Cypherpunk: Difference between revisions
imported>Sandy Harris (→Cypherpunk ideas: expand) |
imported>Sandy Harris |
||
| Line 55: | Line 55: | ||
What about a traffic cop who asks for your driver's license and vehicle registration? Should there be some restrictions on what he or she learns about you? Or a company that issues a frequent flier or other reward card, or requires registration to use its web site? Or cards for toll roads that potentially allow police or others to track your movements? Or phone company and Internet records? In general, how do we manage privacy in an electronic age? | What about a traffic cop who asks for your driver's license and vehicle registration? Should there be some restrictions on what he or she learns about you? Or a company that issues a frequent flier or other reward card, or requires registration to use its web site? Or cards for toll roads that potentially allow police or others to track your movements? Or phone company and Internet records? In general, how do we manage privacy in an electronic age? | ||
Questions of privacy in financial matters were also extensively discussed | Questions of privacy in financial matters were also extensively discussed. | ||
Can we combine the anonymity of cash with the convenience of electronic payment? Technically, the answer is almost certainly yes (see [[digital cash]]), but what are the social implications? What happens to the tax system, or various government efforts to trace "money laundering" schemes, or some countries' controls on currency exchange, if anonymous financial transactions become commonplace? Some of the more radical cypherpunks would say all those things would be destroyed and that is a good thing. | Cash is almost anonymous; if I pay for dinner with a few bills, then the restaurant (short of doing an analysis of DNA traces on the bills) learns almost nothing about me and my menu choices are not in any record tied to my identity. However, if I pay with a credit card, the bank and the restaurant get more data. This might be used to my disadvantage, perhaps by a data-trolling marketer or a divorce lawyer wondering who my dinner companion was. Can we combine the anonymity of cash with the convenience of electronic payment? Technically, the answer is almost certainly yes (see [[digital cash]]), but what are the social implications? What happens to the tax system, or various government efforts to trace "money laundering" schemes, or some countries' controls on currency exchange, if anonymous financial transactions become commonplace? Some of the more radical cypherpunks would say all those things would be destroyed and that is a good thing. | ||
The questions of anonymity, pseudonymity and reputation were also extensively discussed. | The questions of anonymity, pseudonymity and reputation were also extensively discussed. | ||
Revision as of 06:46, 9 May 2010
The cypherpunks were an informal group of people interested in privacy and cryptography who originally communicated through the cypherpunks mailing list. The aim of the group was to achieve privacy and security through proactive use of cryptography. An obituary written when the list shut down summarised:
for all the irrelevant comments, vicious infighting and radical libertarian politics that flourish on the list, Cypherpunks has chronicled every important event in the short history of modern cryptography, as well as the cyber-rights movement that grew out of it. ... Seemingly every major figure in cryptography and computer security has passed through the list from time to time.
The term "cypherpunk", derived from cipher and cyberpunk, was coined by Wired magazine writer Jude Milhon at one of the early cypherpunk gatherings. The Oxford English Dictionary added "cypherpunk" in 2006, see New York Times article.
In its heyday in the late 90s, the list had extensive discussions of the public policy issues related to cryptography and on the politics and philosophy of concepts such as anonymity, pseudonyms, reputation, and privacy. At that time, it was a very active list; traffic averaged about 200 messages a day, divided between personal arguments and attacks, political discussion, and technical discussion ranging over mathematics, cryptography, and computer science, with some spam thrown in. There were also cypherpunk "physical meetings" and parties.
Many cypherpunks were quite active in the various political and legal controversies around cryptography of the 90s, and most have remained active into the 21st century. Steven Levy's Crypto: How the Code rebels Beat the Government — Saving Privacy in the Digital Age [1] covers these "crypto wars" in detail. "Code Rebels" in the title is almost synonymous with "cypherpunks".
A coderpunks list, open by invitation only, existed for a time. Coderpunks took up more technical matters and had less discussion of public policy implications. To some extent, the cryptography list is a successor to cypherpunks; it has many of the people and continues some of the same discussions. However, it is a moderated list, considerably less zany and somewhat more technical.
There is a large FTP archive of old cypherpunk material, and a partial mailing list archive. A more current site is Cypherpunks Tonga which has a FAQ. Other available documents include a Cypherpunk Manifesto, and a Crypto Anarchist Manifesto.
In Neal Stephenson's novel Cryptonomicon many characters are on the "Secret Admirers" mailing list. This appears to be based on the cypherpunks list.
Cypherpunk ideas
The cypherpunks list had a variety of viewpoints and many rather heated discussions, but there was a overall attitude exemplified in these quotes from the Cypherpunk Manifesto:
Privacy is necessary for an open society in the electronic age. ...
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy ...
We must defend our own privacy if we expect to have any. ...
Cypherpunks write code. We know that someone has to write software to defend privacy, and ... we're going to write it. ... We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.
There was also a feeling of an Us against Them battle; most cypherpunks were fundamentally opposed to many government policies on cryptography. The same Manifesto has:
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act.
John Gilmore, whose site hosted the original cypherpunks list, wrote:
We are literally in a race between our ability to build and deploy technology, and their ability to build and deploy laws and treaties. Neither side is likely to back down or wise up until it has definitively lost the race.
Cypherpunks did build and deploy quite a bit of code. Anonymous remailers such as the Mixmaster Remailer were almost entirely a cypherpunk development. Among the other projects they have been involved in were PGP for email privacy, FreeS/WAN for opportunistic encryption of the whole net, Off-the-record messaging for privacy in Internet chat, and EFF's TOR project for anonymous web surfing.
A whole set of issues around privacy and the scope of self-revelation were also discussed.
Consider a young person who gets "carded" when he or she enters a bar and produces a driver's license as proof of age. The license includes things like full name and home address; these are completely irrelevant to the question of legal drinking. However, they could be useful to a lecherous member of bar staff who wants to stalk a hot young customer, or to a thief who cleans out the apartment when an accomplice in the bar tells him you look well off and are not home. Is a government that passes a drinking age law morally obligated to create a privacy-protecting form of ID to go with it, one that only shows you can legally drink without revealing anything else? In the absence of that, is it ethical to acquire a bogus driver's license to protect your privacy? Most cypherpunks would answer "yes" to both questions.
What about a traffic cop who asks for your driver's license and vehicle registration? Should there be some restrictions on what he or she learns about you? Or a company that issues a frequent flier or other reward card, or requires registration to use its web site? Or cards for toll roads that potentially allow police or others to track your movements? Or phone company and Internet records? In general, how do we manage privacy in an electronic age?
Questions of privacy in financial matters were also extensively discussed.
Cash is almost anonymous; if I pay for dinner with a few bills, then the restaurant (short of doing an analysis of DNA traces on the bills) learns almost nothing about me and my menu choices are not in any record tied to my identity. However, if I pay with a credit card, the bank and the restaurant get more data. This might be used to my disadvantage, perhaps by a data-trolling marketer or a divorce lawyer wondering who my dinner companion was. Can we combine the anonymity of cash with the convenience of electronic payment? Technically, the answer is almost certainly yes (see digital cash), but what are the social implications? What happens to the tax system, or various government efforts to trace "money laundering" schemes, or some countries' controls on currency exchange, if anonymous financial transactions become commonplace? Some of the more radical cypherpunks would say all those things would be destroyed and that is a good thing.
The questions of anonymity, pseudonymity and reputation were also extensively discussed.
Arguably, the possibility of anonymous speech and publication is vital for an open society, an essential requirement for genuine freedom of speech — this was the position of many cypherpunks. A frequently cited example is that some of the leaders of the American Revolution published anonymously. On the other hand, the possibility of anonymity may facilitate various forms of criminal activity, notably conspiracy and libel.
On the net, one can use a pseudonym. This has some of the advantages and problems of anonymity, but adds its own complications. A pseudonym can be tied to a public key so that only an authorised person can use the nym. Several people might share a pseudonym, as for the mathematician Nicolas Bourbaki who published a number of papers but never actually existed. One person might have multiple nyms. A pseudonym can acquire a reputation — if clever things often appear under the pseudonym, then a new message using that name will be taken seriously. On the other hand, if many messages from a nym are idiotic, a new one may not even be read and will certainly not be accepted without caution.
Jim Bell and "Assassination Politics"
Jim Bell took the general cypherpunk tendencies toward anarchism or libertaranism farther in an essay titled "Assassination Politics" [1]:
Imagine for a moment that as ordinary citizens ... see an act by a government employee or officeholder that they feel violates their rights ... If only 0.1% of the population, or one person in a thousand, was willing to pay $1 to see some government slimeball dead, that would be, in effect, a $250,000 bounty on his head. Further, imagine that anyone considering collecting that bounty could do so with the mathematical certainty that he could not be identified, ... Perfect anonymity, perfect secrecy, and perfect security.
He worked out the mechanisms for this in considerable detail, and speculated extensively on the political consequences. Naturally, the discussion on the list was intense.
Later, Bell was arrested and convicted [2] for tax evasion, with accusations of attempts to intimidate IRS agents. Still later, another case was brought against him, alleging "stalking and intimidating local agents of the IRS, Treasury Department and BATF" [3]. Another list subscriber, Carl Johnson, was also convicted [4] of sending threatening emails. Discussion of Bell's essay played a prominent part in all three trials.
Well-known list participants
Cypherpunks list subscribers included many notable computer industry figures. Not all would call themselves "cypherpunks".
- Steven Bellovin (Bell Labs researcher, later Columbia professor)
- Jon Callas (Technical lead on Open PGP specification and Chief Technical Officer of PGP Corporation)
- Hugh Daniel (Former Sun Microsystems' employee, manager of the FreeS/WAN project)
- John Gilmore (Sun Microsystems' fifth employee, one of the founders of the Electronic Frontier Foundation, project leader for FreeS/WAN)
- Mike Godwin (EFF lawyer)
- Ian Goldberg (Assistant Professor, University of Waterloo, designer of the Off-the-Record Messaging protocol)
- Lucky Green (Author of first free software implementation of ring signatures)
- Eric Hughes (Author of A Cypherpunk's Manifesto)
- Tim May (Former chief scientist at Intel, author of A Crypto Anarchist Manifesto)
- Jude Milhon (A founding member of the cypherpunks)
- Sameer Parekh (former CEO of C2Net)
- Len Sassaman (Current maintainer of the Mixmaster Remailer software)
- Peter Shipley (A founding member of the cypherpunks)
- Philip Zimmermann (Creator of PGP)
Other uses
Cypherpunk, cypherpunks or cpunks are sometimes used as a username and password on websites which require registration, for users who do not wish to reveal information about themselves. The account is left for later users. Some such accounts were publicly announced on the list.
References
- ↑ Steven Levy (2001). "Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age. Penguin, 56. ISBN 0-14-024432-8.