--- begin forwarded text
Status: U
Date: Sun, 27 Jan 2002 10:30:20 -0800
Subject: Crypto Winter (Re: Looking back ten years: Another Cypherpunks
failure)
From: Tim May [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
x-flowedSome thoughtful ideas on the current situation (what I have
called the
Crypto Winter). A few comments:
On Saturday, January 26, 2002, at 09:55 PM, Dr. Evil wrote:
We know that some kind of privacy-enhanced payment system has been one
of the long-time c'punk goals, probably for at least ten years. We
know that we are probably further away from having that be a reality
than we were ten years ago. This is excusable; the obstacles are
enormous. You need a lot of people to use it before it's useful, and
there are all kinds of regulatory problems. And there are a whole
list of other problems, too.
I somewhat disagree. The obstacles to widespread acceptance (of
_anything_) are enormous, but the obstacles to experimental deployment
for specialized uses (Napster-like trading, porn, remailer use) are not
great at all. Pr0duct Cypher and others got Magic Money/Tacky
Tokens/etc. out in what was probably a period of a few months' worth of
effort. (PC may have been working for years on it, but this seems
likely. Digital cash was the topic and MM/TT appeared during the
discussion...circa 1993, IIRC.)
First we change the world is not a good business model. New
technologies and methods often spring out of unforeseen needs and
technologies. An interesting Harvard Business School type of study would
contrast the long and slow growth of Diner's Club and Carte Blanche
versus the effective complete replacement by BankAmericard (later Visa)
and MasterCard beginning in the late 1960s. Way too many folks in the
crypto/digital cash community are aiming for penetration similar to Visa
and Mastercard. It may happen, but not with a) experimental technologies
and protocols, b) by planning by a bunch of small companies. A
full-scale launch by a very large and well-funded company _might_
work, but probably not. (There's that nagging How do we convince Joe
Sixpack to learn to manage keys and to use untraceable forms of digital
cash? A facet of First we change the world. Bah.)
I agree that facing regulatory obstacles head on is a lose, lose, lose.
Ain't gonna happen. Even the well-funded launch above would never get
approval for truly untraceable forms of digital cash. All of the
recent trends toward fighting terrorism, war on drugs, currency
control, etc. tell us the regulators will never accept untraceable
digital cash (even though physical cash is grandfathered in...they will
outlaw it when they think they can get away with it).
This is presumably why Chaum watered-down his earlier digicash scheme to
make it only one-way untraceable/unlinkable.
One of the other c'punk goals was encryption all over the place.
Seems reasonable, right? This Internet thing was just starting to
take off. Free open-source OSes like Linux were coming out.
Encryption everywhere was well within reach.
My guess is that PGP went off the track when it tried to get PGP
integrated into various platforms and applications. Things were a lot
easier when PGP simply took a text file and did things to it. The
processed text file could be from a text editor or the clipboard (on
various platforms) and could then be pasted into or cut out of a mail
app, a word processor, etc. A few extra steps, but the orthogonality
principle was upheld: PGP was just another modification of text, a form
of writing. What the user _did_ with the text was up to him and was not
of any concern to PGP qua PGP.
Alas, the battles to integrate PGP with Pine (or with Eudora, or
Outlook, or Outlook Express, or Entourage, or ) and all the crap
about checking signatures (which is almost never needed for most of
us, for reasons discussed many times), and the general bloat of
providing hooks to various OSes, various mailers, various browsersit
all resulted in the predictable.
(What did those 200+ staffers at NAI's PGP division actually _do_? Some
have told me that this 200+ figure referred to teh entire crypto tools
division. Maybe. But PGP lost a lot when it went corporate and lost its
simple focus. More on GPG in a moment...)
Here's my own personal situation. Now I don't make a claim to being a
software guy (I'll avoid the hateful term geek). I like software, I
use it, I read about languages and OSes, I like Smalltalk and
Lisp/Scheme and suchlike, I have a project brewing on actors/agents and
money/instruments, I follow E and capabilities, and so on. But I don't
run a Unix box (well, OS X is now a full-fledged Unix box, being based
on FreeBSD, OpenBSD, Mach, NeXTStep, etc.).
But some years ago PGP just became too difficult to use regularly. I
would install 2.0. 2.1,...5.5, 6.1, whatever, and would even buy the
PGP for Personal Privacy CD-ROM ($40). Then something would break, and
PGP plug-ins would no longer work