Date: Sun, 28 Aug 94 20:17:29 +0200 To: cypherpunks@toad.com From: nobody@ds1.wu-wien.ac.at Subject: crypto anarchy thoughts -----BEGIN PGP SIGNED MESSAGE----- Blanc wrote: > list discussions do not altogether convince of the importance of > using encryption as a matter of course or for the re-structuring of > society. True! Encryption and athentication, which is probably all the crypto that CommerceNet and further commercial transactions will use, is just the tip of the crypto-anarchy iceberg. And like an iceberg, most will not see the light of day. > The choice to use crypto is a little different from the sense > of wanting to use it from desperation; I think it is the True again, but then as another pointed out, you draw attention to yourself if you reserve crypto usage for "important" times only. Envelopes don't raise suspicion because nearly everybody uses them. > One of the important issues regarding the use of encryption is not > necessarily whether it is used or not as a matter of course, but > rather the controversy over the source of the permission to use it as > well as the imposed obligation to participate in self-incriminating > applications of it. i.e. do individuals have the sovereign right to I don't understand exactly... for many of the various protocols, full participation is necessary to avoid self-incrimination. For example, digital cash. If you wind up using a credit card or writing checks for everything, you lose any benefits. > But they are not the only ones involved, and it is my understanding > that not all future developments will be determined on this list. Definitely! This list is a clearinghouse of ideas only. People can write in and describe various theoretical concepts which are interesting and fascinating to think about, but whose impact on society will be left for science fiction to describe. I'm not saying this is bad or undesirable. Just that I beleive the future will hold a fairly limited version of crypto anarchy. Here's a scenario: 10 years in the future, PGP is a fully GUI based program at last. It supports drag-n-drop, all sorts of OLE type protocols, and is used just once in a great while by most people, who don't really need the security but once in a great while. Authentication, on the other hand, is pretty big. Companies regularly handle business via networks and thus most have an email address where they take orders, encrypted and signed of course. There are more remailers, a few hundred, but most run in unsecure environments by mostly students who think they're cool. A few commercial remailers were launched, but failed due to lack of interest. The few pay remailers operating are owned by rich hobbyists who can spare a machine and an internet connection and don't care about actually turning a profit. But these don't get much traffic since there are so many free remailers. Digital cash never made it off the ground because credit card companies are now held to stricter laws about disclosing account information, and banks provide competitive debit cards and live under the same disclosure laws (i.e. credit/debit cards good enough for 99.99999% of the people). Furthermore, merchants are restricted from culling purchase records to build dossiers on spending habits (or face legal action), so manufacturers now rely on voluntarily supplied info, usually by enticing customers with various benefits of "registering", such as rebates, discounts, sweepstakes entries, etc. Nobody cares that digial cash preserves anonimity, because bank and stores aren't interested, and customers want the extra benefits that stores offer to add their name to their database. For this reason, offshore banks don't fare too well since the digital cash they issue generally isn't spendible. It is convenient however, if you need to transfer money from one account to another. But you have to go to a "money broker" who will exchange your digital cash for spendible cash, and pay a transaction fee. DC-nets are mostly theoretical, as simple versions are too easy to disrupt, and disruption resistant versions are too complex. Still, a few exist, but don't run continuously - you have to post to alt.dc.net and announce a time you would like to use one, and usually a few people announce willingness to participate. (As it turns out, messages to alt.dc.net account for most of the anonymous mail traffic generated.) Data havens are another failed experiment. Storage costs have plummeted, making it cheap for people to just purchase their own terabyte floptical and encrypt all the data they want to keep. They keep it nearby, making it more convenient to retrieve the data than keeping it at a data haven. A hacked version of PGP which accepts a second plaintext is used to encrypt the data. You specify two passphrases, the real one which decrypts your data, and a second one which decrypts your data to the plaintext you specify. Thus you don't care if you are caught with your data floptical, you can always decrypt the contents to scanned in versions of "War and Peace" and "Alice in Wonderland", etc. How's that sound? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmDUBfFYvlqvuKtBAQHpJwP/ZW++0uQezy4SJvUU0c1idNjnAqTdVaAI nHa1juO0IWwsvNGemspRZRS1UTwYrMBefdnWIF1JP0vZYb1tyGeDEPf2Se9+RGTH aqGsTcbzjRKUJhwQWr61gFGk9TBOsdNbX05eTYNf/DHOdqI+bOmMGM4WO2D/YAt3 TFVTIPDxQd8= =Si8r -----END PGP SIGNATURE-----