True Names and the Opening of the Cyberspace Frontier (5 page)

Another approach to remailers is the one followed by Julf Helsingius, of Finland, who operated an anonymizing service that kept a database of mappings between pseudonyms and actual e-mail addresses. This system was easy to use, and allowed easy replies to senders. However, the database was a ripe target for civil lawsuit investigators (and criminal investigators), and Julf pulled the plug on his system in 1996. Cypherpunks remailers, by being distributed, in many jurisdictions, and robust against such requests, offer a more solid and scalable basis for anonymous remailer networks.

“Digital postage” is needed both to incentivize remailers to operate for-profit sites (and thus expand the number and robustness of these sites) and to provide a more solid economic basis for e-mail in general. E-mail currently costs most users nothing to send; this has led to widespread “spamming” of the Net. (Consistent with the themes of this article, what is needed is not global regulation but a market-based pricing mechanism for e-mail.) Some work on digital postage has been done, but true progress awaits wider deployment of digital cash systems.

This use of remailers is just one concrete example of the use of cryptography to alter institutions and interactions.

True Nyms

The controversy over naming and under what circumstances true names can be demanded is likely to rage for decades.

Why do we so often accept the notion that governments issue us our names and our identities, and that governments must ensure that names are true names? Governments like to be involved in identity issues because it gives them additional control. And it helps them to track the flow of money. For example, centuries ago, the rulers of various European countries forced the Jews to drop their traditional patronymic practices (“Jacob son of Israel”) so as to allow taxes to be more efficiently collected, to monitor movements, and so forth. These rulers even sold the “best” family names to those who paid the most, leaving others with less desirable, or even insulting, names. The same practice was repeated in the U.S. with the naming of ex-slaves and the renaming of immigrants. As Nietzsche pointed out, “The master's right of naming goes so far that it is accurate to say that language itself is the expression of the power of the masters.” Governments today even give themselves the rights to create/forge completely false identities, with false credit histories, false educational backgrounds, etc. Under the guise of “protecting witnesses,” the Federal Witness Security Program, popularly called Witness Protection, has created upward of fifty thousand fabricated identities. The major credit reporting agencies are, of course, not fooled, as these “ghosts” pop into existence in their databases, and these agencies are most likely colluding in the support of these false identities. Imagine lending money to someone on the strength of an excellent credit report, only to find that you lent money to a convicted scam artist who sold out his partners so he could receive a fake ID. Who would you sue? (One of the things anonymous information services, to be covered later, will be good for is soliciting the truth behind such government lies, e.g., by offering money for a CD-ROM containing the true names and locations of those in the WitSec program. Anyone with access to this database is a potential seller, and can accept payment untraceably. It's going to be an interesting world.) There are strong pressures building for issuance of national identity cards, perhaps using smart cards, especially for control of immigration, travel, “deadbeat dads,” and terrorism. In a free society, those who wish to deal only with actual, provable true names would, of course, be free to refuse interactions with nyms, true names being just another credential, sometimes offered, sometimes not.

Digital pseudonyms, the creation of persistent network personas that cannot be forged by others and yet are unlinkable to the “true names” of their owners, are finding major uses in ensuring free speech, in allowing controversial opinions to be aired, and in providing for economic transactions that cannot be blocked by local governments. The technology being deployed by the Cypherpunks and others means their identities, nationalities, and even which continents they are on are untraceable—unless their owners choose to reveal this information. This alters the conventional “relationship topology” of the world, allowing diverse interactions without external governmental regulation, taxation, or interference.

Public-Key Cryptography

Cryptography is about more than the stereotypical sending of secret messages. The combination of strong, unbreakable public-key cryptography and virtual network communities in cyberspace will produce profound changes in the nature of economic and social systems. Crypto anarchy is the cyberspatial realization of anarcho-capitalism, transcending national boundaries and freeing individuals to consensually make the economic arrangements they wish to make. The fundamental notion of modern public-key cryptography is that the key for locking, for example, a box, is different from the key for unlocking the box. The owner of a box can then publicize the form of the key needed to lock “his” box, and keep the unlocking key a secret. Anyone can then lock a message in Bob's box with his “public-key,” but no one except Bob can ever unlock that box, not even with all the computer power in the world. From this basic point flow all sorts of variations and extensions. An alternative metaphor is that of the
envelope:
anyone can place something inside one of Bob's envelopes and seal it, but only Bob can open his envelopes. (In the chains of remailers we just discussed, envelopes-within-envelopes are used, for as many stages as are desired.)

Cryptography revolves around
local control
of some secret. For example, a user has a private key which only he knows. Others can send him messages, using his
public
key, but only he can decode or decrypt them. So long as this key is kept secret, the encrypted communication cannot be read by others. The security depends on the length of the keys, the number of bits in the keys. A “weak” key of forty or fifty bits, for example, can be cracked with a personal computer. Stronger keys of sixty-four or eighty bits are preferable, though they're still not truly secure. And it is no more difficult to use ciphers with an effective strength of several hundred bits; such ciphers should withstand brute-force attacks for centuries, perhaps millennia or longer. Public-key cryptography has the important property that it is much easier to encrypt with very large keys than it is to break a message (decrypt by brute force, without the secret key). The difference in effort widens exponentially with increasing key size. Advances in computer power are more than offset by the ability to use longer keys. Likewise, “massively parallel computers,” often cited by the ignorant as a possible way to break these ciphers, offer only marginal, linear speedups on brute-force cracking … utterly inconsequential compared with the efforts needed to factor large numbers. Faster computers are a big win for strong cryptography.

The important distinction between modern cryptography and conventional, or classical, cryptography is that the keys are asymmetric in modern cryptography, whereas in classical cryptography the parties to a cipher had somehow to exchange the same key. Exchanging keys with hundreds or even thousands of correspondents is much harder than simply looking up a key in a public-key directory, or asking for it to be sent in e-mail. More important for our purposes here, only the public-key approach allows the uses described here. For example, digital signatures rely on keeping the secret key a secret. If conventional ciphers were used, then anyone sharing one's private key could forge signatures, withdraw money, and generally wreak havoc. (Digital signatures exploit this asymmetry property of keys by allowing anyone to easily authenticate a signature without having access to the key that would allow forgery of a signature.)

Appropriately for this book, encryption is like an unbreakable “force field” around an encrypted item, much like the “bobbles” described in Vinge's
The Peace War.
The amount of energy required to run the computers—not to mention the number of such computers and the time involved!—can be shown to be greater than all of the energy all of the stars in the universe will ever produce. This for a sufficiently large key, one with an RSA modulus of a few thousand digits. (This has not yet been mathematically proved, in that factoring large numbers has not been proved to be “hard.” It is remotely possible that some fast factoring breakthrough will be discovered, but this is considered by nearly all mathematicians to be extremely unlikely. The speculation that the NSA knows how to quickly factor large numbers, and thus break RSA, seems equally unlikely.)

The Encryption Controversy

Governments are clearly afraid of strong cryptography in the hands of the citizenry. Governments around the world have attempted to deal with the implications of this threat by limiting the size of keys that citizens may use, by limiting the types of algorithms that may be used, by demanding that citizen-units “escrow” (deposit) their keys with the government or with registered government agents, and by banning strong cryptography altogether. This is a battle over whether one's thoughts and messages may be placed inside sealed envelopes or must be written on “postcards,” for the government to read, as Phil Zimmermann points out. One U.S. government proposal, repeated in several variants, is that messages may be sealed in envelopes, but only if the government has a special key to open them. This is like allowing citizens to have curtains on windows, but only if the local police can trigger a special transparency mode. And the issues are quite comparable. Encryption, as we will see, makes certain kinds of crimes and revolutionary activities much more feasible, but so do locked doors, curtains, and whispered conversations. And yet we would not consider outlawing locked doors, curtains, and whispered conversations. As Zimmermann notes, “I should be able to whisper in your ear, even if you're a thousand miles away,” referring of course to e-mail or to voice-scrambling technology (public-key cryptography is fast enough, when combined cleverly with conventional ciphers, to allow real-time audio and video streams to be encrypted). There are profound constitutional issues involved, in the U.S. at least. The various rights enumerated in the Bill of Rights would seem to make it impossible for the U.S. government to specify the forms of speech, to insist that locks have keys escrowed with the police, and so forth. Many observers expect cryptography restrictions to face strong challenge on constitutional grounds, and, in fact, a few cases are in the court system, challenging various provisions of U.S. cryptography policy (especially the export provisions of the Munitions Act and related restrictions).

This debate is still going on, and it's too soon to tell if the “Great Crypto Crackdown” will succeed. Certainly there are many reasons to expect that it's far too late to suppress such technologies, that millions of users will not lightly go to “postcards” for their communications, and that concerns about government corruption, secret FBI dossiers, and economic espionage will undermine Big Brother's efforts to control the communications of “citizen-units.”

Digital Money and Electronic Commerce

This is one of the most exciting frontiers, and one of the most publicized. But it is also one of the hardest to implement correctly. Money intrinsically involves stores of value, transfers of value, institutions, and various interlocking webs of regulations, so implementing digital money correctly has not come easily. In fact, the history of digital money lies mostly in the future. The early years of the new century should see many of the current problems resolved.

Digital cash, untraceable and anonymous (like real cash), is coming, though various technical and practical hurdles remain. What have been dubbed “Swiss banks in cyberspace” will make economic transactions much more liquid and much less subject to local rules and regulations. Tax avoidance is likely to be a major attraction for many. One example to consider is the work under way to develop anonymous, untraceable systems for “cyberspace casinos.” While not as attractive to many as elegant casinos, the popularity of “numbers games” and bookies in general suggests an opportunity to pursue; this is but one of many new opportunities digital money will offer.

By digital money I do not mean the various kinds of electronic funds transfers, automated teller machine transactions, wire transfers, etc. that already exist in so many forms. Nor do I mean the various “smart card” systems that some claim to be “digital money,” even “untraceable digital cash” (in some notorious examples involving flawed protocols). Rather, our focus is on instruments that are actually
untraceable
in a strong sense. Again, Chaum was the pioneer in this area, and his company DigiCash is the exemplar of digital money at this time, with several large banks cooperating in joint ventures to issue DigiCash. Digital money probably will not be “digital currency,” in the sense that dollars, yen, and marks are currency. Rather, it will be more like the various financial instruments, denominated in various currencies, such as checks, bearer bonds, letters of credit, promissory notes, chop marks, and even IOUs.

Alice and Bob can exchange digital cash in this way: Alice goes to a bank, submits to the bank a kind of number, and receives a modified form of this number from the bank. It's as if the bank has stamped her number with a “Good for 100 Digimarks” stamp. Ordinarily this number would of course be traceable, but Alice can perform a special operation on this number (“unblinding” it) which makes it unlinkable to her original purchase of the number. She can then send this number to Bob, perhaps even through an anonymous remailer, and Bob can then present this number to the bank for redemption. The bank can recognize the number as one that it issued, through some manipulations, but cannot link it with Alice. Full-blown digital cash is both payer- and payee-unlinkable. Some of the current proposals being floated limit the untraceability to only partial untraceability, presumably to satisfy the concerns of government and law-enforcement critics of full untraceability. Cypherpunks Ian Goldberg, Doug Barnes, and others have developed methods to make even this partially traceable form fully untraceable.