Date: Sun, 28 Aug 94 20:17:29 +0200
To: cypherpunks@toad.com
From: nobody@ds1.wu-wien.ac.at
Subject: crypto anarchy thoughts


-----BEGIN PGP SIGNED MESSAGE-----

Blanc wrote:

> list discussions do not altogether convince of the importance of
> using encryption as a matter of course or for the re-structuring of
> society.

True!  Encryption and athentication, which is probably all the crypto
that CommerceNet and further commercial transactions will use, is just
the tip of the crypto-anarchy iceberg.  And like an iceberg, most will
not see the light of day.

> The choice to use crypto is a little different from the sense 
> of wanting to use it from desperation; I think it is the 

True again, but then as another pointed out, you draw attention to
yourself if you reserve crypto usage for "important" times only.
Envelopes don't raise suspicion because nearly everybody uses them.

> One of the important issues regarding the use of encryption is not
> necessarily whether it is used or not as a matter of course, but
> rather the controversy over the source of the permission to use it as
> well as the imposed obligation to participate in self-incriminating
> applications of it.  i.e. do individuals have the sovereign right to

I don't understand exactly... for many of the various protocols, full
participation is necessary to avoid self-incrimination.  For example,
digital cash.  If you wind up using a credit card or writing checks
for everything, you lose any benefits.

> But they are not the only ones involved, and it is my understanding
> that not all future developments will be determined on this list.

Definitely!  This list is a clearinghouse of ideas only.  People can
write in and describe various theoretical concepts which are
interesting and fascinating to think about, but whose impact on
society will be left for science fiction to describe.

I'm not saying this is bad or undesirable.  Just that I beleive the
future will hold a fairly limited version of crypto anarchy.

Here's a scenario:

10 years in the future, PGP is a fully GUI based program at last.  It
supports drag-n-drop, all sorts of OLE type protocols, and is used
just once in a great while by most people, who don't really need the
security but once in a great while.

Authentication, on the other hand, is pretty big.  Companies regularly
handle business via networks and thus most have an email address where
they take orders, encrypted and signed of course.

There are more remailers, a few hundred, but most run in unsecure
environments by mostly students who think they're cool.  A few
commercial remailers were launched, but failed due to lack of
interest.  The few pay remailers operating are owned by rich hobbyists
who can spare a machine and an internet connection and don't care
about actually turning a profit.  But these don't get much traffic
since there are so many free remailers.

Digital cash never made it off the ground because credit card
companies are now held to stricter laws about disclosing account
information, and banks provide competitive debit cards and live under
the same disclosure laws (i.e. credit/debit cards good enough for
99.99999% of the people).  Furthermore, merchants are restricted from
culling purchase records to build dossiers on spending habits (or face
legal action), so manufacturers now rely on voluntarily supplied info,
usually by enticing customers with various benefits of "registering",
such as rebates, discounts, sweepstakes entries, etc.  Nobody cares
that digial cash preserves anonimity, because bank and stores aren't
interested, and customers want the extra benefits that stores offer to
add their name to their database.

For this reason, offshore banks don't fare too well since the digital
cash they issue generally isn't spendible.  It is convenient however,
if you need to transfer money from one account to another.  But you
have to go to a "money broker" who will exchange your digital cash for
spendible cash, and pay a transaction fee.

DC-nets are mostly theoretical, as simple versions are too easy to
disrupt, and disruption resistant versions are too complex.  Still, a
few exist, but don't run continuously - you have to post to alt.dc.net
and announce a time you would like to use one, and usually a few
people announce willingness to participate.  (As it turns out,
messages to alt.dc.net account for most of the anonymous mail
traffic generated.)

Data havens are another failed experiment.  Storage costs have
plummeted, making it cheap for people to just purchase their own
terabyte floptical and encrypt all the data they want to keep.  They
keep it nearby, making it more convenient to retrieve the data than
keeping it at a data haven.  A hacked version of PGP which accepts a
second plaintext is used to encrypt the data.  You specify two
passphrases, the real one which decrypts your data, and a second one
which decrypts your data to the plaintext you specify.  Thus you don't
care if you are caught with your data floptical, you can always
decrypt the contents to scanned in versions of "War and Peace" and
"Alice in Wonderland", etc.

How's that sound?


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLmDUBfFYvlqvuKtBAQHpJwP/ZW++0uQezy4SJvUU0c1idNjnAqTdVaAI
nHa1juO0IWwsvNGemspRZRS1UTwYrMBefdnWIF1JP0vZYb1tyGeDEPf2Se9+RGTH
aqGsTcbzjRKUJhwQWr61gFGk9TBOsdNbX05eTYNf/DHOdqI+bOmMGM4WO2D/YAt3
TFVTIPDxQd8=
=Si8r
-----END PGP SIGNATURE-----