At 8:38 PM -0400 4/12/00, Declan McCullagh wrote:
>At 15:07 4/12/2000 -0700, Tim May wrote:
>>First, we have seen a lot of political junk discussion here lately,
>>about the tired subjects of socialism, Microsoft, Nazis, and
>>(presumably) even Heinlein.
>>
>>Second, code is indeed preferable to rhetoric.
>
>Right. Cypherpunks has turned into a spam list, in which some 80
>percent of the posts are junk. Thoughtful folks have largely turned
>to some of the other c-lists or even (to a much lesser extent) one
>of the lists I run.
I don't participate in any lists which are "owned" by someone who
will potentially squelch certain topics. No Perrygrams for me, nor
Lewisgrams, nor Declangrams. No offense to any of the parties
named...I just don't like the notion that some essay I have spent
much time composing will be rejected as "inappropriate" or deemed to
be insufficiently technical.) I went through this when Sandygrams
were being mailed out to people who posted on "Denied Topics" and I
won't subject myself to it again.
For better or for worse, the Cypherpunks list has been set up so that
multiple nexuses (nexi?) of control exist, with no censorship or
moderation or removal of posts. This means that when RC4 is submitted
to the list, no company can get an injunction. (Nor can the imminent
publication of the Novell NDS authentication protocol be stopped.)
Which, sadly, means that an open mailing list is hit with about a
dozen or two dozen spam/advertising messages per day, plus numerous
"unsuscribe" and "unimbibe me" messages per day. And the rest of the
traffic seems to be of forwarded press releases or the crankish rants
of Jim Choate. Plus mostly unintelligible ramblings from Petro and
Reese.
BTW, I have nothing against technical discussions. But no one is
_stopping_ such technical discussion...such discussions just aren't
here, for whatever reasons.
(I'm currently spending most of my time on my "applied ontology"
project, first discussed a few years ago, involving design patterns
for transactions amongst mutually hostile/suspicious/greedy actors.
Mostly in Squeak, a kind of "Smalltalk version of Linux." Also,
"capabilities," a la E, except that I'm not yet convinced that
languages are the right place to move this security abstraction into.)
However, much of what passes for "technical discussion" is no such
thing. In fact, echoing what I presume Declan to be hinting at, we
have _gone backward_ from discussion of "interesting things" (like
data havens, timed-release crypto, information markets, and a dozen
other topics) and now spend much of our "technical discussion" time
discussing things like the AES...as if anyone _cares_ which symmetric
cipher is picked by the banks for a next generation symmetric cipher.
Fact is, the "cool" stuff is on the back burner. The hot topics of
today, technically, were old news in 1990. The exciting topics of the
mid-90s are no less possible, just not the focus of commercial
development. (More on "commercial development" later.)
(If the following paragraph appears _quoted_, it shouldn't have been.
Eudora Pro, version 4.3, has become ever so much more "helpful" about
making guesses about what it thinks I want to do. Backspacing into a
quoted section seems to mark the whole paragraph as quoted, and I
haven't spent time figuring out how to undo its guess!)
>This is part of a larger shift, which I can't fully explain, towards
>"policy" issues. Even the use of PGP has declined markedly. Seldom
>do we see signed posts, even more seldom to do we hear of uses of
>PGP. Integration into mailers is moving backwards, not forwards.
>Part of this may be due to the purchase of PGP by NAI, and the
>subsequent scattering to the winds of the various list members who
>once worked for PGP.
>I suspect it's because these subjects have become somewhat institutionalized:
>
>* Instead of obscure cypherpunk types writing in the early 90s about
>how governments will see their tax base wither because of
>jurisdictional arbitrage online etc., it's the top story
>(http://www.wired.com/news/politics/0,1283,35617,00.html) on news
>sites.
Indeed. And before people carelessly jump to the conclusion that
nothing we have done has mattered, or that we had no vision, they
should look to our messages from 1988-93 and see just how many of the
"bizarre" predicitons are now taken as obvious statements of the way
things are.
>
>* Instead of the government attempting to ban private use of crypto,
>a longtime cypherpunk fear, we've see increasing relaxation of
>rules. The Feds argue Bernstein can do whatever he wants
>(http://www.politechbot.com/p-00950.html), and we learned today the
>case has been derailed for years, as it goes back down to the
>district court for a rehearing.
I wouldn't count on this. The gubment has basically thrown in the
towell on a hopeless task: keeping strong crypto out of the hands of
foreigners when it can be bought for cash in thousands of retail
stores and just as easily downloaded from sites in many countries.
And we predicted this, too. We predicted that enforcement was so
utterly hopeless that only a massive police state could enforce bans
on strong crypto, could impose Clipper or KRAP as a requirement, and
could stop the inevitable spread of strong crypto. Some of us were
saying this at least 13 years ago. The current situation is not at
all surprising.
This doesn't mean that they can't or won't prosecute someone or some
company for exporting "Digital Moneylaundering" or some unapproved
software for some unapproved use.
>
>* Instead of digital cash taking over the world, we're all using
>credit cards. Cybercash has, I'm told, not just moved to credit
>cards, but it's even purchased a cash register -- yep, the meatspace
>kind -- company.
Digital cash was expected for transactions which _justify_ digital
cash. Using a complicated protocol for buying software online, for
example, is comparable to digitally signing grocery lists. What's the
point of using untraceable cash for buying software online if it
arrives via FedEx the next day?
This is part of why Chaum's focus on "customer untraceability" is so
uninteresting.
>
>* Instead of Zero Knowlege, the company that wanted to be as
>cypherpunkly as possible, doing the right thing, it still has not
>released source code, it has acquired exclusive rights to key
>patents and said it will not license them freely, and it has not
>implemented (last I checked) basic features like link padding in its
>technology.
See above. They are going after mass market users, and most mass
market users are just not very interested in security. Very few are,
actually. It takes extremely sensitive uses to justify codes and
ciphers, or Swiss bank accounts, or their Cypherpunk equivalents.
99.8% of ZKS's potential users probably have zero knowledge of
crypto. Those that remain, like the child porn trading circles,
understand that ZKS will cut them off at the knees at the first signs
of any complaints--from Austin's own promises--and hence they have no
real interest in a watered-down ZKS sort of system.
Given that ZKS is not catering to the crypto-aware tiny minority who
currently _need_ (or _think_ they need, or _recognize_ that they
need) untraceable communications, I expect they'll have a tough row
to hoe ahead of them in getting customers. After the initial flurry
of "Ain't this cool!?!" untraceable messages, most will not be
willing to pay much beyond ordinary ISP monthly rates for this
ability to communicate untraceably.
Now if they were to offer truly unbreakable, uncompromisable,
no-nexus-of-control systems for doing interesting things, they might
gain a core base of users.
Their unwillingness to make their source code available, and the
their very visibility to the RCMP and Montreal authorities, etc.
etc., means that very few controversial or interesting uses will be
made of Freedom. Or so it seems to me. (I hope I am wrong, actually.)
>
>* Instead of intelligent discussions about cutting-edge topics, we
>get Jim Choate.
And Petro and Reese and Phill. And Frondeur. And Vulis and VZNuri.
>Some of the cypherpunkly goals have succeeded; online privacy is
>certainly all the rage. Yet the responses seem so, well, weak, like
>enonymous.com's quaint but seriously flawed rating scheme.
>(http://www.wired.com/news/print/0,1294,35587,00.html)
Lots of snake oil out there. Like all those ciphers we used to see,
and still see.
>And now much of the focus is on corporate misbehavior, such as
>Doubleclick. At last week's CFP conference, everyone was nattering
>about how Big Brother is the corporation, or employer, or credit
>bureau, something that cypherpunks do not have a detailed response
>to (except let contract law sort it out, which is reasonable, but
>not satisfying enough for those who fear the unknown, or the chaos
>of the marketplace). Privacy International at CFP passed over the
>NSA to give its "lifetime achievement award" to some obscure credit
>bureau. Congress is holding hearings this week on a federal privacy
>commission, which would primarily regulate the private sector.
>(http://www.mccullagh.org/cgi-bin/photosearch.cgi?name=privacy+commission)
There are many reasons for this. People think distrusting government
is "paranoid," but distrusting Microsoft is...natural. They don't
"get" the fundamental issue of compelled transactions vs. voluntary
(if flawed) transactions. Basic Hayek 101 stuff, but they just don't
get it.
And so we see the "New Theoreticians" of the list arguing against
free markets. Tom Vogt, Aaron, Choate, and many others. It's quite
hopeless.
Even if some of us had the time to try to correct their political and
economic errors, such an education effort would fall on deaf ears.
And would be hated by other list members.
Fact is, when the list was young, it was an attractor for folks with
basically libertarian views. These days, it is increasingly just a
"cool" (ha ha, as it isn't) place for young kids to hang out.
I know I'm getting older, but I swear that the average age of the
attendees at physical meetings is getting younger faster than I'm
getting older!
(As a side note, at the last physical meeting I went to, I recognized
at most a handful of the folks. Most were unknown to me. And they
certainly don't appear to be contributing to the mailing list. This
disconnect is for multiple reasons. Partly the degeneration of the
list, partly other reasons.)
>
>That's just a symptom of the increasing bureaucratization -- if
>that's even a word -- of the Net. We all know about Microsoft hiring
>Ralph Reed
>(http://news.bbc.co.uk/hi/english/business/newsid_709000/709254.stm)
>to lobby George Bush. That may be interesting for political types,
>but it's about as unremarkable from a cypherpunkly perspective as
>Netscape hiring Bob Dole as a spokescritter, as they did a few years
>back. James Glassman has written that "the environment that helped
>produce the high-tech boom -- low regulation, low taxes, minimal
>government intervention and a low level of corporate rent-seeking --
>is changing profoundly," and maybe he's right.
>(http://www.politechbot.com/p-01067.html)
Also, the commercialization of the Net. When we started, crypto was
so obscure as an interest area that almost everyone needed to be
educated. Few were employed by the couple of crypto companies (RSA
and Cylink, both small).
Over the years, many list members and physical meeting attendees have
gone on to work at the many crypto/signature companies, or to work on
crypto projects at various companies. (I won't presume to make a list
here, but it's quite an interesting list...)
Here's my take on this: the Cypherpunks _physical_ meetings have
become a kind of monthly coffee klatsch for Bay Area crypto workers.
In short, a professional networking meeting. No different from a SIG
or User Group. Cypherpunks could quite easily be renamed "Bay Area
Crypto User Group" and probably be even more well-attended.
Established companies send spokesbimbos to give a boring talk on
KryptoSign Version 2.5, lawyers come in to give an update on some
legal case wending its way through the courts (DeCSS, or whatever,
Bernstein, Karn, Junger, etc.), and policy wonks are invited to give
their positions.
Not even a lot of code gets talked about. (Which is not too
surprising, as very little code is actually being written by anyone.
At least not outside of their jobs at Verisign, or QCert, or
wherever. I'm not criticizing anyone, just noting the reality of the
situation.)
There's nothing _wrong_ with Cypherpunks becoming a kind of monthly
networking group, a place to find employment prospects and to recruit
programmers, but it sure isn't what we had in mind back in '92. The
more things change....
>
>Tim wrote a few years back -- there's no date, but I'm guessing 1995
>-- "Untraceable digital cash is here. It will become easier to use
>and more established in the next several years."
>(http://www.privacyexchange.org/iss/confpro/cfpuntraceable.html) He
>may well turn out to be correct sometime in the future, but there's
>scant evidence of it so far.
>
>"It's going to be an exciting world," Tim wrote.
>
>Not yet.
>
No, not yet.
I don't recall the context of the quoted comments from me. I used to
write a lot of things, some negative, some positive.
At times I have thought we were on the verge of a new era, other
times I have despaired.
Right now I'm trying to focus on things I can do something about.
Though I occasionally fire off a short article or blast someone for
stupid or socialistic comments, mostly I just don't care. If Phill
and Aaron and Tom Vogt think the list is about using cryptography to
free the worker from the yoke of capitalist oppression, good for
them. Their stupidity is its own reward. I'd rather read Kent Beck's
latest book, or Chamond Liu's book on objects, or think about
capabilities and patterns and persistent distributed objects.
Oh, and watch my investments.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
