Thursday, January 23, 2014

Did the NSA Read My 1996 Strong Privacy Article?

Or, alternatively, were they on the Cypherpunks email list?

My article sketched the consequences of a world with a fully developed cryptographic infrastructure, including public key encryption, digital signatures, anonymous ecash and anonymous remailers. It was a world where activity in cyberspace was invisible to third parties, including the government. Some consequences were obviously attractive, such as free speech that did not depend on the current views of the Supreme Court. Some were obviously unattractive, such as making it easy for kidnappers or extortionists to collect their payoff invisibly. Some, such as making government regulation and taxation more difficult, were consequences that some, myself included, would see as attractive but other reasonable people might not.

My guess is that the NSA did not have to read my article. Although they may well have been reading the Cypherpunks list, they probably did not have to do that either. Given the nature of the NSA, they probably had people thinking through these issues for themselves, perhaps even earlier than the rest of us. I suspect that the NSA contained quite a lot of people rather like the Cypherpunks—geeks, sf fans, smart people interested in technology and the future. 

The reason I raise the question is that much of what it turns out that the NSA has been doing, in particular the deliberate sabotaging of widely used encryption software, can be viewed as designed to prevent the world I described in that article from coming into existence. That seems a natural thing for people who saw the potential of the technology and did not like it to want to do. And, for reasons that I discussed almost twenty years ago, there are good reasons not to like it, even if reasons I found ultimately unconvincing.


jdgalt said...

As I see it, the more interesting question is: how can those of us who DO want to see what Tim May calls "crypto anarchy" build an infrastructure capable of creating and defending it against subversion by the NSA and its counterparts in other countries?

Open source software is certainly part of the answer, though I expect all such efforts to be infiltrated, so their organizers will need to become much more paranoid. But there are avenues of attack that can beat it. One would be to embed hidden back doors in CPUs (and with only a few makers of CPUs in the world, I'd be very surprised if this has not been done).

Russ Nelson said...

I am confident that they were reading cypherpunks.

Anonymous said...

They didn't need to make any predictions, just notice that encryption made some communication unavailable that was previously available (only a tiny fraction, but including the most valuable). Simple reaction, not foresight.

Anonymous said...

It's interesting how the self-interest of bureaucrats is often the main problem for libertarians in getting good results, but in this case it takes one or more genuinely goodwilled (but misguided) to be the problem - ones willing to plan long in advance to try and prevent encryption coming into fruition. Reminds me that I should get round to reading Salamander.

Bitcoin as opposed to the classically-described Ecash might be a saving weapon here. Since anyone motivated to go out of his way to prevent encryption might be tempted to buy a few, sabotage his work, and retire a rich man in a decade once fiat collapses. Being able to profit off the price increase creates a selfish incentive for everyone important to see encryption succeed, even if it is against the group interest of government.

Tibor said...

A friend of mine works for a company that deals with internet security (accidentally, I was also considering working that as an option for a PhD. position combined with a half-term job as well, but eventually I chose Germany instead) and while they mostly have private customers, they created several programs for the NSA as well. If I remember correctly, those were supposed to be "defensive", but my friend told me that they could easily be modified for surveillance as well. He kept telling me about the NSA stuff for some time and most of the time I considered him to be just too paranoid and influenced by his line of work, but then I started to take that more seriously after the recent NSA incidents.

Recently, he came to me with a "moral dilemma". As a part (I guess a major one) of his Master's thesis, he is supposed to research possibilities of monitoring the deep web (tor in particular) and if possible, work out some appropriate algorithms. He is reluctant to do that, because he does not consider that to be right...I pointed out that if it is possible to do such a thing, it is better if he does it as a part of his thesis which is publicly accessible and therefore everyone will be informed about that and can try to "plug the hole" somehow than if the NSA or a similar organization figures that out on its own and does not tell anyone else. And if it is possible, the NSA will eventually find it out.