Cheaper than printing it out: buy the paperback book.

Out of Control
Chapter 12: E-MONEY

Encryption always wins because it follows the logic of the Net. A given public-key encryption key can eventually be cracked by a supercomputer working on the problem long enough. Those who have codes they don't want cracked try to stay ahead of the supercomputers by increasing the length of their keys (the longer a key, the harder it is to crack) -- but at the cost of making the safeguard more unwieldy and slow to use. However, any code can be deciphered given enough time or money. As Eric Hughes often reminds fellow cypherpunks, "Encryption is economics. Encryption is always possible, just expensive." It took Adi Shamir a year to break a 120-digit key using a network of distributed Sun workstations working part-time. A person could use a key so long that no supercomputer could crack it for the foreseeable future, but it would be awkward to use in daily life. A building-full of NSA's specially hot-rodded supercomputers might take a day to crack a 140-digit code today. But that is a full day of big iron to open just one lousy key!

Cypherpunks intend to level the playing field against centralized computer resources with the Fax Effect. If you have the only fax machine in the world it is worth nothing. But for every other fax installed in the world, your fax machine increases in value. In fact, the more faxes in the world, the more valuable everybody's fax becomes. This is the logic of the Net, also known as the law of increasing returns. It goes contrary to classical economic theories of wealth based on equilibratory tradeoff. These state that you can't get something from nothing. The truth is, you can. (Only now are a few radical economics professors formalizing this notion.) Hackers, cypherpunks, and many hi-tech entrepreneurs already know that. In network economics, more brings more. This is why giving things away so often works, and why the cypherpunks want to pass out their tools gratis. It has less to do with charity than with the clear intuition that network economics reward the more and not the less -- and you can seed the "more" at the start by giving the tools away. (The cypherpunks also talk about using the economics of the Net for the reverse side of encryption: to crack codes. They could assemble a people's supercomputer by networking together a million Macintoshes, each one computing a coordinated little part of a huge, distributed decryption program. In theory, such a decentralized parallel computer would in sum be the most powerful computer we can now imagine -- far greater than the centralized NSA's.)

The idea of choking Big Brother with a deluge of petty, heavily encrypted messages so tickles the imagination of crypto-rebels that one of them came up with a freeware version of a highly regarded public-key encryption scheme. The software is called PGP, for Pretty Good Privacy. The code has been passed out on the nets for free and made available on disks. In certain parts of the Net it is quite common to see messages encrypted with PGP, with a note that the sender's public-key is "available upon request."

PGP is not the only encryption freeware. On the Net, cypherpunks can grab RIPEM, an application for privacy-enhanced mail. Both PGP and RIPEM are based on RSA, a patented implementation of encryption algorithms. But while RIPEM is distributed as public domain software by the RSA company itself, Pretty Good Privacy software is home-brew code concocted by a crypto-rebel named Philip Zimmermann. Because Pretty Good Privacy uses RSA's patented math, it's outlaw-ware.

RSA was developed at MIT -- partly with federal funds -- but was later licensed to the academic researchers who invented it. The researchers published their crypto-methods before they filed for patents out of fear that the NSA would hold up the patents or even prevent the civilian use of their system. In the US, inventors have a year after publication to file patents. But the rest of the world requires patents before publication, so RSA could secure only U.S. patents on its system. PGP's use of RSA's patented mathematics is legitimate overseas. But PGP is commonly exchanged in the no-place of the Net (what country's jurisdiction prevails in cyberspace?) where the law on intellectual property is still a bit murky and close to the beginnings of crypto anarchy. Pretty Good Privacy deals with this legal tar baby by notifying its American users that it is their responsibility to secure from RSA a license for use of PGP's underlying algorithm. (Sure. Right.)

Zimmermann claims he released the quasi-legal PGP into the world because he was concerned that the government would reclaim all public-key encryption technology, including RSA's. RSA can't stop distribution of existing versions of PGP because once something goes onto the Net, it never comes back. But it's hard for RSA to argue damages. Both the outlawed PGP and the officially sanctioned RIPEM infect the Net to produce the Fax Effect. PGP encourages consumer use of encryption -- the more use, the better for everyone in the business. Pretty Good Privacy is freeware; like most freeware, its users will sooner or later graduate to commercially supported stuff. Only RSA offers the license for that at the moment. Economically, what could be better for a patent holder than to have a million people use the buddy system to teach themselves about the intricacies and virtues of your product (as pirated and distributed by others), and then wait in line to buy your stuff when they want the best?

The Fax Effect, the rule of freeware upgrade, and the power of distributed intelligence are all part of an emerging network economics. Politics in a network economy will also definitely require the kind of tools the cypherpunks are playing with. Glenn Tenney, chairman of the annual Hackers' Conference, ran for public office in California last year using the computer networks for campaigning, and came away with a realistic grasp of how they will shape politics. He notes that digital techniques for establishing trust are needed for electronic democracy. He writes online, "Imagine if a Senator responds to some e-mail, but someone alters the response and then sends it on to the NY Times? Authentication, digital signatures, etc., are essential for protection of all sides." Encryption and digital signatures are techniques to expand the dynamics of trust into a new territory. Encryption cultivates a "web of trust," says Phil Zimmermann, the very web that is the heart of any society or human network. The short form of the cypherpunk's obsession with encryption can be summarized as: Pretty good privacy means pretty good society.

One of the consequences of network economics, as facilitated by ciphers and digital technology, is the transformation of what we mean by pretty good privacy. Networks shift privacy from the realm of morals to the marketplace; privacy becomes a commodity.

A telephone directory has value because of the energy it saves a caller in finding a particular phone number. When telephones were new, having an individual number to list in a directory was valuable to the lister and to all other telephone users. But today, in a world full of easily obtained telephone numbers, an unlisted phone number is more valuable to the unlisted (who pay more) and to the phone company (who charge more). Privacy is a commodity to be priced and sold.

Most privacy transactions will soon take place in the marketplace rather than in government offices because a centralized government is handicapped in a distributed, open-weave network, and can no longer guarantee how things are connected or not connected. Hundreds of privacy vendors will sell bits of privacy at market rates. You hire Little Brother, Inc., to demand maximum payment from junk mail and direct marketers when you sell your name, and to monitor uses of that information as it tends to escape into the Net. On your behalf, Little Brother, Inc., negotiates with other privacy vendors for hired services such as personal encrypters, absolutely unlisted numbers, bozo filters (to hide the messages from known "bozos"), stranger ID screeners (such as caller ID on phones that only accept calls from certain numbers), and hired mechanical agents (called network "knowbots") to trace addresses, and counter-knowbots that unravel traces of your own activities.

Privacy is a type of information that has its polarity reversed; I imagine it as anti-information. The removal of a bit of information from a system can be seen as the reproduction of a corresponding bit of anti-information. In a world flooded with information ceaselessly replicating itself to the edges of the Net, the absence or vaporization of a bit of information becomes very valuable, especially if that absence can be maintained. In a world where everything is connected to everything -- where connection and information and knowledge are dirt cheap -- then disconnection and anti-information and no-knowledge become expensive. When bandwidth becomes free and entire gigabytes of information are swapped around the clock, what you don't want to communicate becomes the most difficult chore. Encryption systems and their ilk are technologies of disconnection. They somewhat tame the network's innate tendency to connect and inform without discrimination.