty cool." "When I got to college I discovered that you could use computers to encode things. I started writing codes, and I thought they were so cool and impossible to break. I know they were trivial and extremely easy to break." For Zimmermann, who is 39 years old, writing and breaking codes had always been just a hobby, albeit an increasingly intensive one. Up until 1976, that is, when his hobby became an obsession that would absorb the next fifteen years of his life. That's because, like everyone else who had been dabbling in encryption at the time, Phil Zimmermann was swept away by the revolutionary concept of public-key cryptography and the RSA algorithms. === Secret codes have been used for thousands of years, but they have always operated on the same principle: The words or letters of the message to be encoded-- called the "plaintext"-- are replaced by other words, letters, numbers and symbols. These are then shuffled, rendering the communication incomprehensible. As spies and other secretive sorts began to use computers, the basic idea remained the same. But the substitution and shuffling became increasingly complex. (Just how complex is difficult to grasp. This summer a panel of experts met to evaluate the NSA's most recent encryption system. They concluded that it would take a Cray supercomputer 400 billion years of continuous operation to exhaust all the possible substitutions.) Yet even with the most scrambled substitutions, encryption always suffered from a glaring weakness: A code is only as secure as the channel over which it travels. What this has meant practically is that messages-- whether flown by pigeon or broadcast over a shortwave-- could always be intercepted by the enemy. This was particularly dangerous when it came time to share the code's "key." Traditionally, codes were always encrypted by a key that would garble, say, plain English into unreadable gobbledygook. The encoded message would then be sent to the recipient, who would use the same key to translate the message back into English. The problem with this, of course, is: How do you get the key from one place to another without danger of its being intercepted? After all, once a key is swiped by the bad guys, the entire code is rendered useless. Worse yet, what if you had no idea the key had been stolen, and your enemies continued to freely read messages you thought were protected? This is especially troublesome when you're trying to maintain a large network of secret sharers. Surprisingly, this ancient glitch was not cleared up until the spring of 1975. That's when a Stanford computer junkie named Whitfield Diffie created a crypto-revolution called public-key cryptology, a system simple in theory-- but complicated in practice-- that effectively solved the problem of key sharing. What Diffie did was imagine a system with two mathematically related keys, one public and one private. The public key could be as public as a published address. The private key would not be shared with anyone. The connection was that a message encoded with one key could be decoded by the other. To understand how this works, imagine the keys as public and private telephone numbers. The sender garbles a message with the receiver's public key, obtained from the computer equivalent of a phone book. Once sent, the only way the message can be decoded is with the receiver's mathematically related private key. Since each receiver has his own private key, no one has to share keys, and there is no danger of having the solution to the code intercepted. Equally important, each encoded message could bear the unique signature of its sender. (The sender encodes the message with his private key. The receiver affirms the message's authenticity by using the sender's mathematically related public key to unscramble the communication.) This eliminates the potential for some meddling third part to send a false message. Diffie's idea of two keys instead of one ignited a bomb among the burgeoning community of computer hackers and academic math types, who immediately began toying with public-key encryption. Not surprisingly, it didn't take long for the theory to be applied to real-life codemaking. In 1977 three MIT scientists named Ronald Rivest, Adi Shamir and Leonard Adelman constructed a series of algorithms, or mathematical instructions, that put Diffie's idea into practice. The three men named their public-key encryption system RSA, after their initials. They patented the algorithms and formed a company, RSA Data Security. Today the company practically enjoys a monopoly on public-key encryption. It puts out an eye-catching advertising pamphlet ("RSA. BEcause some things are better left unread." and sells millions of dollars' worth of encoding packages (one example: BSAFE 2.0). RSA's president is D. James Bidzos. He is not lining up to buy lunch for Phil Zimmermann. In fact, he claims that Zimmermann is little more than a poseur whose only real contribution to cryptology was to swipe RSA's technology. "Phil seems very eager to let people believe what he wants them to believe," complains Bidzos. "He like to perpetuate the idea of his being a folk hero." === Phil Zimmermann says that while he became fascinated with public-key encryption in the mid-1970s, he didn't begin seriously contemplating designing a useful application until 1984, when he was researching an article about the subject for a technical magazine. In 1986 he began fiddling with the RSA algorithms-- what he describes as "RSA in a petri dish." He says he enjoyed some mathematical successes, but that his work was still a far cry from any program that could be used to encode information." After dabbling in crypto-math and computers for four years, Zimmermann decided at the end of 1990 to construct a workable encoding package. In December, he says, he began working twelve-hour days exclusively on what was to become pretty Good Privacy. The work took its toll-- he neglected his software consulting business and missed five payments on his house-- but by the middle of 1991, the program was ready to go. In June Pretty Good Privacy was released over the Internet as software free for the taking. It was faster and simpler to use than other public- key encryption programs on the market, and the price was right. The feedback was almost instantaneous. Thousands of people quickly downloaded PGP and began using it to encrypt their own messages. Although PGP didn't contribute a lot to the theory of encryption, it did make cryptology usable and available to the average computer jock, says David Banisar, an analyst for the nonprofit Computer Professionals for Social REsponsibility in Washington, D.C. "Phil didn't invent the engine," he says, "but he did fit it inside the Ford." Indeed, the father of public-key cryptology himself says Zimmermann's proletarian privacy program is the closest thing yet to what he had in mind when he invented public-key encryption nearly two decades ago-- a nongovernment encoding system that would give the average computer user the means to communicate without fear. "PGP has done a good deal for the practice of cryptology," says Whitfield Diffie, who now works for Sun Microsystems near San Francisco. "It's close to my heart because it's close to my original objectives." In perhaps the greatest testimony to Zimmermann's program, even those who condemn the programmer for irresponsibly releasing PGP continue to use his software. "It's a great program," concedes Sacramento computer expert Sternow. "We recommend in our training to cops that they use it to encrypt their stuff." Sternow estimates that more than 500 law enforcement officers currently use PGP. PGP also spurred a loose-knit California-based group of computer users with a passion for cryptology to form a new organization to carry the torch. The group, whose members call themselves the Cypherpunks, espouses an unabashed libertarian philosophy when it comes to electronic privacy-- specifically, that privacy is far too crucial a civil right to be left to the governments of the world, and that the best way to head off government control of cryptology is to spread the capability to shroud messages to everyone. "Phil showed that an ordinary guy just reading the papers that already existed could put together an encryption system that the Nation Security Agency could break," says John Gilmore, one of three founders o the Silicon Valley-based Cypherpunks. "It took a certain amount of bravery to put this out, because at the time the government was talking about restrictions on cryptography." James Bidzos failed to see Zimmermann's courage, however. In fact, all he saw was theft. after concluding that Pretty Good Privacy was based on RSA's patented algorithms, he placed a call to Boulder. Basically," he recalls, "we said, 'What the fuck?' " Bidzos also contends that Zimmermann hardly wrote the program out of altruism, even through Pretty Good Privacy is technically free. "The documentation he distributes with PGP is misleading," he says. "It does give the impression that Zimmermann is a hero hell-bent on saving you from the evil government and an evil corporation. Gee, strike a blow for freedom." Yet, Bidzos continues, "he did this with every intention of making money. It was clearly to make money, no doubt about it. He told me just before he released it, 'Hey, I've been working on it for six years, I've put my whole life into it, I'm behind on my mortgage payments and I need to get something out of it." Bidzos says he approached Zimmermann again several months later after PGP was published and it was clear the free privacy program was not going to go away anytime soon. "We told him that if he stopped distributing PGP, we wouldn't sue, and he signed an agreement," Bidzos recalls. "He was very quick to sign it. But he's been violating the agreement ever since he signed it." Zimmermann replies that at one time he did entertain the idea of making some money off PGP. But he insists he gave that up before the software package was published. "I decided to give PGP away in the interests of changing society, which it is now doing," he says. "The whole reason I got involved was politics. I did not miss mortgage payments in the hopes of getting rich. Just look at my bookshelf. I'm a politically committed person with a history of political activism." Zimmermann adds he's uncertain whether he's violated any of RSA's patents, but he contends that if he did, the law doesn't make much sense to him. "I respect copyrights," he says. "But what we're talking about there is a patent on a math formula. It's like Isaac Newton patenting Force = Mass x Acceleration. You'd have to pay royalty every time you threw a baseball." He also acknowledges that he signed a nondistribution agreement with RSA Data Security for Pretty Good Privacy. But he insists that the has abided by it-- although admittedly only in the strictest legal sense. For example, while Zimmermann says he doesn't update or distribute PGP himself, he concedes that he freely gives direction to a worldwide "cadre of volunteers," who then implement the advice. The legal problems stemming from Zimmermann's invention don't end with James Bidzos and RSA. In February two agents from the U.S. Customs Service flew to Boulder to meet with Zimmermann and his lawyer, Phil Dubois, According to Dubois, the two agents said they were investigating how PGP had found its way overseas, a violation of U.S. law forbidding the export of encryption systems. Contacted at their San Jose office, the agents declined to comment on the investigation. Yet there is little doubt as to the agency's intent. On September 14, Leonard Mikus, the president of ViaCrypt, and Arizona company that recently signed a deal with Zimmermann to distribute a PGP- like encryption package, received a grand jury subpoena asking him to turn over the U.S. Attorney's office any documents related to PGP and Phil Zimmermann. Two days later the Austin, Texas, publisher of "Moby Crypto," a software encryption collection that includes PGP on it, received a similar subpoena. The subpoena demanded that the company, Austin Codeworks, turn overall documents related to the international distribution of "Moby Crypto," as well as "any other commercial product related to PGP." The San Jose-based assistant U.S. attorney who signed the subpoenas, William Keane, acknowledges only that since subpoenas have been issued, a federal grand jury investigation is in process. Beyond that, he says, "I can't comment on the investigation." Zimmermann acknowledges that with thousands of people copying and distributing PGP, it was inevitable the program would make its way to Europe and Asia. But he adds that he had nothing to do with exporting Pretty Good Privacy-- and says he couldn't have prevented it if he tried. "When thousands and thousands of people have access to it, how could it not be exported?" he asks. Adds Dubois: "The law just can't keep up with the technology. Somebody in Palo Alto learns something, and pretty soon somebody in Moscow is going to know about the same thing. There's nothing you can do about it." === No that the U.S. government hasn't made a very serious effort to do something about the spread of unofficial encryption systems. Indeed, until very recently, governments have enjoyed what amounted to an exclusive franchise for the science of codes and codebreaking. Advances have been made in fits and starts, with much activity occurring during times of national tension and war. In that past forty years, Washington's attraction to encryption has been kept humming by the spy- fest of the Cold War. Because the government has always controlled the medium of codes, it has controlled the message as well. In _The_ _Codebreakers_, a 1967 book widely considered the definitive history of cryptology, David Kahn wrote that the U.S. government hasn't been shy about exercising censorship and grand-scale privacy invasions in the name of breaking enemy codes, perceived or real. Fearful of encoded messages slipping to and from traitors, for instance, the U.S. government by the end of World War II had constructed a censorship office that employed nearly 15,000 people and occupied 90 building throughout the country. These censors open a million pieces of versus mail a day, listened in on telephone conversations and cast a suspicious eye on movies and magazine articles that flooded across their desks. The code watchdogs were not content simply with intercepting and examining communications, though. Officials also found reason to ban some communications even before they could be written. Incomplete crossword puzzles were pulled from letters in case their answers contained some secret code. Chess games by mail were stopped for fear they concealed directions to spies. Knitting instructions, who numbers might hide some security-threatening message, were intercepted. The government's interest in controlling secret codes did not evaporate with the end of World War II, or even with the thawing of the Cold War. RSA Data Security's Bidzos says the inventors of the RSA algorithms were approached by the NSA in the mid-1970s and discouraged from publishing their discovery. And Washington still classifies encoding systems as munitions, right alongside tanks and missiles. As a result, the export of any encryption system is against the law, considered a breach of the national security. As technology has surged forward, lawmakers have tried to maintain a grip on encryption through legislation. In 1991 a version of the U.S. Senate's Omnibus Crime Bill contained a provision that would have effectively mandated that any private encoding system contain a "back door" that law enforcement agencies could enter if they suspected any misdeeds by the sender or receiver of a message. The clause was pulled after an uproar from computer users, data security companies and civil liberty organizations. Despite the failure of the 1991 bill (as well as a 1992 FBI-sponsored version that would have outlawed the use of tap-proof cryptology over digital phone systems), the government has not given up on its attempt to control encryption. Rather, it has simply shifted strategy. Six months ago the Clinton administration announced plans to flood the market with the government's own public-key electronic voice-encoding system, called, alternative, "Clipper" or "Skipjack". The catch: An as- yet unnamed federal agency or agencies would hold the private keys in case any legally appropriate eavesdropping was necessary. The administration has stopped short of saying it will outlaw private encoding devices and mandate the use of the new Clipper system. "The standard would be voluntary," assures Jan Kosko, a spokeswoman for the National Institute of Standards and Technology in Maryland, which teamed up with the NSA to develop the system. That said, officials acknowledge that the federal government will smile on those companies that choose Clipper over other, private encryption systems. If, for example, a private company is seeking to do business with a federal government agency requiring encoding, that company would be well advised to use Clipper if it wants to win contracts. "A manufacture not using it," Kosko points out, "could not compete very well" for federal contracts. On the same day the administration revealed its intention to implement Clipper, AT&T announced it would use the system in its new secure- telephone product line, thereby becoming the first company to agree to spread the government's encryption throughout the country. And, while AT&T will continue to sell other, non-government-approved encoding devices for its phones, the new Clipper model will sell for less than half the price of AT&T's in-house encryption model, according to David Arneke, a spokesman for the company's Secure Communications System division in North Carolina. He says the first models-- which with a price tag of $1,200 will appeal mostly to law enforcement agencies and businesses hoping to keep their industrial secrets secret-- should hit the shelves by the end of the year. ------------------------------ Date: Mon, 4 Oct 93 11:09:29 PDT From: tcmay@netcom.com (Timothy C. May) Subject: BLACKNET: The truth is thought provoking Andy Lowton writes: > I have to admit that your contribution, together with that of the other guy > who said he had seen his dossier, had me convinced. It has taught me to > study Tim's postings with a bit more care in future. No comment. > You (and other people resident in GB) may be interested to know that there is a > programme on Channel 4 (Dispatches, 9.00pm), either tomorrow or Wednesday > about the US's listening post in Yorkshire. The trailer makes it sound like > they have awesome abilities for the interception of communications but whether > this is based on facts or conjecture I don't know. Read James Bamford's "The Puzzle Palace," the definitive study of the U.S. National Security Agency. It also covers the British GCHQ and the "UK-USA" agreement which provided that the various national laws about spying on one's countrymen could best be solved by this means: the USA would handle the spying on Brits, the UK would handle the spying on Americans! Read Bamford for more details. Suffice it to say the many large antennas scattered throughout Europe are not there just to listen to the Soviets (former). The NSA has receive stations near satellite downlink footprints, which many transatlantice phone calls are routed through (some go through undersea cables...possibly more as fiber optic cables are laid). Whether all phone calls (and e-mail?) are monitored or not is unclear, but the power of the technology is growing faster than the volume of calls and messages. Use encryption! Push for free market encrypted phones! -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. ------------------------------ Date: Mon, 4 Oct 93 11:30:04 PDT From: tcmay@netcom.com (Timothy C. May) Subject: BLACKNET: The truth is thought provoking Derek Zahn writes: (on the topic of digital cash) > Perhaps we can have a Conversation on this topic. I base my initial > concerns (mostly unrelated to the above political/legal influences on > FutureSpace) on two things: You mean like the virtual seminar we had on algorithmic information theory a while back? That was indeed a lot of fun, and useful, but I suspect the discussion of digital cash belongs more on the more cryptographically-sophisticated Cypherpunks list. While Derek has learned a lot recently about public-key crypto, I'm sure many readers of Extropians have only vague ideas how all this stuff works. At least over on Cypherunks there are many people who've studied the protocols. Also, the implications of crypto-anarchy have been debated for the last year over there, including discussion of extortion, murder markets, selling of national secrets, etc. The original call for "BlackNet"--not the "Investigations" piece I posted recently--was posted on Cypherpunks a while back. I'm all for Extropians getting real interested in this subject (you may recall I posted several long articles about a year ago on these subjects), but I fear a big debate here on digital cash and crypto-anarchy will largely duplicate arguments already heard on Cypherpunks. Just my opinion, though. Go ahead and debate anything that interests you. On another matter: > * A technical issue that interests me is _transferability_ of digital > coins without any involvement or eventual knowledge of the banks. I > can receive cash and spend it again without any bank anywhere knowing > about it. If I understand Chaum's digicash protocol (and I hope I > don't), it is necessary for the bank to be informed of a payment if > the recipient wants to make sure that I don't spend a "copy" of the > money quickly elsewhere. Although the coin can't be traced back to > me, the necessity for the bank's involvement in the transfer makes > the system less private than regular cash. Derek is searching for the unforgeable, spendable-only-once "digital coin." It is unlikely that a simple number--a software-based coin--can ever be unforgeable (uncopyable), for much the same reasons copy protection based only on software cannot work. Chaum has an interesting paper in the Proceedings of the EuroCrypt '92 Conference, just available recently. He and his coauthors explore offline digital cash. The lack of unforgeable cash is not as serious as it might seem. Most of our transactions do in fact involve "clearinghouses": clearing of checks, escrow accounts, etc. Reputations matter. Even (especially, actually) in criminal transactions. Escrow services, anonymous to both sides of a transaction, and whose business is trustworthy escrow, solve a lot of problems. The reputation area is poorly addressed by crypto researchers, who mainly are oblivious to such issues. As always, folks should spend a couple of hours reading Vinge's "True Names" when getting interested in crypto-anarchy. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. ------------------------------ Date: Mon, 4 Oct 93 14:57:17 -0400 From: Jeff Fabijanic Subject: EXTROPY/Extropy Institute information Elias says: >Ack! Not this one again! >Actually, the two words are nearly interchangable and refer to group >activities or individual activities in different circumstances. When >you want to differentiate between rules of conduct defined by a group >and a "personal code," it's best to just lay that out explicitly up >front, since some people hear "moral" as a function of the group >and "ethics" as a personal code, and some people use them for the >opposite functions. I agree with you that the two words are used almost interchangably by many people. My post was just a response to Harry H.'s opinion that "ethics" was a more appropriate word. I was pointing out that, by the most technically correct definition, the original language - >Do you want to continuously improve yourself - physically, >intellectually, morally? - is correct and clear. No linguistic brouhaha intended or implied. tschau, Jeff ------------------------------ Date: Mon, 4 Oct 93 13:04:18 PDT From: lloyd bruce Subject: SSubscription Information To: Whom It May Concern From: lbruce@holonet.net I read an article about your organization in the May/June 1993 issue of Wired magazine. Your group sounds very interesting. Please send information on obtaining a subscription to "Extropy". Thank you and I look forward to your reply. ------------------------------ Date: Mon, 4 Oct 1993 15:07:44 -0500 (CDT) From: derek@cs.wisc.edu (Derek Zahn) Subject: BLACKNET: The truth is thought provoking Tim May responds to my Digicash probings: > > Perhaps we can have a Conversation on this topic. > > You mean like the virtual seminar we had on algorithmic information > theory a while back? Well, perhaps, if anybody wishes to put in that level of effort. A Conversation could also be less involved. > suspect the discussion of digital cash belongs more on the more > cryptographically-sophisticated Cypherpunks list. Perhaps. I considered slapping a batch of context onto my post and changing it to cypherpunks, but my lack of crypto expertise resulted in an embarrassing display on my last foray into that forum. Though I tried to make amends by adding some research and summary writing to the resulting thread, I'm loath to play the "clueless newbie" role too often in a particular virtual space. S/N and all that. Besides, I find the generally collegial tone of Extropians more conducive to Conversation than cypherpunks, which is often rather strident. Even much flamage here (see the Price/Donald warfare) is done with wit and good humor. > Reputations matter. Even (especially, actually) in criminal > transactions. Escrow services, anonymous to both sides of a > transaction, and whose business is trustworthy escrow, solve a lot of > problems. Oh, definitely! If it turns out that there simply is no clever protocol that supports the Platonic "digital coin", reputation-based BlackNets will certainly form; however, it seems likely that governments will do whatever they can to suppress them, and most people will use some semi-private "sanctioned" digicash scheme which will doubtless have rather smaller transaction costs. I agree with the argument that BlackNet can't be stopped without some kind of massive repression of cryptography, but the necessity to keep the escrow businesses immune to government access and the chancy nature of conversion betwenn BlackNet funds and other currencies seem to me to imply that the practical chances of BlackNet growing into a serious part of the mainstream are rather small. derek ------------------------------ Date: Mon, 4 Oct 93 13:10:53 PDT From: GRAPS@galileo.arc.nasa.gov Subject: Events in Russia Tim M. says: >Perhaps I am wrong, but it seems the Yeltsin/military/Gaidar/KGB axis >is more on the side of liberty/markets/etc. than is the >Rutskoi/Hazbelotov (sp?)/reactionary/revanchist axis. >Should the old-line Communists somehow get control, I would expect >massive repression of market reforms, talk of "Greater Russia," and >very serious concerns about the tens of thousands of nuclear weapons >distributed around Russia and neighboring countries. Yeltsin is certainly more on the side of liberty/markets than the hard-line communists, but I think it would be a mistake to say that he was all for free markets, liberty etc. I've been reading a weekly newspaper from the Baltics for the past couple of years and Yeltsin has backtracked considerably on his promises to pull his troops out of there, to engage in free trade with them etc. He's been dragging his feet on that from Day One. Lithuania just got rid of the last of the Russian troops last month. But there are still *thousands* left in Latvia and Estonia. Yeltsin has gone so far as to threaten to leave the Russian troops in Estonia until the problems of citizenship for the Russians living there has been solved and until the Estonians pay for expenses for locating the troops elsewhere. However, *at least* he's still talking with the Baltic people and, to a certain extent, wanting to work things out. I'm convinced that if those hard-liners in Moscow got their way, the Baltics would be taken back the next day. My dad (who's Latvian) had an interesting comment when he was watching CNN yesterday.. When the announcer stated that 11 Russians were killed doing something or other, Dad said "well that's 11 less that we'll have to kill" (No offense Sasha!) My dad's experiences includes dodging bullets to go out to the barn to feed the cat and has seen friends buried in mass graves, and knows that his family was next on the KGB "to disappear" list, and so is understandably bitter about the communists. Amara Graps graps@gal.arc.nasa.gov ------------------------------ Date: Mon, 04 Oct 93 21:25:33 GMT From: sjw@liberty.demon.co.uk (Stephen J. Whitrow) Subject: BLACKNET: The Truth is thought provoking Here's some details on the enessaye's UK listening posts in Yorkshire and Cornwall (this news article was posted to Cypherpunks in March). After the enessaye tapped and recorded the Royal Family, I suppose it was continually rebroadcast on a number of powerful transmitters, so that some radio ham / former bank manager using a scanner / someone else would be bound to inadvertently 'just happen to come across it'. ---------------------------article follows------------------------------------ The following appeared in the NZ Herald on March 4th - I thought it might be of interest to sci.crypt and alt.privacy readers. It backs up claims made in places like "The Puzzle Palace": " A former MI6 officer told the Daily Express that US agents tapped royal calls on behalf of the GCHQ spy centre. Mr James Rusbridger told the paper two top-secret listening stations - operated by the NSA - illegally tap large numbers of private conversations from their bases in Cornwall and Yorkshire. 'By getting the Americans to do it, the British Government is able to say truthfully, though misleadingly, that GCHQ does not tap domestic telephone calls', Mr Rusbridger said. 'The reason the Government is resisting an official investigation into the tapping of royal conversations is that it would be forced to admit publicly that these American owned and controlled listening stations exist on UK soil'. Incidentally, NZ has it's own NSA-controlled listening stations, the largest being at Tangimoana on the South Island. Peter. -- pgut1@cs.aukuni.ac.nz||p_gutmann@cs.aukuni.ac.nz||gutmann_p@kosmos.wcc.govt.nz peterg@kcbbs.gen.nz||peter@nacjack.gen.nz||peter@phlarnschlorpht.nacjack.gen.nz (In order of preference - one of 'em's bound to work) -- C++ will do for C what Algol 68 did for Algol -- ---------------------------end of article-------------------------------------- Steve Whitrow sjw@liberty.demon.co.uk ------------------------------ Date: Mon, 4 Oct 93 13:53:09 PDT From: szabo@netcom.com (Nick Szabo) Subject: Community construction & the Crypto Shops of Isher I agree with Tim May that the crypto expertise, how digital cash protocols work, etc. can be found on the cypherpunks list. I would add that the basic explanations of these concepts (usually missing from the expert discussion) are starting to appear on the cypherpunks gopher site (chaos.bsu.edu) and ftp site (soda.berkely.edu). If there is demand I will also put them on NCAT. What is mostly missing on cypherpunks, and would be quite valuable to discuss on Extropians, is how crypto-anarchy fits in with the broader-based trends towards Internet commercialization, the "pioneering of cyberspace", how business structure effects political structure & vice versa, etc. There is practically no business expertise on cypherpunks, and the legal expertise is focused on the crypto crackdown wars (Clipper, PGP subpoenas, NSA FOIAs, etc.), not on the practicum of setting up secure and private Internet commerce, the legal issues surrounding private banking, online casinos, Internet billing services, etc. There isn't much business expertise over here on Extropians either, reflecting its general lack on the Internet, but there is economic expertise sympathetic to business, frequent discussion of how new businesses fit into the future economy and how they might fare, legal issues related to business, etc. I note that experimental (and primitive, admittedly) reputation market and on-line PPL have started up on this list, not on the cypherpunks list. I expect that trend continue; the Extropians list could become the hub of a new online community radically different from the traditional Usenet/Internet structures set up by the U.S. government research community, the heirarchical fascist MUDs with their "wizards", etc. The government researchers had very different needs, and most early Internet users (government, university) very different visions of how civilization should be structured, then we have here. Now we have our own on-line community and can set things up in liberty-freindly way. The cypherpunks list can serve an important adjunct role as a "digital gun & locksmith's shop". Tim mentions Vinge's "True Names" as inspiring his vision of crypto-anarchy, and I strongly second that recommendation. I've recently encountered another rich anarchic vision in A.E. van Vogt's old _Weapon Shops of Isher_ (c. 1940). Fanciful physics allow a chain of weapons shops that can teleport into a community anywhere in the galaxy and sell their wares. Eventually the government figures it out and the shop teleports to a new community. One day you have a peacefully subdued business district in some galactic backwater, the next day appears a Weapon Shop selling its marvelous wares, and the next day after that it's gone, but has left behind the seeds of freedom. In this way those seeds are spread around the Isher empire. In a similar way, but using the actually existing international Internet, PGP has made its way around the planet. I foresee "Crypto Shops of Isher"[tm] spreading their subversive "munitions" around the New World Order, with vendors appearing and disappearing in various virtual forms in unexpected places, staying a step ahead of their pursuers. Right now the cypherpunks list, gopher & ftp sites, PGP, etc. serve this need. Nick Szabo szabo@netcom.com ------------------------------ End of Extropians Digest V93 #277 *********************************