Part Three’s Notes
Before Bitcoin is a series which aims to give you a historical perspective of cryptocurrency’s technology and philosophy. This is Part Three of the series. If you haven’t read the previous sections, it is highly recommended that you do so…
Part One: 1970s, Part Two: 1980s
In Part One, I wrote about the origins of public key cryptography and the story of it’s creators: Martin Hellman, Whitfield Diffie and Ralph Merkle. Their work would spark the first big wave of public interest into cryptography.
Part of the first wave was a cryptographer known as David Chaum.
In Part Two, I explored Chaum’s continued work on public key cryptography and his research on anonymous communications, payments and decentralised services. His ideas would be adopted by the cypherpunks movement, a group of people that would later create the concept of Bitcoin and cryptocurrency.
Part One and Part Two pats the contextual ground of Part Three which will explore the formation of the cypherpunk movement in response to the government’s violations of personal liberty. This movement would go on to later create TOR, Bit Torrent, Wikileaks and Bitcoin. Understanding the cypherpunks will lend a retrospective view of Bitcoin and it’s meaning as a technology.
Continuing on from the 80s
During the 80s, technology, software and computing made massive strides.
In 1982, Adobe, Autodesk and Sun Microsystems were founded.
In 1983, Intuit was founded and Microsoft Word was released.
In 1984, Cisco was founded, Dell was founded, Microsoft Word was released and Hewlett Packard released their first inkjet printer.
In 1985, AOL was founded. In 1987, McAfee Anti Virus was founded.
In 1989, Adobe’s Photoshop 1.0 was released and Apple broke into the top 100 US companies, ranked by revenue.
While the world of tech shot ahead, other areas of life, law and society failed to keep up. The wild west of the internet was soon ruled by hackers with usernames that even 12 year olds of today, would cringe at. Criminals were becoming increasingly sophisticated through technology while the US government had remained recklessly clueless.
Agent Baxter & the legendary Star Wars Defense Contractor: Autodesk
In early April 1990, a rock band lyricist named John Perry Barlow received a call from the FBI asking for an ‘interview’. He was an early user of the internet and was part of many online communities. And while he didn’t know why the FBI had contacted him, he thought it would be suspicious to turn down their request.
A few days later, Special Agent Richard Baxter from the Federal Bureau of Investigations, turned up at his doorsteps. Barlow was accused of being a part of the hacker group called NuPrometheus where they had distributed stolen Macintosh ROM source code. Despite Agent Baxter producing little evidence of his allegations, Barlow soon realised that he could not get through to Agent Baxter.
Since this was a crime involving software and technology, you would probably assume that someone half competently knowledgeable would be sent to investigate Barlow. Apparently, no. According to Barlow…
“complicated by Agent Baxter’s fairly complete unfamiliarity with computer technology. I realised right away that before I could demonstrate my innocence, I would first have to explain to him what guilt might be”.
The interrogation dragged on for three hours…
“He had been told, for example, that Autodesk, the publisher of AutoCAD, was a major Star Wars defence contractor and that its CEO was none other than John Draper, the infamous phone phreak also known as Cap’n Crunch. As soon as I quit laughing, I started to worry.”
Similar to how a dad might initially laugh at his clumsy moron of a son, as Barlow sat there, he soon started to worry for the future of America. At that moment, he realised how the confusion of Agent Baxter and the rest of the government might put everyone’s rights and freedoms at risk.
After three hours of beating a dead horse, Special Agent Richard Baxter had let him go. Barlow posted his experience onto WELL, the world’s first online community forum. Created in 1985, it was where the hipsters of yesterday hung out.
Not long after, he was contacted by another member who had a similar experience. That member was Mitch Kapor, a software kingpin of the 80s. He was the founder of Lotus, a company that made note taking software and had in the last decade, released the first spread sheet software. Lotus would later be acquired by IBM for $3.5 billion in 1990.
Kapor was also accused of the same crimes committed by the hacker group NuPrometheus. He was also very alarmed by the FBI’s lack of understanding with software and technology. If the Authorities didn’t understanding it, how could they respect the rights come with it?
Within a week, Kapor had flown over to meet with Barlow. As a snow storm raged outside Barlow’s office, they talked about their experiences as well as the recent Secret Service raids of Operation Sun Devil.
Operation Sun Devil was part of the Clinton Administration’s law enforcement effort targeting cyber crime. Earlier in January, they had released a public statement announcing it:
“Our experience shows that many computer hacker suspects are no longer misguided teenagers mischievously playing games with their computers in their bedrooms. Some are now high tech computer operators using computers to engage in unlawful conduct.”
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall be issued but upon probable cause, not without support by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
This roughly translates into: “To fight crime, we can now do anything we want. But hey! We will try to not violate and abuse anyone…”
One of the first targets of Operation Sun Devil were a hacker group known as the Legion of Doom. And soon after, the members known as Acid Phreak, Phiber Optik, and Scorpion were raided. Accused of hacking phone systems, the Secret Service kicked down their doors and turned their house upside down. Their computers were confiscated along with books, notes telephones, audio tapes and other suspicious electronic equipment. Barely 18 years old and still living at home, their families were also subjected to police treatment.
Near the end of their discussion, Barlow and Kapor, they both realised the complete overstep of their civil rights and knew that something needed to be done to defend them.
Beginning of the Electronic Frontier Foundation
Wealthy from his ventures, he agreed cover all legal costs and defend the hacker’s case. Within a week, Barlow and Kapor were in New York setting up the legal team for the three teenagers. They decided to work with RBSKL (Rabinowitz, Boudin, Standard, Krinsky & Lieberman), the law firm renown for defending civil liberties. The day after, Acid Phreak, Phiber Optik, and Scorpion would walk into the RBSKL’s chambers to become the first cyber conflict of the 90s.
After doing so, a journalist reached out to followup on Barlow’s experience with the FBI. During his phone call with the journalist, Barlow happened to talk about his efforts with Kapor in defending the hackers. Unexpectedly, several days later the newspaper headlined:
LOTUS FOUNDER DEFENDS HACKERS
The headline stormed the public and soon went viral. Steve Wozniak, the co-founder of Apple, reached out and jumped onboard as an advisor, agreeing to give unlimited funding to the legal efforts of Kapor and Barlow. Along side Wozniak, they were joined by John Gimore, a tech entrepreneur.
Gilmore was known as a trouble maker with a hobby that included annoying the NSA. Just the year before in 1989, he had leaked a NSA-banned cryptography paper. During his career as a self-taught programmer and Sun Microsystem’s fifth employee, he was known to “never take on a job unless he was convinced it was the right thing to do”. Rich from Sun Microsystems stock options, he spent the latter half of the 80s, hosting the alt forums, known for being a place where “anarchists, lunatics and terroists” hung out. More recently in 1989, he had started up a company called Cygnus Support to pursue his passions: freedom of speech, freedom of software and freedom of encryption. As an anarchist and freedom fighter, the group of Barlow and Gilmore represented what he believed in.
Soon after the publicity, they learnt of the raiding of Steve Jackson Games. Similar to the three hackers, the games company had their whole office confiscated by the Secret Service. At the time, Steve Jackson Games was making a video game titled: “Cyberpunk”, which the CIA believed to be a “handbook for computer crime”. The Secret Service looked through all their emails and had even deleted many as reported by the company. The Secret Service were recklessly out of control and had no concept of digital rights.
On the 8th of June, 1990, Barlow released his iconic paper, “Crime & Puzzlement”. He writes about everything that has happened leading up to the involvement of Kapor, Wozniak and Gilmore and the defence of the three hackers.
“America was entering the Information Age with neither laws nor metaphors for the appropriate protection and conveyance of information itself.”
Feeling the need for a formal organisation to fight against injustices, at the end of the article he reveals the formation of the Electronic Frontier Foundation (EFF), an organisation that would “raise and disburse funds for education, lobbying, and litigation in the areas relating to digital speech and the extension of the Constitution into Cyberspace”.
Word of the EFF travelled fast and to Barlow’s surprise, he had touched upon an issue which received overwhelming levels of public acknowledgement. The Steve Jackson Games case would go on to set historical precedent and categorise electronic mail along with voice calls where a warrant was needed to gain access to them.
A Pretty Good Bill
Early next year in 1991, Senator Biden had added an addition to Bill 266, a piece of legislation focused on anti-terroism. The addition to the bill allowed the government to access “plain text contents of voice, data, and other communications when appropriately authorised by law”. It basically meant that the government would be able to spy on all communications available at will. All forms of communication.
At the time, a software engineer who was a building an encryption program, heard about this news. Known as Phil Zimmerman, he had spent the last decade heavily involved in liberal politics as a nuclear freeze activist and more recently had started to focus on technology. He was building a tool that could allow anyone with a computer to encrypt messages and files using the RSA encryption algorithm. Considered to be of military grade, RSA had only been used commercially but Zimmerman believed that everyone should have access to strong cryptography and the ability to communicate privately. His program was called: PGP, which stood for Pretty Good Privacy, a name inspired by the grocery store known as “Ralph’s Pretty Good Grocery”.
He had been vaguely debating how he was going to make a business from PGP but when he learnt of Bill 266, he did not take the news lightly. He saw it as impending doom. The government was about to legalise spying, the exact activity his software looked to protect against. Taking the bill as the ultimate deadline, Zimmerman rushed to get it into the hands of as many people possible. Missing five mortgage payments in a row, Zimmerman said:
“This was not a commercial product.
It was a human rights project”
And while version 1.0 was considered to be weak and poorly written (The recipe of sleep deprivation + having no money + rushed work is not an optimal one for writing software). He released PGP in the May of 1991 along with his famous article included with the software’s docs: “Why I wrote PGP”.
“If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defence contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organisations mostly have not had access to affordable military grade public-key cryptographic technology. Until now…
…PGP empowers people to take their privacy into their own hands. There’s a growing social need for it. That’s why I wrote it.”
He started uploading PGP to different forums and sites. It was open source, free and didn’t require a license for commercial use. He wanted to put military grade encryption into the hands of every day people in anticipation of the impending dooms day. Helped out by his activist friends, PGP started to spread. (Did you know: Before the rise of most totalitarian governments, they confiscated and banned the ownership of guns. This was the case with Nazi Germany, Soviet Union, Italy during WWII etc.)
Within a week, people started using it around the world and within a month, thousands had already downloaded it. It was soon used by Burmese freedom fighters and had even spread to Eastern Europe where one person replied to Zimmerman: “if dictatorship takes over Russia, your PGP is widespread from Baltic to Far East now and will help democratic people if necessary”.
However in spite of Zimmerman’s scurried efforts, Civil liberty groups including the EFF, had rallied against Senator Biden and the addition was removed from Bill 266. It had turned out that it was Biden who ultimately motivated the urgent release of PGP into the public.
May and Hughes, two very crazy individuals
Early next year, Gilmore hosted a party in San Fransisco where he invited cryptographers together to hangout and drink. That was when Eric Hughes and Timothy C. May met.
Hughes was a young mathematician who had just come back from Amsterdam where he worked for David Chaum’s Digicash. May was originally a hardware engineer at Intel who just spent the last 3 years attempting to write a non-fiction novel about David Chaum’s ideas.
Whilst Eric was in his mid twenties and May was in his late thirties, they immediately connected over their equally crazy libertarian views. By chance, they were both also equally obsessed with David Chaum’s work.
Timothy C. May was a rugged character, having been brought up by a naval officer. He was a free spirited libertarian from the early age of 12 where his very much enjoyed his guns: “Holding a pleasantly heavy, cold metallic firearm felt liberating and empowering.” In similar fashion while Chaum played with locks and safes as a child, May’s favourite toys were his AR-15 assault rifle and his .357 magnum. Fittingly, May pursued a career as an hardware engineer.
During the 80s, his libertarian views gravitated him towards the wild west of cyberspace and fantasised how “Encryption makes it easy and even safe to ignore most local laws about what can be done in cyberspace”. In 1986 he read David Chaum’s paper “Security without Identification: Card Computers to make Big Brother Obsolete” and quit his job. He wanted to write about David Chaum’s ideas. Leaving Intel as an employee, rich from stock options, he started to write a novel called “Degrees of freedom”. May attempted to write about a world ruled by digital money, data havens (‘blockchain?’), time-stamping and NSA surveillance. And similar to most teenagers who wrote about spy fiction, he never finished his the novel. Being an engineer at heart, after 3 years of struggling as a writer, he was done with the sidelines. “I didn’t want to work on this stupid novel. I wanted to actually build this elaborate world that I was imagining”.
Eric Hughes had studied Mathematics at Berkeley as an undergraduate student. During his time there, he was first exposed to the work of David Chaum at a cryptography conference (CRYPTO ’86 ?). Chaum had been talking about a system of digital money where he stressed the importance of anonymous payments in the increasingly digital world. Unlike others, Hughes was captured by the political implications of technology and cryptography. After a short consulting stint he left for Amsterdam to work for David Chaum’s Digicash. But despite being obsessed about his research, Hughes described how he was not too fond of Chaum’s personality, a comment that would not surprise any of the past and present Digicash employees. After a short stint at Digicash, he came back home.
He had come back earlier in May 1991 to apply for Berkeley graduate school. As Hughes had mentioned needing a place to stay while he looked for a place to rent, May offered to cover him. While it made sense then, Hughes agreed and came to live with May for a short while.
Upon arriving, he ended up doing very little of what he was intending to do: Look for a place to live.
Instead, Hughes and May spent the three days straight just talking about crypto. Whilst others had day jobs, May was a rare mix of being rich as well as a failed author, and Hughes was a young twenty-something year old with no responsibilities.
“We spent three intense days talking about math, protocols, domain specific languages, secure anonymous systems,”
“Man, it was fun” said May.
The first meeting
Later in the September of 1991, Hughes, May and Gilmore came up with the idea of gathering a regular meetup of tech libertarians. They liked the idea and sent out invites to Hughes’s newly rented house. So on a September Saturday morning, 30 or so academics, engineers and crypto advocates sat on the unfurnished floor of Hughes’s newly rented house. And so it began.
May had prepared 57 page handouts detailing concepts of cryptography and other background information on the discussion that were planned. This included a diskette copy of PGP 2.0 which was released the week before.
After ceremoniously distributing the packets, he began the meeting by reading out loud his five year old creation to which he called the “Crypto Anarchist Manifesto”.
It was a political manifesto written back in 1988 during May’s shortlived career as an author. It projected a vision of a future where the world’s data, liberty and governance were ruled by the laws of cryptography and mathematics. He had originally written it for the cryptography conference, CRYPTO ’88. He printed hundreds of copies out and gave them out but no one cared too much about about the political implications of cryptography.
But unlike those present at CRYPTO ’88, as May read the manifesto out, the motley crew of crypto fanatics who sat on the floor nodded and grumbled in approval.
“If the government can’t monitor you, it can’t control you…Politics has never given anyone lasting freedom, and it never will…”
May didn’t trust in the protection of privacy and freedom with companies. Instead he trusted the law of mathematics to do so.
May in an video conference call in 2017 commented how at least one or two of the people present hard probably created Bitcoin.
After initial discussions around the world they lived in, they started to play a series of role playing games that simulated cryptographic concepts.
By now you would probably have realised how huge geeks these people were.
For the rest of the afternoon and evening, they used paper and envelopes to play out digital money, information markets, pseudonyms, ‘hypothetical’ drug trading systems and reputation systems. They had naturally arrived at the issue that Chaum had originally encountered: Metadata and its exploitability. Frustrated at how cryptography had made little progress since the 80s, they talked about how they would go about implementing Chaum’s solution of a Mix Network. The group talked about cryptography all night long and many ended up sleeping on the floor of Hughes’s bare floor.
During the next morning while Hughes and May were buying bagels, they asked themselves:
Why limit the club to the physical world when the real mass of potential cryptography fanatics were on the cyberspace?
The realised that the internet was going to be built in chatrooms, not someone’s living room. Within a week, Hughes developed mailing list 1.0, an remailer list (think email chat room). The mailing list would send mail to and from different users and hide the original sender’s identity behind a pseudonym. Hal Finney would implement PGP 2.0 into the remailing list and another cypherpunk called Cottrell would implement message batching to hide the timing of messages.
Hughes’s girl friend, Jude Milhon, the editor of a tech magazine, comment how “You guys are just a bunch of cypherpunks”.
A play on the words cyberpunk and cypher, the term would be soon be worn as a badge of pride and political defiance. Within a month of the first meeting, the mailing list was up and members could subscribe by emailing:
After 13 years, David Chaum’s concept of a Mix Network was finally realised.
The birth of the Cypherpunks
This mailing list would become the harbour of America’s most backchannel discussions surrounding cryptography, drug markets, assassinations and government policies. Julian Assange along with the creators of TOR, Bit Torrent and most likely; Bitcoin, were part of this list early on.
Within a week it had 100 subscribers and by the end of the year, there would be over 2000 similar remailers hosted around the world.
One of their first messages surfaced on the 10th of October 1992 which announced the details of the second cypherpunk offline meetup. This time, it would be held at the offices of Cygnus Support, Gilmore’s company in Mountain View, where Google now currently resides in.
Second Meeting -- October 10, 1992
The second meeting will be held at the new Cygnus offices. Exact address and directions to follow.
We do not have an exact agenda yet, but one should be arriving in the next few days. Please mark you calendars now and start telling your friends.
For this meeting and until further announced, we are using a transitive trust system for invitations. Invite anybody you want and let them invite anybody they want and so on.
The crypto-anarchy game we tried out at the first meeting was as good a success as we could have hoped for from an untested idea. The game seems useful and fun enough to warrant continued play and play testing, so we'll be playing again at this and future meetings.
We observed several interesting emergent behaviors in the first session, including resellers and reputation behaviors. We'll play a two hour session this time and discuss it afterwards.
The cypherpunks list is a forum for discussion about technological defenses for privacy in the digital domain.
Cypherpunks assume privacy is a good thing and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organizations to grant them privacy out of beneficence. Cypherpunks know that people have been creating their own privacy for centuries with whispers, envelopes, closed doors, and couriers. Cypherpunks do not seek to prevent other people from speaking about their experiences or their opinions.
The most important means to the defense of privacy is encryption. To encrypt is to indicate the desire for privacy. But to encrypt with weak cryptography is to indicate not too much desire for privacy. Cypherpunks hope that all people desiring privacy will learn how best to defend it.
Cypherpunks are therefore devoted to cryptography. Cypherpunks wish to learn about it, to teach it, to implement it, and to make more of it. Cypherpunks know that cryptographic protocols make social structures. Cypherpunks know how to attack a system and how to defend it. Cypherpunks know just how hard it is to make good cryptosystems.
Cypherpunks love to practice. They love to play with public key cryptography. They love to play with anonymous and pseudonymous mail forwarding and delivery. They love to play with DC-nets. They love to play with secure communications of all kinds.
Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, their going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress.
Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down.
Cypherpunks will make the networks safe for privacy.
Saturday, October 10, 1992 12:00 noon - 6:00 p.m.
Cygnus Support offices 1937 Landings Drive Mountain View
The second meeting of the cypherpunks will be Saturday at noon. John Gilmore has graciously provided us with a meeting space at the new Cygnus Support offices. These offices are so new, in fact, that Cygnus will not have moved in yet. This meeting will be bring-your-own-pillow (or chair), since it will be held in largely empty space. Directions are at the end of the message.
Attendance is transitive trust, arbitrarily deep. Invite whoever you want, and let them do so also, and so on. Invite them also to join the mailing list. Do not, however, just post the announcement. Time for that will come.
I'd like everyone who plans on attending the meeting to send me, firstname.lastname@example.org, a message telling me so. I'd like to get a rough head count before Saturday for game planning.
We are starting at noon because of popular demand. Eat beforehand or bring a burrito or something. It will be fine to eat during the first segment; it won't be any more disruptive than the game is.
Bring your PGP public key for in-person key distribution, preferably on diskette. We'll need a portable PC or three to do key distribution; if you have one you can bring, post to the list and tell people.
We realized after the first meeting that a strict schedule was nonsense. This meeting has a very informal schedule.
Starting at noon, we're going to play session two of the crypto-anarchy game, in which players try to conduct business under the watchful eyes of others. We want to play for two hours and then have discuss experiences afterward for about an hour. Some of the improvements over last time will be flatter denominations of money, wider distribution of commodities, more watchers (governmental and otherwise), and perhaps some pre-printed forms.
We'll take a break to regroup for about ten or twenty minutes.
For the second half we'll talk about the security of remailers. I'll lead the discussion. We'll be designing protocols and analyzing attacks and defenses. I've done this with DigiCash for electronic money protocols, and remailers are much easier, but still probably more than an afternoon's discussion. We'll do this until six or so, when people will have to start leaving.
Everyone who wants to will go out for dinner. I don't know the restaurants down there; perhaps someone could suggest one?
Directions ---------- It's at 1937 Landings Drive, Mt. View. 101 to Amphitheatre Parkway (the bay side of Rengstorff Ave), go right at the first light, pass a right turn, and just before the road crests a tiny hill, turn right into the Landings complex. We're in Building H.
- Cypherpunks assume privacy is a good thing & wish there were more of it.
- Cypherpunks are therefore devoted to cryptography.
- Cypherpunks love to practice.
- Cypherpunks write code.
Unlike other political movements throughout history, the cypherpunks were able to equally match and defeat the government through direct action.
An archive of the messengers sent are available online. Here is an archive of the first year of messengers: https://raw.githubusercontent.com/Famicoman/cypherpunks-mailing-list-archives/master/cryptome.org/cyp-1992.txt
John Gilmore’s shenanigans
So while Gilmore was running his company, organising crypto-rebel meetups, he was caught up with another hobby of his: annoying the NSA. He had been battling a court case with the NSA and scored another win for the cypherpunks.
Earlier that year in the June of 1991, he had learnt of some books written by a cryptographer known as William Friedman. He was the Founder of the US Signal Intelligence Service, the precursor to the NSA. After reading two volumes of Friedman’s work, he realised the other four volumes were classified. He asked for them to be declassified. They said no.
This was not because Gilmore was a pain in the ass, but instead, he had stumbled across one of the NSA’s founding documents. So being a curious George, he started hunting for them and he ended up in Virgina after being tipped off by a friend. When he found the exact books that were classified by the NSA, he mailed them to himself.
However, Life was not as simple as that. Under surveillance, the NSA demanded him to hand them over. Denying the request, he aruged how “These are textbooks on relatively simple cryptographic techniques” and that he had obtained them legally. To get them off his back he gave his story to the press and after a front page headline focussed on the NSA, they had dropped the pursuit of Gilmore and the books. Soon after the books were declassified. The NSA hated publicity and were forced to give it up.
…So after all that effort, what value were the books to Gilmore and the Cypherpunks?
Apparently nothing. Gilmore just wanted to stand up against the NSA and prove that the government could be defeated. Gilmore 1, NSA 0.
PGP 2.0 gets into trouble
Early next year in 1993, PGP fell into the sights of the US government. After having attention drawn to Zimmerman through RSA’s intellectual property dispute, regulators initiated a criminal investigation on the violation of the Arms Export Control Act. Cryptography since WWII had always been considered as a military product and controlled within the same class as munitions. While back then the world was made of stone and chalk, in the 90s, it was a digital one where software and computing led the US’s GDP.
With Zimmerman given a court date, the EFF and the public rallied behind him. In response to the government, he printed copies of PGP’s source code on to hardback covers as a political stunt. Books were protected by the first amendment, under free speech, but cryptography was outlawed. What about a book with that had cryptographic source code? What was that then?
But despite all the ridicule the public threw at the government, it was clear as day: Zimmerman could not deny it. He had violated the Munitions Act. Things looked grim for the software engineer-turned hippie.
“To have ten lawyers tell me unanimously tell me that it was hopeless… it was a ton of bricks. It was the worst day”, said Zimmerman.
His all star legal team were sure of defeat until one of them had an idea. Known as Phil Dubois, he built his reputation through his creativity in defending criminals, celebrities and generally crazy people who did stupid things. Instead of denying and pleading, Dubois’s idea was to go on the offensive and portray the government as a danger to freedom. This would become key to Zimmerman’s defence. And luckily for Zimmerman, the government would soon step into it’s own noose.
Shortly after Zimmerman’s case, in April 1993, the Bill 266 had come back in another form:
The Clipper Chip.
Sinking the Clipper Chip
There was no better time to release an NSA spy device that allowed “Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions”. Its timing was perfect to further pissed off an already irritated nation that stood behind Zimmerman.
The clipper chipset was a manufacturing standard that encrypted data. Similar to the DES of the 70s, it had been part of the Clinton Administration’s attempts to manage the country’s security. The government just wanted to ‘protect everyone’ by having to access to everything everywhere whenever they wanted. And while the DES of the 70s had suspicions of being backdoored, the clipper chip was straight forward about it. It was part of the Chip’s inherent design and was openly announced through it’s proposal.
It had a slight improvement upon the DES’s 56 bit key and used an 80 bit key. And like most government projects today, back then you could also trust the quality of it’s work! (note: that was sarcasm)
With a healthy distrust of the government and fresh memories of the last three years, when the Clipper Chip was announced, the public erupted against it. They had just woke the sleeping bear.
A very excited crew of cypherpunks
Official civil rights groups such as the EFF responded to the proposal in well tempered criticisms of how it endangered freedom. But in the general public population, frenzy and paranoia ensued. Orwell’s dystopian world 1984 was about to come true.
In contrast to the mainstream urgency, the cypherpunks were rather excited.
Imagine this: You forecasted a doomsday and had started preparing for it. And ten years later, it happens. And sure, while the world looked like it was going to end, it would be hard to not be excited to watch the world scramble and arrive at conclusions which you had before. The cypherpunks predicted and expected this day.
“The war is upon us,” announced Timothy C May. “Clinton and Gore folks have shown themselves to be enthusiastic supporters of Big Brother.”
Timothy C. May, Eric Hughes, John Gilmore and the other cypherpunks rallied against this news almost with a level of giddy enthusiasm. And while the Cypherpunks openly opposed the Chip and debate raucously for its withdrawal, many others including May, did not actually take it too seriously.
They knew the vulnerabilities of the chip design and how public key cryptography fundamentally becomes useless the moment anyone else has the private key. The backdoor of the chip was almost like a sick joke to them.
On the day of it’s release, May wrote:
From: email@example.com (Timothy C. May) Date: Fri, 16 Apr 93 21:19:43 PDT To: firstname.lastname@example.org Subject: IMPORTANT--WE WON......NOT! Message-ID: <9304170419.AA26923@netcom.netcom.com> MIME-Version: 1.0 Content-Type: text/plain
FIRST, THE BAD NEWS--The government wants to control encryption. Though they are playing coy about it, it's clear that eventually they will try to ban "the good stuff." It's clear Zimmermann, and others, have gotten their attention. NOW, THE GOOD NEWS--I t d o e s n o t m a t t e r. The game is over. We won. The government may engage in holding actions, but it still doesn't matter. What we have here, is the State's pitiful attempt to make the best of a bad situation. This amazing "policy" announcement is a tacit admission of defeat. HOW CAN I BE SO SURE?--The cat is out of the bag. Free, mil spec data encryption is readily available to all. Within a year, equivalent voice encryption freeware will join it. There is no way the government can stuff the encryption cat back in the bag. They can pass their laws. We will do as we please--and they will help us.
Nonetheless, they had an emergency meeting at the offices of Cygnus Support. With 50 cypherpunks tightly packed into room, they would brainstorm ideas to destroy and rebel against the government.
Similar to how in Fight Club, Tyler Durden would hand out assignments, the cypherpunks printed off parody stickers that said “Intel INside” and stuck them inside computer stores where May had originally drawn it on a white board as a joke, referring to “Big Brother Inside”.
Others designed T-shirts that shouted, “Fight the Clipper,” and had lines from May’s “Crypto Anarchist Manifesto”.
Whitefield Diffe was a major influencer during this Clipper Chip saga and would later write a famous public letter to the Clinton Administration:
“No right of private conversation was enumerated in the constitution. I don’t suppose it occurred to anyone at the time that it could be prevented. Now, however, we are on the verge of a world in which electronic communication is both so good and so inexpensive that intimate business and personal relationships will flourish between parties who can at most occasionally afford the luxury of traveling to visit each other. If we do not accept the right of these people to protect the privacy of their communication, we take a long step in the direction of a world in which privacy will belong only to the rich. The import of this is clear: The decisions we make about communication security today will determine the kind of society we live in tomorrow.”
Early next year in 1994, a national council of 40 experts, industry leaders and academics, wrote a public open letter to the Clinton Administration, asking for the Clipper proposal to be withdrawn. This group of 40 included…
- All three original creators of public key cryptography: Martin Hellman, Whitfield Diffie and Ralph Merkle
- Ronald Rivest, one of the three creators of RSA encryption
- David Chaum, Founder of Digicash
- Phillip Zimmerman, Creator of PGP
“The Clipper proposal should not be adopted. We believe that if this proposal and the associated standards go forward, even on a voluntary basis, privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation’s communications infrastructure will be threatened”
Government: “Don’t worry, we got it covered”
Next year during the May of 1995, the NSA finally responded. Failing to give an inch of ground, they responded through a fairly pointless press release that attempted to assure the public of the Chip’s security.
“The cryptographic strength of the “Clipper” algorithm is very substantial an should be highlighted. With regard to the AT&T TSD 3600 device and other similar devices, these vendors almost exclusively employ DES encryption. DES encryption is based upon the use of 56-bit key information. “Clipper” employs an algorithm which is based upon an 80 bit key. Although only 24 bits longer, “Clipper” encryption provides 16 million times as many permutations which makes it geometrically more difficult to decrypt. This fact is a critical counterpart to the encryption methodology and makes “Clipper” encryption attractive.”
By 1994, the communications manufacturer, AT&T had started creating hardware with the chip. Communications companies were starting to use the chip. But despite this, the ideology of the cypherpunks had reached far and wide. As the Chip was released to commercial producers, the cypherpunks soon had eyes on the restricted design of the chip.
An AT&T Embedded Systems Engineer called Matt Blaze had the job in testing the Chip for production and was able to examine it closely. He discovered that while the cipher itself was relatively secure, the NSA’s key for to access the encrypted backdoor was only a 16 bit hash and could be brute forced.
It turned out that Blaze was also a cypherpunk and part of the the mailing list. After consolidating his findings, he published them in August 1994, effectively breaking the chip’s design. Soon after his findings, the Clipper Chip was discarded and found impractical by the government and also commercial producers.
The tides were finally starting to turn.
Next year, the cypherpunk’s efforts would continue and transition into a series of legal battles…
Karn vs. United States
Soon after the vulnerability of the Clipper Chip was released, a programmer known as Phillip R. Karn stepped up to challenge the government’s classification of cryptography as a munition. He ordered an assessment of a book that contained cryptographic source codes for encryption algorithms. Unable to dispute the claim, it was found that the book was not subject to the Munitions Act.
Karn continued to requested a second assessment of the book’s CD disk which contained the source code detailed inside the book. But unable to prove otherwise, it fell under the Munitions Act. The nuances here were decided on the potential ability to cause malice through the medium in which the source code was held on. But his effort would not be wasted.
Bernstein v. United States
Next year in 1995, Karn’s case had laid the grounds for another challenge. A student of Berkeley called Daniel J. Bernstein, attempted to publish a paper along with source code about his encryption protocol and through his publication, challenged the Munitions Act in the federal trial court of Northern California. Based off the precedent of “Karn vs. United States”, the court ruled that the source Code inside his paper was speech protected under the first amendment. While Karn’s case had ruled text forms of source code to fall outside of the Munitions Act, Bernstein’s case proved it to be protected by the first amendment, under free speech. The pieces of the puzzle were slowly coming together.
Junger vs. United States
Peter Junger would be up next to challenge the Munitions Act. He was a law professor who enjoyed teaching from first principals and wanted his students to not only study but also play with concepts explored. For one of his courses, he was restricted to only take in international non-US citizens as he had included an encryption program in the course materials where it was officially recognised as the export of cryptography. Held back from teaching, he announced his case against the Munitions Act believing that it violated the First Amendment.
Leveraging the recent cases of Karn and Bernstein, Junger’s case would emerge victorious later on in 1999 to conclude how Software would be protected by the First Amendment. But immediately after Junger’s initial challenge, the Clinton Administration gave in. (Junger’s case would only be closed later on)
Later that year on the 12th of October 1996, President Bill Clinton signed Executive order 13026. Cryptography was officially removed from the munitions list and placed on a lightly controlled schedule. The export of cryptography was no longer prohibited.
Through this order, Zimmerman’s case would also be dismissed as the consequences of exporting no longer carried any weight. The battle was won. But was it over? No.
Coming full circle from Hellman, Diffie and Merkle
Later in 1998 as the remaining legal cases surrounding cryptography were finally being closed, Gilmore looked to press on and completely destroy the government’s claim and involvement on future cryptographic technology.
The cypherpunks community had set their sights on the DES.
Originally released in 1976, it was an encryption standard that was provided for commercial use. The DES was what Martin Hellman and Whitfield Diffie had opposed and what inspired the open publication of public key cryptography. One of their criticisms of the DES was that its 56 bit key was theoretically vulnerable to a brute force attack but back in the 70s, doing so was considered unfeasible with the degree of computing power available.
But now in the year of 1998, it was a different story. Later that year, RSA Data Security released a bounty to see who could crack a DES secured message.
After 5 months it would be solved. They set a bigger bounty of $10,000 to see if anyone could do it faster and better. After missing the boat on the first challenge, Gilmore who by then had a successful business took on the challenge with a cryptographer called Paul Kocher. He had worked under and was trained by Martin Hellman, one of the three original public key inventors. Fitting for the mission that would bring history full circle, Gilmore and Kocher spent $222,000 to build a computer called “Deep Crack”.
Within 56 hours, the DES was cracked.
After about two decades of controversy, the DES was finally broken and soon officially declared defunct.
By the year 2000, all restrictions and regulations surrounding cryptography had been removed by the government.
Open source cryptography was legal and allowed.
At the beginning of the 90s, the world wasn’t sure where it stood with cryptography until the Government gave people a reason to care.
The cypherpunks fought and won. They did so to protect the right to personal privacy and liberty through cryptography. They would continue to rampage through the 2000s leaving behind in their trail, TOR and the rise of the deep web, torrenting and piracy, Wikileaks and transparency but more relevantly: Bitcoin and cryptocurrency.
Next in Part Four, we will explore the creation of TOR, Bit Torrent, Wikileaks and the birth of Bitcoin.
While the break of the 2000s would signal the end of an era. Things had just begun: Part 4 “New Millenium”
Big thanks for Luke Schoen for help me edit this. Thanks to Tom as well.