[10258] daemon@ATHENA.MIT.EDU (Timothy C. May) Cypherpunks 03/09/94 21:13 (327 lines) Subject: The Coming Police State Date: Wed, 9 Mar 1994 18:02:30 -0800 To: Cypherpunks@toad.com From: tcmay@netcom.com (Timothy C. May) An alarmist title? Perhaps. But likely accurate. Since the theme of the upcoming Cypherpunks meeting on March 12th, with sites around the world tied together, is "politics" and since Eric Hughes has encouraged "rants," I'm making these comments now. The war is upon us. All _three_ of the major U.S. weekly news magazines have articles on cops in cyberspace, the threat of Clipper, and the fast computerization of the surveillance society. Books are being written on crypto issues (beyond the excellent Schneier book, I mean), and the issues have resonance amongst a skeptical public. Strange bedfellows, ranging from Pat Robertson and Phyllis Schlafly to civil libertarians on the other side have come out against Clipper. (I suspect had Bush won, Robertson and Schlaffly would be much quieter about Clipper, just as many Democrats are being somewhat circumspect in their criticisms of Clipper today. People need to realize this issue cuts across all party lines. Ditto for non-U.S. people as well, despite the U.S.-centric focus of these comments.) The Cypherpunks fill an important niche that none of the other major groups wants to--or are able to--fill. The EFF, CPSR, and ACLU have different skills than we have, have more money (we have _none_, of course, as an organization), and are mostly "centralized lobbying" groups (all are headquartered in Washington, D.C.). Cypherpunks are scattered around the world, with only this mailing list and the physical meetings creating any real nexus. By default, of course, the Bay Area has tended to dominate, in raw numbers, in physical meetings, and in the early history of the list, but hopefully this will change as the Cypherpunks continue to grow and as other sites become more active in their chose areas of expertise. And the Cypherpunks mailing list has an interactive mailing list filled with some of the world's best cryptographers and security experts (you know who you are), and several hundred creative folks, many of whom actually write code! Plenty of problems face us, but we have plenty of talent, too. And of course we have justice and the inevitability of technology on our side. IS A POLICE STATE REALLY COMING? "Not if we can help it," of course. But right now things look pretty grim. George Orwell got it mostly right, even in choosing a corporatist model of Britain as the setting instead of the more-expected Stalinist models of the time. (I'm an anarcho-capitalist, personally, so I have nothing against corporations _per se_. But I despise the situation of "state socialism," which is what fascism really is, in which corporations are given special rights and responsibilities in exchange for being supported or selectively rewarded by the State.) In the U.S. at least (and more on Europe and Asia later), the cyberspatial police state is no longer associated with just one political party. The Clipper program and Digital Telephony were started under the Reagan (probably_ and Bush (for sure) administrations, and now the Clinton and Gore folks have shown themselves to be enthusiastic supporters of Big Brother. The National Health Care program, perhaps temporarily stalled on a side street by the current Whitewater/Hillary circus, may have implications for this police state that are unclear....national ID cards, FinCEN-type monitoring of alcohol and tobacco purchases, even biometric identity systems. And the National Information Infrastructure, the NII, has the potential for further concentrating and regulating the presently anarchic networks. Driver's licenses for the information highway? Learner's permits? Revoked licenses for "hurtful speech" and other thoughtcrimes? WHAT ARE WE FACING? -- Digital Telephony II for easy access to _all_ communications channels. If this becomes law, expect all equipment makers to add wiretapping capabilities. All operating system makers may have to add tap points to allow government access (so much for "secure operating systems," such as Norm Hardy and others are working on). -- Clipper and its Big Brethren for easy access to the contents of files. The State will use its power to enforce standards, control exports, and punish corporations so as to ensure competitors do not arise. -- The likely criminalization (via civil forfeiture, a la the Drug War) of unapproved crypto alternatives. (As Whit Diffie has noted, this will not completely stop unapproved use, but will force it underground and marginalize it, causing most folks to so fear prosecution and forfeiture of their homes and companies that they'll avoid unapproved crypto and will help narc out others.) -- Expansion of these tools to other "New World Order" nations, including rapidly-developing systems in Germany, France, Britain, Japan, and other countries. (Reports of "family keys" being prepared for these countries, of restrictions on private use of crypto already in place in some of these countries, and of positive reaction to the American Clipper system.) -- The State getting involved in the "Digital Superhighway" increases the potential for licensing, control, speech codes, etc. For example, one can imagine "fair access" laws which ostensibly make getting on the Net easier and cheaper (not really, of course) but which come with strings attached. Limitations on pseudonyms, restrictions to only RSA-approved public keys (cf. a frightening proposal by Carl Malamud to "nationalize" public-key technology and then give every citizen his own public key...such a system would destroy most of the exciting possibilities some of us foresee and would create a complete surveillance market--this is just one possible future being bandied about by the technocrats and "policy wonks"). (I know some List members, especially those connected with the EFF, have a more charitable view of the NII. But even Mike Godwin has quipped about the "Digital Snooperhighway.") So, is it all hopeless? WHAT COULD DERAIL THE CYBERSPACE POLICE STATE? 1. Defeat of the Digital Telephony Bill. Groups like the EFF and CPSR effetively stopped the first attempt, but a new one was recently unveiled. In many ways, much worse than the first one. This one has to be stopped as well! (In general, all readers of this List should be signing the various petitions that come along, including the "I oppose Clipper" and "I support the Cantwell Bill" ones. You should make your own decisions, of course, but it is hard to imagine that any of you would be opposed to these sentiments. The key is to to make sure a significant fraction of you 700-800 readers sign these petitions! That's a hefty voting bloc, and would give Cypherpunks some additional respect or influence amongst the petition circulators.) 2. Work closely with EFF, CPSR, and other groups (ACLU?) in their efforts to stop these developments. Being that many of us know a fair amount about crypto, security, and computers, we could provide technical assistance to these organizations. (The Washington, D.C. group could, as we have often discussed, have an especially beneficial effect on the debate, as Congressional staffers could be brought up to speed by Cypherpunks in the area. Be sure to concentrate equally on Republicans and right wingers as on Democrats and left wingers!) (In my opinion, our "outlaw" image continues to serve us well. While the "suits" talk to Congresscritters, there's still a role to be played for more guerilla-oriented folks such as ourselves. Sure, there's a downside, and not all are comfortable being portrayed as "anarchists" or "cypher criminals," but that's how we got started--not that we are all either anarchists or criminals!--and there's been little pressure to change. For now, it lets us play a kind of "good cop-bad cop" game....or, "hybrid vigor," with the Cypherpunks filling a different niche than the suits of EFF and CPSR fill.) 3. Widespread repudiation of the Clipper program and its evil Big Brethren, the Capstone, Skipjack, Tessera, "iPower," and related technologies. We talk about Clipper a lot here, and about ways to defeat it, so I won't go into this here. 4. Active sabotage, to include: - Boycotts of AT&T for building Clipperphones, of VLSI Tech for building the Mykotronx chips, of National Semiconductor for building the "iPower" PCMCIA card, and of others who are becoming known for being involved (more on this later, when I am liberty to say more). (My old company, Intel, is a 20% owner of VLSI Tech, actual manufacturer of the Clipper chip--draw your own conclusions.) - "Big Brother Inside" stickers. Thanks to the several of you who actually got these stickers _made_....it was at the special meeting last April that I drew this logo on the whiteboard and then did a posting of the ASCII design. While I will not encourage you to surreptitiously place these stickers on boxes containing the products of the aforementioned companies, let your conscience be your guide. Wink. - Ridicule and "psychological warfare." I upset a few people when I called this "disinformation" a while back. I don't mean actual lies, but, rather, *creative speculation* and the sowing of doubts in people's minds. For example, most of us (safe to say, I think) understand that the real danger, the real threat, of Clipper is the imminent outlawing of alternatives to Clipper. We understand this even though the "facts" on Clipper are nominally that Clipper will be "voluntary." We "know" this is not so, both in terms of reasonable historical projections and in terms of the already-developing policies on exports which will make non-Clipper schemes much harder to export than Clipper. Hence, we need to "fill in the gaps" for people and point out to them that crypto alternatives to Clipper are likely to be banned or otherwise made nearly impossible to use. This banning may happen in various ways, ranging from outright bans on non-escrow crypto methods (yes, enforcement difficulties abound) to use of RICO and conspiracy laws to effectively make alternatives to Clipper too difficult to use--how'd you like to face subpoena of your bank records or IRS visits everytime a non-Clipper crypto scheme was detected? (IRS is understaffed, so this won't be trivial, but other things may be possible.) - Help to convince companies _not_ to use Clipjacked phones. Ideally, create a mood in which the use of Clipper marks one as a stooge of Big Brother and as not having a good work environment. (This can begin to work as potential hires ask pointedly, for example, about the Clipper policy of the company.) - Talks with journalists. We can reach far more people this way than by nearly anything else we do. Steven Levy will be at the Saturday meeting, preparing both an article on these issues, and a book for future publication (being an optimist, even I don't believe he'll be barred from publishing such a book). Other journalists are similarly interested. And the coverage by the major news magazines and newspapers is increasing, as noted above. WHAT ELSE CAN WE DO? - Increase deployment of crypto tools. Get the genie _all of the way_ out of the bottle. Make outlawing crypto too painful. Integrate PGP with standard mailers (a project that's been stalled for more than a year now). - Voice PGP or similar. A half-dozen projects are reportedly in various stages of completion. 486 PC prices are dropping into the noise, so that even dedicated Mac users (like me) can consider buying a 50 MHz or better 486 box and using it with a SoundBlaster-type processor card. But when will these systems actually appear? Time is of the essence. - New systems. I've said it before: we had some early wins with the Cypherpunks remailers, but follow-ons have been slow in coming. We often see a spate of good ideas--such as on digital money, or steganography, or the like--but then these ideas don't become "standards." This could be for a variety of reasons, so I'm not casting stones here. But it's a phenomenon we should think about and try to resolve. Let's find a way to get more "outposts" in cypherspace built, deployed, and maintained. Voice PGP, as mentioned above, would be a natural one. - Remailer sites in non-U.S. countries. This needs to be a higher priority. Get a robust remailer, using PGP or ViaCrypt PGP (for bulletproof legality reasons), in at least a dozen countries. Digital postage will help incentivize remailer operators to get into the business, to maintain the systems in a less-lackadaisical way (no offense, but seeing remailers drop like flies as student accounts expire or vanish mysteriously is not confidence-building). The "second generation remailer" stuff needs to be incorporated at least partly. - Private networks, like Little Garden, offer greater robustness against intrusions by regulatory authorities. The more of these ad hoc, anarchic nets, the less chance the State will have of (somehow) nationalizing or otherwise taking control of them. Especially if nodes are outside the U.S. - Several of us have expressed some serious interest in leaving the U.S., for various reasons. I am one of these folks. Many issues here, but creating more offshore locales for Cyperpunks activity, with good connections to other Nets, lots of encryption, etc., will be helpful. (Compiling a kind of "Cyberspace Retirement Places Rated" database is one project I am thinking of taking on after I finish the Cypherpunks FAQ. Lists of various places, their local laws and policies, tax situation, extradition treaties with the main police states, Net connections, etc. Maybe even some R&D trips down to the Caymans, Turks and Caicos Islands, Belize, etc. Contact me if interested.) - "Active Measures." More covert efforts to disrupt Clipper-type activities. Use your own imagination here. - Research the deep and disturbing links between various government programs. FinCEN and the siphoning-off of S&L funds by CIA proprietaries, the NSA's economic intelligence units and the surveillance of business dealings, the infiltration of Silicon Valley companies by government "sheep-dipped" agents, the links between the NSA and the German Bundesnachrichtendienst, the links between the Witness Protection Program and the three main credit reporting agencies (to falsify credit records, to hide assets, etc.). Granted, some of this stuff borders on "conspiracy theory" (a hobby of mine, perhaps unsurprisingly). But a lot of it is substantiated, if one knows where and how to look. James Bamford has been quoted as saying that he could fill an entire new book with the machination of the Surveillance State. And a lot more.... CONCLUSIONS We are at one of those important cusp points in history. The technologies of networks and of encryption make it very easy for exciting new structures to develop (cryptoanarchy, privacy, transnational entities, persistent organizations, anonymous systems, digital banks). But the same technologies make it possible for a cyberspatial police state to develop. The race is on. Some on this list (sometimes me, too) say "We've already won." Duncan Frissell and Sandy Sandfort often point out just how unenforceable the existing laws are, how few people comply with the tax laws, and how the internationalization of commerce has made national borders into permeable membranes. As I like to say, in my .sig, "National borders are just speed bumps on the information highway." But there are dangers of a repressive crackdown brought on by these new technologies, or as a _result_ of them. National ID cards like the "baby blue" cards the French are preparing, could allow checkpoints at all points-of-sale terminals (gotta collect sales tax, you know), monitoring of health status, and all sorts of other "security state" (both sense of the word) accouterments. The long-rumored "ban on cash" could occur, with draconian penalties for illicit cash (tax-avoiding!) transactions...confiscation of property works well here. (Some of the very same things that the crypto enthusiasts advocate, like ATMs tied to offshore bank havens, could actually be the reason cash is banned. That is, maybe they can't stop you from accessing your Bank of Caicos account, but they sure can try to make it hard for you to spend you CaicosCredits!) Who will win? I hope we will. But even the optimists--in whose camp I place myself--must surely concede the victory will not come without effort. We Cypherpunks may be remembered by generations hence as the MinuteMen of this revolution. --Tim May, who hopes to see many of you, physically or virtually, at the Saturday meeting. .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."