In Tim May's eyes a digital tape is a weapon as potent and
subversive as a shoulder-mounted Stinger missile. May (fortyish, trim
beard, ex-physicist) holds up a $9.95 digital audio tape, or DAT. The
cassette -- just slightly fatter than an ordinary cassette -- contains a copy
of Mozart equivalent in fidelity to a conventional digital compact disc.
DAT can hold text as easily as music. If the data is smartly compressed,
one DAT purchased at K-Mart can hold about 10,000 books in digital
One DAT can also completely cloak a smaller library of information
interleaved within the music. Not only can the data be securely
encrypted within a digital tape, but the library's existence on the tape
would be invisible even to powerful computers. In the scheme May
promotes, a computer hard disk's-worth of coded information could be
made to disappear inside an ordinary digital tape of Michael Jackson's
The vanishing act works as follows. DAT records music in 16 binary
digits, but that precision is beyond perception. The difference
contained in the 16th bit of the signal is too small to be detected by
the human ear. An engineer can substitute a long message -- a book of
diagrams, a pile of data spreadsheets (in encrypted form) -- into the
positions of the 16th bits of music. Anyone playing the tape would hear
Michael Jackson crooning in the exact digital quality they would hear on
a purchased Thriller tape. Anyone examining the tape with a computer
would see only digital music. Only by matching an untampered-with tape
with the encrypted one bit by bit on a computer could someone detect the
difference. Even then, the random-looking differences would appear to be
noise acquired while duping a digital tape through an analog CD player
(as is normally done). Finally, this "noise" would have to be decrypted
(not likely) to prove that it was something other than noise.
"What this means," says May, "is that already it is totally hopeless to
stop the flow of bits across borders. Because anyone carrying a single
music cassette bought in a store could carry the entire computerized
files of the stealth bomber, and it would be completely and totally
imperceptible." One tape contains disco music. The other tape contains
disco and the essential blueprints of a key technology.
Music isn't the only way to hide things, either. "I've done this with
photos, " says May. "I take a digitized photo posted on the Net,
download it into Adobe Photoshop, and then strip an encrypted message
into the least significant bit in each pixel. When I repost the image,
it is essentially indistinguishable from the original."
The other thing May is into is wholly anonymous transactions. If one
takes the encryption methods developed by military agencies and
transplants them into the vast terrain of electronic networks, very
powerful -- and very unbreakable -- technologies of anonymous dealing become
possible. Two complete strangers could solicit or supply information to
each other, and consummate the exchange with money, without the least
chance of being traced. That's something that cannot be securely done
with phones and the post office now.
It's not just spies and organized crime who are paying attention.
Efficient means of authentication and verification, such as smart cards,
tamper-proof networks, and micro-size encryption chips, are driving the
cost of ciphers down to the consumer level. Encryption is now affordable
for the everyman.
The upshot of all this, Tim believes, is the end of corporations in
their current form and the beginning of more sophisticated, untaxed
black markets. Tim calls this movement Crypto Anarchy. "I have to tell
you I think there is a coming war between two forces," Tim May confides
to me. "One force wants full disclosure, an end to secret dealings.
That's the government going after pot smokers and controversial bulletin
boards. The other force wants privacy and civil liberties. In this war,
encryption wins. Unless the government is successful in banning
encryption, which it won't be, encryption always wins."
A couple of years ago May wrote a manifesto to alert the world to the
advent of widespread encryption. In this electronic broadside published
on the Net, he warned of the coming "specter of crypto anarchy":
...The State will of course try to slow or halt the spread of this
technology, citing national security concerns, use of the technology by
drug dealers and tax evaders, and fears of societal disintegration. Many
of these concerns will be valid; crypto anarchy will allow national
secrets to be traded freely and will allow illicit and stolen materials
to be traded. An anonymous computerized market will even make possible
abhorrent markets for assassinations and extortion. Various criminal and
foreign elements will be active users of CryptoNet. But this will not
halt the spread of crypto anarchy.
Just as the technology of printing altered and reduced the power of
medieval guilds and the social power structure, so too will cryptologic
methods fundamentally alter the nature of corporations and of government
interference in economic transactions. Combined with emerging
information markets, crypto anarchy will create a liquid market for any
and all material which can be put into words and pictures. And just as a
seemingly minor invention like barbed wire made possible the fencing-off
of vast ranches and farms, thus altering forever the concepts of land
and property rights in the frontier West, so too will the seemingly
minor discovery out of an arcane branch of mathematics come to be the
wire clippers which dismantle the barbed wire around intellectual
The manifesto was signed:
Timothy C. May, Crypto Anarchy: encryption, digital money, anonymous
networks, digital pseudonyms, zero knowledge, reputations, information
markets, black markets, collapse of government.
I asked Tim May, a retired Intel physicist, to explain the connection
between encryption and the collapse of society as we know it. May
explained, "Medieval guilds would monopolize information. When someone
tried to make leather or silver outside the guilds, the King's men came
in and pounded on them because the guild paid a levy to the King. What
broke the medieval guilds was printing; someone could publish a treatise
on how to tan leather. In the age of printing, corporations arose to
monopolize certain expertise like gunsmithing, or making steel. Now
encryption will cause the erosion of the current corporate monopoly on
expertise and proprietary knowledge. Corporations won't be able to keep
secrets because of how easy it will be to sell information on the nets."
The reason crypto anarchy hasn't broken out yet, according to May, is
that the military has a monopoly on the key knowledge of encryption -- just
as the Church once tried to control printing. With few exceptions,
encryption technology has been invented by and for the world's military
organizations. To say that the military is secretive about this
technology would be an understatement. Very little developed by the U.S.
National Security Agency (NSA) -- whose mandate it is to develop crypto
systems -- has ever trickled down for civilian use, unlike technologies
spun off from the rest of the military/industrial alliance.
But who needs encryption, anyway? Only people with something to hide,
perhaps. Spies, criminals, and malcontents. People whose appetite for
encryption may be thwarted righteously, effectively, and harshly.
The ground shifted two decades ago when the information age arrived, and
intelligence became the chief asset of corporations. Intelligence was no
longer the monopoly of the Central Intelligence Agency, but the subject
of seminars for CEOs. Spying meant corporate spying. Illicit transfer of
corporate know-how, rather than military plans, became the treasonous
information the state had to worry about.
In addition, within the last decade, computers became fast and cheap;
enciphering no longer demanded supercomputers and the superbudgets need
to run them. A generic brand PC picked up at a garage sale could handle
the massive computations that decent encryption schemes consumed. For
small companies running their entire business on PCs, encryption was a
tool they wanted on their hard disks.
And now, within the last few years, a thousand electronic networks have
blossomed into one highly decentralized network of networks. A network
is a distributed thing without a center of control, and with few clear
boundaries. How do you secure something without boundaries? Certain
types of encryption, it turns out, are an ideal way to bring security to
a decentralized system while keeping the system flexible. Rather than
trying to seal out trouble with a rigid wall of security, networks can
tolerate all kinds of crap if a large portion of its members use
Suddenly, encryption has become incredibly useful to ordinary people who
have "nothing to hide" but their privacy. Peer-to-peer encryption, sown
into the Net, linked with electronic payments, tied into everyday
business deals, becomes just another business tool like fax machines or
Just as suddenly, tax-paying citizens -- whose dollars funded the military
ownership of this technology -- want the technology back.
But the government (at least the U.S. government) may not give
encryption back to the people for a number of antiquated reasons. So, in
the summer of 1992, a loose federation of creative math hackers, civil
libertarians, free-market advocates, genius programmers, renegade
cryptologists, and sundry other frontier folk, began creating,
assembling, or appropriating encryption technology to plug into the Net.
They called themselves "cypherpunks."
On a couple of Saturdays in the fall of 1992, I joined Tim May and about
15 other crypto-rebels for their monthly cypherpunk meeting held near
Palo Alto, California. The group meets in a typically nondescript office
complex full of small hi-tech start-up companies. It could be anywhere
in Silicon Valley. The room has corporate gray carpeting and a
conference table. The moderator for this meeting, Eric Hughes, tries to
quiet the cacophony of loud, opinionated voices. Hughes, with sandy hair
halfway down his back, grabs a marker and scribbles the agenda on a
whiteboard. The items he writes down echo Tim May's digital card:
reputations, PGP encryption, anonymous re-mailer update, and the
Diffie-Hellmann key exchange paper.
After a bit of gossip the group gets down to business. It's class time.
One member, Dean Tribble, stands up front to report on his research on
digital reputations. If you are trying to do business with someone you
know only as a name introducing some e-mail, how can you be sure they
are legit? Tribble suggests that you can buy a reputation from a "trust
escrow" -- a company similar to a title or bond company that would
guarantee someone for a fee. He explains the lesson from game theory
concerning iterated negotiation games, like the Prisoner's Dilemma; how
payoffs shift when playing the game over and over instead of just once,
and how important reputations become in iterated relationships. The
potential problems of buying and selling reputations online are chewed
on, and suggestions of new directions for research are made, before
Tribble sits down and another member stands to give a brief talk. Round
the table it goes.
Arthur Abraham, dressed in heavy studded black leather, reviews a recent
technical paper on encryption. Abraham flicks on an overhead projector,
whips out some transparencies painted with equations, and walks the
group through the mathematical proof. It is clear that the math is not
easy for most. Sitting around the table are programmers (many
self -- taught), engineers, consultants -- all very smart -- but only a single
member is equipped with a background in mathematics. "What do you mean
by that?" questions one quiet fellow as Abraham talks. "Oh, I see, you
forgot the modulus," chimes in another guy. "Is that 'a to the x' or 'a
to the y'? The amateur crypto-hackers challenge each statement, asking
for clarification, mulling it over until each understands. The hacker
mind, the programmer's drive to whittle things down to an elegant
minimum, to seek short cuts, confronts the academic stance of the paper.
Pointing to a large hunk of one equation, Dean asks, "Why not just scrap
all this?" A voice from back: "That's a great question, and I think I
know why not." So the voice explains. Dean nods. Arthur looks around to
be sure everyone got it. Then he goes on to the next line in the paper;
those who understand help out those who don't. Soon the room is full of
people saying, "Oh, that means you can serve this up on a network
configuration! Hey, cool!" And another tool for distributed computing is
born; another component is transferred from the shroud of military
secrecy to the open web of the Net; and another brick is set into the
foundation of network culture.
The main thrust of the group's efforts takes place in the virtual online
space of the Cypherpunk electronic mailing list. A growing crowd of
crypto-hip folks from around the world interact daily via an Internet
"mailing list." Here they pass around code-in-progress as they attempt
to implement ideas on the cheap (such as digital signatures), or discuss
the ethical and political implications of what they are doing. Some
anonymous subset of them has launched the Information Liberation Front.
The ILF locates scholarly papers on cryptology appearing in very
expensive (and very hard-to-find) journals, scans them in by computer,
and "liberates" them from their copyright restrictions by posting the
articles anonymously to the Net.
Posting anything anonymously to the Net is quite hard: the nature of the
Net is to track everything infallibly, and to duplicate items
promiscuously. It is theoretically trivial to monitor transmission nodes
in order to backtrack a message to its source. In such a climate of
potential omniscience, the crypto-rebels yearn for true anonymity.
I confess my misgivings about the potential market for anonymity to Tim:
"Seems like the perfect thing for ransom notes, extortion threats,
bribes, blackmail, insider trading, and terrorism." "Well," Tim answers,
"what about selling information that isn't viewed as legal, say about
pot growing, do-it-yourself abortion, cryonics, or even peddling
alternative medical information without a license? What about the
anonymity wanted for whistleblowers, confessionals, and dating
Digital anonymity is needed, the
crypto-rebels feel, because anonymity is as important a civil tool as
authentic identification is. Pretty good anonymity is offered by the
post office; you don't need to give a return address and the post office
doesn't verify it if you do. Telephones (without caller ID) and
telegrams are likewise anonymous to a rough degree. And everyone has a
right (upheld by the Supreme Court) to distribute anonymous handbills
and pamphlets. Anonymity stirs the most fervor among those who spend
hours each day in networked communications. Ted Kaehler, a programmer at
Apple Computer, believes that "our society is in the midst of a privacy
crisis." He sees encryption as an extension of such all-American
institutions as the Post Office: "We have always valued the privacy of
the mails. Now for the first time, we don't have to trust in it; we can
enforce it." John Gilmore, a crypto-freak who sits on the board of the
Electronic Frontier Foundation, says, "We clearly have a societal need
for anonymity in our basic communications media."
A pretty good society needs more than just anonymity. An online
civilization requires online anonymity, online identification, online
authentication, online reputations, online trust holders, online
signatures, online privacy, and online access. All are essential
ingredients of any open society. The cypherpunk's agenda is to build the
tools that provide digital equivalents to the interpersonal conventions
we have in face-to-face society, and hand them out for free. By the time
they are done, the cypherpunks hope to have given away free digital
signatures, as well as the opportunity for online anonymity.
To create digital anonymity, the cypherpunks have developed about 15
prototype versions of an anonymous re-mailer that would, when fully
implemented, make it impossible to determine the source of an e-mail
message, even under intensive monitoring of communication lines. One
stage of the re-mailer works today. When you use it to mail to Alice,
she gets a message from you that says it is from "nobody." Unraveling
where it came from is trivial for any computer capable of monitoring the
entire network -- a feat few can afford. But to be mathematically
untraceable, the re-mailers have to work in a relay of at least two
(more is better) -- one re-mailer handing off a message to the next
re-mailer, diluting information about its source to nothing as it is
Eric Hughes sees a role for digital pseudonymity -- your identity is known
by some but not by others. When cloaked pseudonymously "you could join a
collective to purchase some information and decrease your actual cost by
orders of magnitude -- that is, until it is almost free." A digital co-op
could form a private online library and collectively purchase digital
movies, albums, software, and expensive newsletters, which they would
"lend" to each other over the net. The vendor selling the information
would have absolutely no way of determining whether he was selling to
one person or 500. Hughes sees these kinds of arrangements peppering an
information-rich society as "increasing the margins where the poor can
"One thing for sure," Tim says, "long-term, this stuff nukes tax
collection." I venture the rather lame observation that this may be one
reason the government isn't handing the technology back. I also offer
the speculation that an escalating arms race with a digital IRS might
evolve. For every new avenue the digital underground invents to disguise
transactions, the digital IRS will counter with a surveillance method.
Tim pooh-poohs the notion. "Without a doubt, this stuff is unbreakable.
Encryption always wins."
And this is scary because pervasive encryption removes economic
activity -- one driving force of our society -- from any hope of central
control. Encryption breeds out-of-controllness.