True Names and the Opening of the Cyberspace Frontier (9 page)

The printing press was a technology that destroyed the medieval guilds, as the once-protected knowledge of the guilds could be distributed to a wider audience. Eventually the kings and queens stopped throwing people into prison for the crime of making leather without a royal license, and the guilds collapsed, no doubt bemoaning the “anarchy” that had been unleashed upon the world.

To put it bluntly, crypto anarchy basically undermines democracy: it removes behaviors and transactions from the purview of the mob. And once crypto is deeply entwined into the fabric of life and commerce, it will be too late to pull the plug.

The Social Consequences of Crypto Anarchy

Can “bad things” happen with strong cryptography? Of course. I've cited several examples of things that are in some sense dangerous or bad to at least some people. But of course all technologies have both light and dark aspects.… The forty thousand Americans killed every year in traffic accidents, for example, are certainly a dark aspect of an otherwise helpful technology.

Not all aspects of untraceability are positive. People often want accountability, they want a “true name” attached to their interactions, a name and address they can go after if a transaction is unsatisfactory. They don't want to send money to a “nym” who may vanish. Fortunately, there are lots of ways of dealing with such issues. Reputations can be associated with nyms, as with writers who have used pseudonyms successfully. Digital signatures strengthen the process, making forgeries all but impossible. And expect to see “reputation rating” services and even “bonding” services, analogous to title companies, escrow services, and
Good Housekeeping
sorts of seals of approval (with digital signatures, of course).

What will happen to tax policies? How will ordinary taxpayers react to reports that digital-money transactions are escaping taxation, that some elite of crypto-savvy entrepreneurs are evading and avoiding taxes by moving transactions to places the government cannot monitor? There may be a backlash against such uses, but there may also be an increase in the numbers of folks using such methods. (This repeats a pattern seen with offshore investments: where once such approaches were exclusively the domain of the super-rich, now even moderately wealthy individuals can use offshore investments as part of estate planning, avoidance of “deep pockets” lawsuit claims, and even for tax avoidance.)

Of great concern are the effects of anonymity and untraceability on certain types of crimes. Abhorrent markets may arise. For example, anonymous systems and untraceable digital cash have some obvious implications for the arranging of contract killings, extortion, and kidnapping. The greatest risk in arranging for such services is that physical meetings expose the buyers and/or sellers of such services to the scrutiny of law enforcement and to the setup of sting operations. Asking around at a bar if anyone knows who can do some “discreet work” is an invitation for the FBI to get involved (and I'm certainly not arguing against such FBI or law-enforcement involvement). Crypto anarchy lessens, or even eliminates, this risk, by allowing for untraceable communication to be set up. And untraceable payment. Think back to the BlackNet example, where two-way anonymous contact occurs. The risks to the actual killers are not lessened, as their physical act is not untraceable, but this is a risk the buyers need not worry about (and I surmise that the greater risks lie in the set up and payment steps). Think of anonymous escrow services that hold the digital money until the deed is done.

The implications for corporate and national espionage have already been touched upon. Combined with data havens and liquid markets in information, secrets may become much harder to keep. Imagine a
Digital Jane's,
after the military weapons handbooks, anonymously compiled and sold for digital money, beyond the reach of various governments that don't want their secrets revealed. Similarly, whether one views it as espionage or as journalistic whistleblowing, the publication of various secrets will be much easier. Anyone in an organization with an ax to grind only has to connect to a service like BlackNet.

On the issue of terrorists, child molesters, and other Horsemen using PGP, PGPhone, and other crypto tools, how else could it be? After all, the use of PGP is being promoted widely for the protection of privacy. The child molesters, Mafiosos, money launderers, Palestinian sympathizers, nuclear material smugglers, and other assorted miscreants (or heroes, depending on one's outlook) are surely thinking about securing their communications. And certain types of terrorism are becoming more possible every day, already, as communications technologies make far-flung organizations possible.

So what? After all, criminals and conspirators also have locks on their doors, use curtains on their windows, keep their voices down when speaking among themselves in public, rent hotel rooms to plot crimes, and generally use various methods to better insure privacy and secrecy. And yet the Constitution is pretty clear that we don't insist windows be uncurtained, conversations be recorded, and locks have keys “escrowed.” We cannot know, in advance of an arrest and a trial, who are the criminals and who are the law-abiding citizens, which is why talk of abandoning privacy protections to “catch criminals” is so fatuous.

Nevertheless, the inevitable use of strong crypto by some criminals, perhaps even involving some particularly heinous crimes, will surely be used as an argument to restrict crypto. As some wag put it, “National security is the root passphrase to the Constitution.”

Crypto anarchy has some messy aspects, of this there can be little doubt. All technological and economic revolutions have produced dislocations and rearrangements. Crypto anarchy is no different. From relatively unimportant things like price-fixing and insider trading; to more serious things like economic espionage, the undermining of corporate knowledge ownership; to extremely dark things like anonymous markets for killings. But let's not forget that nation-states have killed more than one hundred million people in this century alone: Mao, Stalin, Hitler, and Pol Pot, just to name the most extreme examples. It is hard to imagine any level of digital contract killings ever coming close to nation-state barbarism. (But this is something we cannot accurately speak about; I don't think we have much of a choice in embracing crypto anarchy or not, so I choose to focus on the bright side.)

It is hard to argue that the risks of anonymous markets and tax evasion are justification for worldwide suppression of communications and encryption tools. People have always killed each other, and governments have not stopped this (arguably, they make the problem much worse, as the wars of this century have shown). Also, there are various steps that can be taken to lessen the risks of crypto anarchy impinging on personal safety. The importance of blood relations will likely become more important, as has long been the case in Asian and Middle Eastern economies. The hiring of private protection agencies will also help.

Big Brother Inside?

Governments are afraid of strong, unbreakable crypto in the hands of their subjects. Governments see their powers eroded by these technologies, and are taking various steps to try to limit the use of strong crypto. The U.S. has several well-publicized efforts, including the Clipper chip, the Digital Telephony wiretap law, and proposals for “voluntary” escrow of cryptographic keys. Carl Ellison has dubbed these schemes “GAK,” for “Government Access to Keys.” These voluntary programs are not likely to remain so.

Cypherpunks and others expect these efforts to ultimately be bypassed. Technology has let the genie out of the bottle. Crypto anarchy is liberating individuals from coercion by their physical neighbors—who cannot know who they are on the Net or what they are doing—and from governments. For libertarians, strong crypto provides the means by which government will be avoided.

Digital cash and digital banks are likely targets for legislative moves to limit the deployment of crypto anarchy and digital economies. Whether through banking regulation or tax laws, it is not likely that digital money will be deployed easily. But as noted in the discussion on extortion, many of the more interesting results of crypto anarchy can occur if even
some
issuers of untraceable digital money exist, anywhere.

The proposals to restrict access to strong cryptography bear a definite resemblance to the “War on Drugs.” As Whit Diffie, one of the inventors of public-key cryptography, has noted, the War on Drugs effectively pressed corporations into service as drug warriors. Under threat of forfeiture of corporate assets (trucks, boats, warehouses) if drugs were found in them, and loss of government business, corporations adopted random searches of employee lockers, and urine sampling, and placed “Just Say No” posters in cafeterias and work areas. Hence the reliance in the “War on Crypto” on systems to force corporations to adopt “key recovery” systems. (After all, corporations might be colluding, or price-fixing, or conspiring to violate the various laws they are subject to … hence the government wants access to such secret communications.) Such pressure on corporations will have effects on ordinary citizen-units. There are now requirements in some jurisdictions that all candidates for public office be tested for drug use; if such policies are upheld by the Supreme Court, expect drug tests in other state-licensed matters, such as driver's licenses and work permits. Clearly the state has gone far beyond any conception the framers of the Constitution may have had.

The unhealthily close relationship between large corporations and governments often causes various deals and quid pro quos to be made. Various corporations seek to be the vendor of choice for government-approved, key-escrowed cryptography. Various “initiatives” and “alliances” are the avenue for this deal-making. Economists call this “rent-seeking.” The medieval guilds were an example of the same phenomenon.

Government spokesvermin often talk about “legitimate needs for key recovery,” as when a person wants a spare key stored with his lawyer, or in a safe deposit box, or when companies want critical information encrypted in such a way that the material is not lost forever if the encryptor loses his key, forgets his passphrase, dies, leaves the company, etc. The government claims this as support for its “key recovery” initiatives, its programs to force users to allow access to keys. But this argument is misleading and has major flaws.

First, if there is a compelling need, the private enterprise system will surely meet it—the “help” of the government is not needed, nor are the proposed restrictions imposed on by business. Second, there is a huge difference between the storage of files and their transmission. When Alice uses encryption to store her files she uses a different key than what she uses for transmitting files to Bob (probably Bob's public key, in fact). There is thus no pressing business need for recovery of
transmission
keys. Both parties have the material in their local storage, presumably. And yet the government's key recovery proposals specifically focus on encryption methods for
message transmission.
Guess who the main party interested in reading intercepted transmissions is? Finally, the restrictions on
export
of cryptography systems, requiring key escrow, obviously have nothing whatsoever to do with meeting the “needs” of businesses. It will be interesting to see how foreign governments react to having escrowed systems in which the U.S. has special access to communications of their corporations and citizens. My guess is that they'll react about the same way the U.S. would react if Iraq were exporting special “Saddam-readable” crypto software to the U.S.

Any system which allows government to act to trace a transaction, or to trace a message, or to gain access to keys, essentially throws away the liberty-enhancing advantages of cryptography completely. If this is not evident, ask yourself whether the government of Burma, known as SLORC, would not use its “Government Access to Keys” to round up the dissidents communicating with laptops and PGP in the jungle? Would Hitler and Himmler have used “key recovery” to determine who the Jews were communicating with so they could all be rounded up and killed? Contact tracing is to be one of the most powerful tools in suppressing groups. Would the East German Staasi have traced e-cash transactions? The answers are obvious. For every government extant on the planet one can easily think of dozens of examples where access to keys, access to diaries, access to spending records, etc., would be exploited by the party in power. What a government considers “criminal” or “suspicious” is often what it considers threatening to its exercise of power. Rhetoric about “catching criminals” misses this point: that governments typically use surveillance powers to control citizens. Fortunately, a crackdown on crypto will not be easy to successfully implement in the U.S. and in Western nations.

Some domestic (U.S.) restrictions on cryptography and digital money seem likely, despite what many think the Constitution says. Think it can't happen? How can government require ID cards and tracking mechanisms for cash purchases? And people are finding that carrying their own cash around in cars and on planes can subject them to “forfeiture” of this cash, with no trial and no mechanism for redress (the Orwellian name for this is along the lines of “illegal use of currency”).

The U.S. government continues to push for its notion of “Key Recovery,” or key registration, and for limits on the strength of cryptographic systems. A purely voluntary key-recovery system is unobjectionable, as what people do with their own keys is of course their business. The danger, however, is that a widely deployed, ostensibly voluntary system could be made mandatory by the vote of Congress or a Presidential order. This sort of sword of Damocles is always worrisome, whether the proposed system is gun registration (which can then easily lead to confiscation, as happened in Nazi Germany), implantable ID units, video cameras in public places, “voluntary self-ratings” on writings or speech, or wider use of government-approved ID cards. It has been clear for a long time that the U.S. government's interest in pushing Clipper, Tessera, and the various other GAK proposals was to make escrowed encryption widespread, with non-GAK crypto ultimately to be phased out. This would be no easy thing to accomplish, for many reasons, some discussed here. A firestorm of protest awaits any attempt to ban cryptography. As one wag put it several years ago, “They'll get my crypto keys when they pry my cold, dead fingers off my keyboard.”