of a single product that wasn't a buggy mess in release 1.0?
None of the above questions will be easy to answer, and the very nature of a single
authority for key escrow is in conflict with the nature of the Net as we know it:
distributed, decentralized, robust. It would be more logical and more in keeping with
the character of the Net, to allow the structures that are already beginning to form
organically around the world, in the form of public key servers, to continue to grow,
m u l t i p l y, and add functions. Governments may trust banks and large corporations to
manage keys; the rest of us are more likely to trust individuals or organizations we
have chosen ourselves, be they friends with well-secured computer systems,
relatives who live in another country, our own local lawyers or accountants, a safe
deposit box under our personal control, or in some cases even the Internet service
providers we use, who can verify our attached identity as they're already billing us
and providing our email addresses.
But as Sterling noted at CFP'94, "Encryption is mathematics. It is not our friend."
Assuming export controls do get lifted and encryption applications become
widespread, there will certainly be new twists on old challenges for law enforcement:
new types of fraud, money laundering (a potential problem if electronic cash really is
fully anonymous), tax evasion, theft, deception, electronic impersonation, and
anonymous smear campaigns. It's easy to imagine that the combination of
untraceable electronic cash, Internet-assisted searching, and encryption-based
anonymous remailers could create a very lucrative business for a blackmailer.
Cypherpunk and physicist Timothy C. May created a stir in 1994 when he sent a
couple of friends a sample advertisement for an information black market operator
he called BlackNet (the document caused much furor when it was copied and
posted to Usenet by others). It asked correspondents to use public newsgroups,
PGP, and encrypted anonymous remailers to create "a secure, two-way,
untraceable, and fully anonymous channel" through which information such as trade
secrets and business and national intelligence could be bought or sold. May 's point was that cryptography really will pose a "mortal threat" to
governments: "National borders are just speed bumps on the information
superhighway," he concluded in a response to critics on the cypherpunks emailing
list in February 1994.
In the short term, spreading cryptography may pose a technical problem: what
happens to the interoperability we have now, where everything depends on
standards? Typically, every aspect of the computer industry goes through a period
where competing products are wholly incompatible. Before IBM developed the PC
in 1984, there were all sorts of weird machines floating around, none of which could
read each other's floppy disks. Before the widespread adoption of Internet
standards in the early 1990s, members on closed systems such as CompuServe
couldn't email anyone outside their own service. If this pattern gets repeated now,
we could be facing a period when you have to know what email software, network,
or hardware your correspondent is using before you can use secure
communications. This was, in fact, another objection to Clipper.
One solution, being attempted by the ever-active John Gilmore, is to secure the
Internet against wiretapping by installing PC-based boxes running a specially
tailored version of the free operating system software Linux to sit between the
Internet and local-area networks and encrypt traffic going to other sites using the
same system. His goal for 1996 was to secure 5 percent of the Internet; by early
December he was admitting this was "too ambitious" but was continuing the
attempt. His request for more volunteers to help install boxes and
train administrators in their set-up and use was accompanied by a note that he
wanted to hear from those who could write cryptographic software--and lived
outside the United States. In the early days of the Net, that sort of community spirit
seemed to be hard-wired into each computer running the Internet protocols,
TCP/IP, but in today's gold rush era it may be harder to find. If Gilmore's scheme
can be implemented, given the speed with which the Internet can reinvent itself, by
the time the governments are through negotiating they may find that their treaties
Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.
Be sure to visit the NYU Press Bookstore
[Design by NiceMedia]