Chapter 03

Cryptoanarchy, Cypherpunks & Civil rights in Cyberspace

The state of the digital world in the early 1990s could be very well described as the Wild West. Hacker groups began popping up at an accelerating rate not only on the net, but also in the media. The experiment known as the Internet took off and slowly made its way to become indispensable to the daily lives of citizens. The emerging digital world came with new opportunities, rules, principles, but also exploits. There was a growing confusion regarding the role the Internet would play on our lives, and what implications it would have on our security. One unifying factor was the lack of technical knowledge of the newly evolved technologies. The public suffered in the same way the governments and agencies did. Cyber crimes occurred more frequently, mostly involving credit card fraud, hacking and phreaking (manipulation of telecommunication systems). The Clinton Administration, for its part, decided to step up the fight against the new form of criminal activity and the unique threats imposed on citizens by proliferation of the Internet. As such, federal law enforcement agencies saw their budgets boosted and their investigatory powers significantly increased.

Their power had grown even before then. In 1990, during the George H.W. Bush Administration, the Secret Service conducted Operation Sundevil, aimed at halting illegal computer hacking activities nationwide. It involved multiple raids in dozens of cities and resulted in confiscations of computers, electronic bulletin board systems, floppy disks, and eventually a number of arrests. The operation became the most publicized action against hackers by the federal government. Even though the overall success of the operation has been disputed, its sheer scale and publicity resulted in a noticeable chill in illicit hacking activities.Nonetheless, even though the operation netted several arrests and headlines, the prosecutions fell short. Judges were skeptical of the methods used by agencies to nab suspects, citing civil liberties concerns and potentially illegal warrants and raids conducted by officers.In the aftermath of Operation Sundevil, a group of activists teamed up to defend and promote civil liberties online. The group was led by John Gilmore, John Perry Barlow, and Mitch Kapor. Barlow and Kapor were victims of raids themselves, falsely accused of being members of the hacker group NuPrometheus. An FBI agent searched Barlow’s home looking for “the ROM code”. As Barlow tells it:

He didn't know what a ROM chip was, he didn't know what code was, he didn't know whether it had been stolen or what exactly had happened or whatever it was. And I realised that what we were looking at there was a microcosm of a whole set of things that could now begin to happen with the government and with society and computers. And it was just a little pinpoint of future shock that was going to blow up into something big and ugly if we weren't very careful about how it got managed.

As it turned out, the FBI agent’s suspicion of Barlow stemmed from his attendance at a recent hacker conference. Owing to this botched accusation, Barlow and Kapor were both baffled by the FBI’s lack of understanding of software and technology. They surmised that if intelligence services couldn’t understand the peculiarities of the Internet during their well-funded investigations, there was no way they would be competent enough to respect the civil rights of Internet users they target.

Barlow and Kapor had their claims to fame before their interactions with police. Barlow was a lyricist for the popular cult band Grateful Dead, while Kapor was the programmer and developer responsible for Lotus, one of the first note-taking software companies, eventually sold to IBM later that year for $3.5 billion. When they learned of the fate of a group of teenagers accused of hacking phone systems following the aggressive raids of their homes, Kapor and Barlow decided to use their resources to defend the hackers. The public attention paid to the case, thanks to their involvement, marked a first in Internet history.Later, both men were joined by John Gilmore — an entrepreneur, programmer and activist known for finding joy in trolling government agencies — and Apple co-founder Steve Wozniak. By July 1990, the Electronic Frontier Foundation (EFF) was formed. As Barlow wrote in his extensive blog post Crime and Puzzlement describing the order of events that led to the formation of EFF:

The Electronic Frontier Foundation will fund, conduct, and support legal efforts to demonstrate that the Secret Service has exercised prior restraint on publications, limited free speech, conducted improper seizure of equipment and data, used undue force, and generally conducted itself in a fashion which is arbitrary, oppressive, and unconstitutional.

Even today, EFF is one of the most effective and important organizations defending civil liberties in cyberspace. Along with a robust legal strategy to protect defendants accused of crimes online, they’ve also grown to champion grassroots activism, policy analysis, and technology development. In the last three decades, they have sued government agencies as well as corporations, defended software companies, and activists in many decisive legal victories. Added to that, they have also created useful online and digital tools for people to use. Among them is HTTPS Everywhere, a browser extension for encrypting the communication with websites, and Privacy Badger and Panoptclick — tools that help you block tracking while surfing the net.In 1996, Barlow wrote “A Declaration of the Independence of Cyberspace” in which he laid out his vision of a self-governing Internet. Even though this work was met with scrutiny, and Barlow himself would reflect on his work a few years later with words: “we all get older and smarter”, it became an iconic paper that inspired and resonated with tens of thousands of people due to its sentimental visionary call for independence:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.

Pretty Good Privacy

It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.

Philip R. Zimmermann prefaced his PGP User’s Guide with these words when the software was released in May 1991. It was during that time that he read into the details of a sweeping anticrime bill known as Senate Bill 266, and hurried his outline for an encryption program. Zimmermann also shared Chaum’s concerns about the extinction of personal privacy with the rise of digital technologies. The bill introduced changes Zimmermann feared most, mainly legalizing government spying on all forms of communication. The bill immediately caused outrage among privacy activists, including EFF. Zimmermann, a software engineer and activist, became convinced that bulletproof encryption algorithms — such as RSA — should be available not only to the military and commercial entities but to anyone and everyone, as he believed that the ability to communicate privately was a fundamental right.

Owing to that, he decides to implement a combination of RSA encryption with a symmetric key cipher of his own design. The software became known as PGP, which stands for Pretty Good Privacy. He initially considered monetizing the software, but upon learning of the consequences of Senate Bill 266, he abandoned those plans and swiftly published PGP to the Internet. He hurried so much with his development and work that he skipped five mortgage payments in a row while working on the code. It was open-source and free. He uploaded it to several forums and websites and soon the software went viral.

Thereafter, he received messages from people across the world expressing gratitude for his creation of the tool. This was at the time when the International Traffic in Arms Regulation (ITAR) strictly prohibited the distribution of encryption beyond US borders. Zimmermann was aware of this situation, but he hoped that his small project would not garner attention in all the wrong places. He could not be more wrong. The first complaint came from the creators of RSA encryption themselves. Their company, RSA Data Security Inc, held several patents related to public-key cryptography, and their interpretation was that no one could use RSA without a license. In his defense, Zimmermann argued that it is users’ responsibility to get the license and he “assumes no liability for any breach of patent law resulting from the unlicensed use of the RSA algorithm” in his software. PGP’s documentation contained the same disclaimer. Yet, PGP was held to have infringed on the patent, and eventually Zimmermann signed an agreement with them to cease distribution of PGP. The agreement soon turned out to be pointless. PGP proliferation was unstoppable and the deal increased both distribution and widespread use of the software.

The crypto war had begun. It did not take too long before the US government began investigating Zimmermann for possible ITAR violations. By this time, however, he was far from alone. His case sparked the attention of the entire community of digital privacy advocates, and subsequently the mainstream media and the general public, too. This led the EFF to step in and directly fund and lead Zimmerman’s legal battles. For many in the community, Zimmermann embodied a true Cypherpunk hero. He wrote a free and uncrackable encryption software as a response to government regulations treading on people’s privacy. Cypherpunkers celebrated and supported him, seeing Zimmerman as one of their own, a determined and reckless insurgent wrecking law enforcement and intelligence agencies with rigorous mathematics. This kind of image, however, was the last thing he needed during the trial. Ironically, despite the support of the community, he was not so fond of the Cypherpunks’ rather militant rhetoric and leather-jacket-clad style. As more of a suit-and-tie activist, he often found their actions and claims counterproductive to the cause. He preferred a more diplomatic approach:

I saw them as angry young men in leather jackets, without children and with too much testosterone.

Yet, they were determined to fight this battle with him. And apart from having a knack for software development, they also had the talent for uncovering legal loopholes. One of them, Phil Karn, came up with a clever trick to demonstrate and undermine the inconsistent logic and reasoning behind export laws. He asked the State Department for permission to export a copy of Bruce Schneider’s book Applied Cryptography he had legally purchased. Permission was granted. This was likely approved by a routine bureaucratic procedure, but it was no ordinary request. Schneider’s book contained the source code of Digital Encryption Standard (DES). The second part of Karn’s legal maneuver was to ask for the export permission once again, this time only for a part of Schneier's book — more precisely the DES source code. The medium was different as well. Instead of a paper book, the code was on a floppy disk. The permission was denied and was water to Karn’s mill, and he eventually sued them in federal court.Another important ally of Zimmerman's case was the Massachusetts Institute of Technology, which owned part of the RSA patent. Version 2.5 of PGP was written with a different library than version 1.0, ensuring it would not infringe on any patents. MIT then partnered with Zimmermann to publish PGP: Source Code and Internals in book form. Much like the previous example, the book contained the source code written in OCR-A (Optical Character Recognition) font that made it easy for scanners to translate words into bits.

Thus, the MIT Press followed the modus operandi of Karn’s plan and also asked for permission to export the book. Their request was never answered, so they went ahead and sent it overseas to European bookstores. MIT now being the official distributor of PGP globally certainly tilted the scales in favor of Zimmermann. Public opinion and most of the media favored him as well. The government’s attempt to limit access to strong cryptography had become the subject of mockery in creative ways. Perhaps most famously, the three-line implementation of the RSA algorithm in Perl language created by Adam Back was small enough to be used as a signature file, and was used widely and creatively by the cryptographic community. Civil disobedience statements like “munitions T-shirts” became a legendary relic from that period. The T-shirts had the code on the front:

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

Technically, the law designated such T-shirts as export-restricted ammunition, thus making it illegal to wear them beyond the borders of the United States of America, since a mere glance at the code from a foreigner could be considered violating government restrictions. There were stories of some going so far as to tattoo those three lines of code on their bodies. Public pressure eventually became massive and was loud enough to warrant a modification to Senate Bill 266 to include activists’ comments and objections.

However, as with many cases, the government’s eagerness to “protect” everyone is never satisfied. The Clinton Administration had their second shot with the infamous proposal for Clipper chip — officially known as MYK-78 — announced in 1993. The chip, designed by NSA, would allow strong encryption for commercial use, as was planned to be distributed to companies. There was a catch, however. Each clipper chip had a unique serial number associated with its unique secret key. The keys were to be stored in an NSA database. The proposal faced immediate backlash and was deemed unacceptable not only by the privacy activists, but many large companies as well. “The crypto business is exploding”, wrote New York Times in June 1994 in their article on the issue demonstrating proliferation of cryptography in the commercial sector. The example they used was of football teams using encrypted communication between coaches and quarterbacks to avoid possible interception from their rivals. The government strategy represented a serious business threat to many American companies. Whitfield Diffie would sum up the encryption dilemma in his testimony before Congress in 1993:

The decisions we make about communication security today will determine the kind of society we live in tomorrow.

A year later, the Clinton Administration received a letter from dozens of industry leaders, cryptographers, academics, entrepreneurs, NGOs, and institutions that asked Clinton’s administration to withdraw the proposal. The companies that signed the letter included Apple, Microsoft, AT&T, IBM, RSA, Lotus, and many others.

In 1996, when a company named Bell Labs discovered a vulnerability in the chip’s design, the fate of the Clipper chip strategy was doomed, and resulted furthermore in a slow and gradual relaxation of the encryption restrictions in the years that followed. By 1998, most of the legal cases related to use of cryptography were closed, something credited to the Cypherpunks. In 1999, Zimmermann updated his initial paper “Why I wrote PGP” with few more paragraphs:

Throughout the 1990s, I figured that if we want to resist this unsettling trend in the government to outlaw cryptography, one measure we can apply is to use cryptography as much as we can now while it's still legal. When use of strong cryptography becomes popular, it's harder for the government to criminalize it. Therefore, using PGP is good for preserving democracy. If privacy is outlawed, only outlaws will have privacy.

Thereafter, the attention of the Rebellion shifted once more to DES. The Data Encryption Standard introduced originally in the late 1970s was already then questioned for theoretically being vulnerable to brute force attacks because of its short key size of mathematically odd 56 bits. In the 1990s, RSA decided to release a bounty to encourage the community to crack DES secured messages. The message was cracked in five months. They released a second iteration of the challenge with a bigger bounty to encourage the inception of better techniques for cracking. After missing out on the first challenge, John Gilmore was dedicated to securing the second bounty. He worked with one of Hellman’s students, cryptographer Paul Kocher. The two spent over $220,000 to construct a computer codenamed “Deep Crack” that would break the DES within three days. The effort and money were considered well spent. Not so much for the RSA bounty of $10,000, but rather for proving the point and demonstrating what had been contemplated publicly for over two decades. After all of this, the government’s effort to steer the direction of cryptography was defeated. Cryptography was, and remains, legal, open, and unrestricted.

Cypherpunks

A specter is haunting the modern world, the specter of crypto anarchy.
Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.

These are the words from “Crypto Anarchist Manifesto” by Timothy C. May, published in 1988. May dressed anarcho-capitalism in modern, even futuristic clothes. The paper would become iconic for the movement that went down in history known as Cypherpunks. The term combining cipher and cyberpunk was coined by Jude Milhon, a hacker and one of the co-founders of the movement, who brought it casually as a reference. But the name stuck. According to Wikipedia, Cypherpunks were a group of activists “advocating for use of cryptography and privacy-enhancing technologies as a route to social and political change”.

The group formed around the time when the US government was strongly opposing the free circulation of cryptography. The discourse over public access to encryption tools in day-to-day communication has been historically preoccupied with restricting it: in the name of national security, in order to weaken the position of drug dealers, terrorists, money launderers and other criminals that makeup merely a tiny fraction of our population. The general trend has been that governments have fought to restrict the right to individual privacy.

The Cypherpunks have been a significant counter-force to this stand and shaped the discourse towards the rights and interests of an individual. In the ever-present fight for the respect of individual freedom and liberty, their role and influence has been unparalleled. Much of this sprang from what became a famous mailing list started as a small gathering of geeks, academicians, cryptographers, libertarians, and rebels.In early 1992, John Gilmore, one of the cofounders of EFF, invited a small group of digital privacy activists to a get-together hosted in his company’s office in the San Francisco Bay Area. Timothy May was one of the attendees. May was an exceptional hardware engineer at Intel, one of the best that the company had. He retired at the age of 35 and focused on his interests and hobbies that loosely involved writing, guns, political philosophy, and cryptography. He became aware of the work of David Chaum and was so fascinated by it that he started a novel incorporating Chaum’s ideas. Before Chaum, he was largely influenced by the Objectivist free market philosopher Ayn Rand, as were many contemporary libertarians. He intended to merge Rand’s world of John Galt with Chaum’s ideas, creating a modern version of Atlas Shrugged with techno libertarians. He conceived the concept of BlackNet, which combined Chaum’s anonymity tools with the idea of an online market for any kind of data by Phil Salin. BlackNet may be considered as the ideological ancestor of WikiLeaks.After a few years of an unsuccessful writing career, his focus shifted away from fiction. In 1994 he wrote an extensive document named Cyphernomicon that outlined some of the ideas of crypto-anarchy and became one of its founding documents, and he remained active in writing in the following few years.

It was at the Gilmore’s party where he met Eric Hughes. Hughes was a young mathematician at Berkeley who was likewise obsessed by Chaum’s work. Hughes and May were a great match for each other. Hughes worked for Chaum in the Netherlands and had just returned to the U.S. The two would even share an apartment for some time and spend a significant amount of time in endless discussions of cryptography, code, and freedom.

In September of that same year, Gilmore, Hughes, and May decided to organize a regular meetup for like-minded folks. Hughes offered his place and the first gathering brought together roughly 30 people, including some interesting personas that would shape the discourse on privacy and its implications in the digital world for years to come. May kicked off the meeting with a small ceremony of handing out a document outlining concepts of cryptography he wrote and prepared for the attendees. He read his manifesto aloud. The manifesto elaborated on the political implications of cryptography. He originally wrote and printed it for one of the cryptography conferences he attended in 1988, but it did not get much attention at the time. This crowd was different though. It had the right mixture of tech visionaries with a strong libertarian leaning. As it turned out, this was a powerful combination.

The next day, the idea that transpired from Hughes’ living room was to create a mailing list that others outside of the Bay Area could also join to share ideas. The group acted immediately; Hughes hosted it on his machines and developed a mailing list 1.0 and a remailer. Finney had implemented PGP 2.0 just a few weeks prior, and other members implemented message batching to hide the timing of messages, resembling Chaum’s Mix network. Within a month of the first meeting, the mailing list was born. An excerpt from one of the first messages, by May, announcing the mailing list would sum up what Cypherpunks stand for:

The cypherpunks list is a forum for discussion about technological defenses for privacy in the digital domain.
Cypherpunks assume privacy is a good thing and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organisations to grant them privacy out of beneficence.
Cypherpunks know that people have been creating their own privacy for centuries with whispers, envelopes, closed doors, and couriers. Cypherpunks do not seek to prevent other people from speaking about their experiences or their opinions.
The most important means to the defense of privacy is encryption. To encrypt is to indicate the desire for privacy. But to encrypt with weak cryptography is to indicate not too much desire for privacy. Cypherpunks hope that all people desiring privacy will learn how best to defend it.
Cypherpunks are therefore devoted to cryptography. Cypherpunks wish to learn about it, to teach it, to implement it, and to make more of it. Cypherpunks know that cryptographic protocols make social structures. Cypherpunks know how to attack a system and how to defend it. Cypherpunks know just how hard it is to make good cryptosystems.
Cypherpunks love to practice. They love to play with public key cryptography. They love to play with anonymous and pseudonymous mail forwarding and delivery. They love to play with DC-nets. They love to play with secure communications of all kinds.
Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, their going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress.
Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down.
Cypherpunks will make the networks safe for privacy.
The list grew in popularity fairly quickly. The stream of free-flowing discussions was unleashed and involved a wide range of topics: computer science, cryptography, political and philosophical debates, and more. Libertarian leanings were predominant but not exclusive.
In his 2017 Skype talk he gave at Hackers Congress Paralelni Polis in Prague, May reminisced the first weeks after creating the mailing list: ”...it took off like a rocket as we had a hundred subscribers within the first two weeks

In 1993, another iconic document was released. This time written by Eric Hughes, called A Cypherpunk’s Manifesto. That was where the main tagline of the group — Cypherpunks write code — would come from. In the following years, there were many other manifestos created around the space, though some were not directly related to the Cypherpunks. There was also A Cyberpunk Manifesto, released in 1997, and many different adaptations. Hackitvismo Declaration was written in 2001, The Wikileaks Manifesto came out in 2006, and one of the greatest activists of our age and a member of the Internet Hall of Fame, Aaron Swartz, wrote his Guerilla Open Access Manifesto in 2008. There were many more, many of which you can find in the bibliography of this chapter. They all expanded and shaped the narratives of cyberspace.

The Cypherpunks mailing list activity peaked around the mid-1990s with over 700 subscribers even though, as May points out, only 10% of them were active contributors. In 1995, a smaller group forked off to create an alternative mailing list called Coderpunks. According to the words of its creators:

The Coderpunks list was born of frustration at the end of 1995. At that time the Cypherpunks list had become, to a fair extent, a victim of its own success. Cypherpunks was increasingly overwhelmed by FAQs, recriminations, reheated spam, etc. Periodically someone would rue the relative inattention paid to the actual deployment of strong cryptographic measures. Anarchies being as they are, no-one stepped in to dictate the behavior of the list members. Assorted proposals to spawn new lists were floated, but none came to fruition. Finally the exasperation expressed by Raph Levien in a November 1995 message to Cypherpunks led to the creation of Coderpunks.

Both of them died out in the early 2000s but their heritage and imprint on the Internet’s history is enduring. And not only in terms of code. Historically, there has always been a discussion between the members of the movement on what are the best means and strategies for change in society, as well as the efficiency of particular tools. Cypherpunks have often been portrayed by the media as a crude group of savages, privacy extremists, and anarchists with antipathy to government, or even to politics in general. While this has been likely true for quite some of them, perhaps the majority, such an image is not entirely accurate. Yes, many of them saw cryptography and code as the most efficient, and perhaps ultimate tool in their struggle against oppressive tendencies of governments worldwide. But some of the greatest minds amongst them would call such a label shortsighted. This fact has been often overlooked not only by the media, but some of the Cypherpunks themselves. Hal Finney, for example, wrote on his personal website:

Unlike many early Cypherpunks, I never viewed cryptography as a gateway to a libertarian society.

As merciless revolutionism and rebellion packed into strong phrases and presented by people like May or Jim Bell naturally tended to be heard more whether inside or outside of the movement, the softer and more nuanced thoughts received less attention. This has been demonstrated on the list many times. In an interesting discussion in early 1994, one of the members — Mike Ingle — strongly argued that “technological gains are permanent” and that the “political approach was only useful as a tactical weapon, to hold them off until technological solutions are in place. If you want to change the world, don't protest. Write code!” This was a position that many on the list shared. However, Finney’s response demonstrates quite clearly that questioning such a stance also belongs to the Cypherpunks’ heritage:

This position seems to be fast becoming cypherpunks dogma, but I don't agree. The notion that we can just fade into cypherspace and ignore the unpleasant political realities is unrealistic, in my view.
Have people forgotten the Clipper proposal, with the possible follow-on to make non-Clipper encryption illegal? To the extent this proposal has been or will be defeated, it will happen through political maneuvering, not technology.
Have people forgotten the PGP export investigation? Phil Zimmermann hasn't. He and others may be facing the prospect of ten years in prison if they were found guilty of illegal export. If anyone has any suggestions for how to escape from jail into cyberspace I'd like to hear about them.
I even question Mike's point about the government's inability to ban books. Look at the difficulty in keeping PGP available in this country even though it is legal. Not only have FTP sites been steadily closed down, even the key servers have as well. And this is legal software.
Sure, this software is currently available overseas, but that is because PGP's only legal limitations are the U.S. patent issues. Imagine how much worse it would be if non-escrowed encryption were made illegal in a broad range of countries, with stringent limits on net access to countries which promote illegal software? Here again, these kinds of decisions will be made in the political realm.
Fundamentally, I believe we will have the kind of society that most people want. If we want freedom and privacy, we must persuade others that these are worth having. There are no shortcuts. Withdrawing into technology is like pulling the blankets over your head. It feels good for a while, until reality catches up. The next Clipper or Digital Telephony proposal will provide a rude awakening.

“Give a man a mask, and he’ll tell you the truth”

Perhaps one of, if not the most well-known, Cypherpunks among the general public is Julian Assange. He joined the underground hackers’ culture that was just forming in Melbourne around 1988, under the handle Mendax. He soon formed a small tribe with two other hackers that went under the handles Trax and Prime Suspect. They referred to themselves as the International Subversives.

According to Dreyfus, their politics was fiercely anti-establishment; their motive adventure and intellectual curiosity; their strict ethic not to profit by their hacking or to harm the computers they entered.

Assange and his gang performed a number of attacks against the U.S. military and the Canadian telecommunications corporation Nortel on a scale that had not been seen before. The group was raided in 1991, when Assange was going through a rough period that was reflected in his mental state. It took a few years until official charges were laid out against him, and his case was only settled in 1996. He was able to avoid jail time and ended up only with a fine of a few thousand dollars. Throughout this time, as suggested by people who worked with Assange, he tended to self-dramatize many parts of his life. In his writings from 2006, he would compare the period of prosecution where he was investigated and fined to the life of Aleksandr Solzhenitsyn: “How close the parallels to my own adventures!“

This seemed a little bit far-fetched. However, those complaints would come much closer to reality a few years later, after his masterpiece called WikiLeaks embarked on what he believed would cause a global revolution.

In 1997, Assange and his other friends wrote a piece of software named “‘Rubberhose”. It was meant to make it impossible for prosecutors to find out whether all encrypted data on a computer hard drive had been revealed. Assange knew that during a crackdown, when pushed by intelligence agencies, at least one person is bound to break down and inform on his co-conspirators. Rubberhose and its denial cryptography technology offered a way out. One could set up decoys within their hard drive, while still hiding the secret information as there was no way to prove whether all the data was revealed. An otherwise rational member of a group that had to choose between defection and loyalty to the group, therefore, did not have much to lose. Being loyal would not worsen their situation as the prosecutor would have no way to verify if the data was revealed, and thus could hardly trust the defendant anyway. The concept of plausible deniability would also later become central to the world of cryptocurrency. Bitcoin mixers or hardware wallet passphrases are built around the same idea.

Almost a decade later in 2005, at the Chaos Communication Congress in Germany, this concept would be criticized by another icon in the digital activism space, Jacob Appelbaum, one of the developers behind the Tor project. He did not think it was such a good idea to not have any way to prove that one has no secrets left. Therefore, he designed MAID (Mutually Assured Information Destruction), a system where decryption keys are automatically deleted if the user did not sign in within a certain time. While Rubberhose made it impossible to detect if all the data was revealed, MAID made sure that all the data was deleted.

Assange has been so committed to the fight for freedom that his deeds and writings resemble the kind of struggle we find in the stories of heroes largely present in the literature of romanticism. He was also a member of the free software movement pioneered by Richard Stallman, even though he expressed his criticism of disproportionate contributions to the movement from its members. We know from his writings that he was also inspired by Nicolaus Bourbaki, the collective pseudonym for a group of French mathematicians in the 1930s who published all their work under this name seeking to remove the aspect of one’s ego from their systematic, meticulous, and eventually influential work. Assange was hoping to achieve something similar in the field of journalism. And, apparently, he wasn’t the only cypherpunk influenced by such an idea, as in the years to come quite a few pseudonyms would present their brilliant work in the field of mathematics and cryptography — including Nicolas van Saberhagen, Tom Elvis Jedusor, and Satoshi Nakamoto.

Assassination vs. Whistle-blowing Politics

Cypherpunks were a plethora of interesting personas, geeks, and weirdos. Some were more radical than others. In 1995, perhaps one of the most radical amongst them, Jim Bell, began writing posts on what he considered to be a revolutionary idea: “Assassination Politics”. He envisioned a system where people would crowdfund money for the assassination of government officials. People could predict the date of death of an official, contribute to a fund, and whoever correctly “guessed” the right date would get the proceeds, and would be most likely the official’s murderer. The utilization of public key cryptography, remailers, and digital cash would ensure that the murderer’s identity was not revealed. This should create pressure on politicians to behave responsibly and craft the policies accordingly. The underlying theme of political campaigns would slightly change from “Why should people vote for me” to “Why people should not kill me”. The potential of fatal penalties in case a politician misbehaved would eventually deter anyone from taking the risk, and therefore the job. The body, role, and influence of government in society would shrink, and potentially disappear utterly — anarchy would prevail. So was the narrative. Not everyone within the community was receptive to the concept. Zimmermann considered Cypherpunks too radical even before Bell came up with this new way to eradicate faulty politics. In one of the interviews with Zimmermann, he reminisced the time when Bell reached out to him to ask what are his thoughts on the idea:

I wrote him back and said that he had managed to do what no one in the US government could ever do: He had made me wonder whether I never should have worked on encryption in the first place.

It was around the time of publication of Assassination Politics when Assange joined the Cypherpunks mailing list. Given the overlap of Assange’s life until then with philosophical underpinnings of the movement, it is rather surprising he did not find his way to the movement earlier. Freedom of speech was the ultimate principle championed on the list. Political correctness had no place in this corner of the Internet. The anti-establishment spirit was undeniable. Assange became a committed member and contributor to the mailing list practically until its end. Through the archives of the mailing list are available to the public, one may immerse themselves into an endless reading of rather unusual discussions of him and his comrades. Even a brief glimpse of the archived conversations suggests that Assange definitely was not the only eccentric on the list. Curious readers are invited to explore the merits of this claim on their own in the link provided in the chapter notes.

In 1996 when EFF’s chairwoman Esther Dyson was quoted in the Los Angeles Times expressing support of limited restrictions when it comes to anonymity on the Internet, many of the list members were outraged. The wild and free spirit of the hackers could not cope with the more nuanced diplomatic phrasing needed to get the message across to the general public. For some, she was now a defector who betrayed the noble cause. John Gilmore tried to soften the anger of the mavericks by pointing out that EFF does not have this official position, and that Dyson spoke for herself as an individual. Assange refused to accept it and wrote:

The inclinations I had to be involved with or financially support EFF are, after reading this, entirely quashed.

He went even further to cast suspicion of her being under the influence of the CIA. Assange clearly tended to dramatize situations. It seems this trait is present in the minds of many privacy activists. The pattern has been recurring. The same seeds of paranoia that led them to protest what they believed was a dystopian future, seemed to occasionally cloud their judgment, as in this case. One would see foes in what were actually friends.

At least you don’t accuse me of being a Communist.

Dyson responded. Assange later conveyed similar skepticism towards the pure intentions of other people from EFF, including Mitch Kapor. Assange was considered a leader of the Cypherpunks faction May called the “rejectionists”. They exhibited a high level of hostility towards anyone who displayed even the slightest tendencies to compromise on the questions of digital privacy, freedom of speech, and government surveillance. As surprising as it may seem, Assange did not show much of his sympathies towards crypto-anarchy as conceived by Tim May. On multiple occasions, he would criticize laissez-faire capitalism and the asymmetric nature of information in the market. His left leanings may be induced from his defense of trade unions as well as negative connotations he assigned to “rampant capitalists”. However, he took a firm anti-communist stand.

Another wave of outrage among list members came with a proposal for moderation of the list. To many on the list, moderation was equal to censorship. Some people were repelled by cynicism that was often present in the debates and left. This included one of the founders, John Gilmore. In 2003, Assange signed up to the University of Melbourne to study Mathematics and physics while plotting his revolution. He was inspired by Bell’s Assassination Politics but did not deem violence to be the right method. For him, whistleblowers would be a more powerful and viable tool to achieve societal changes. He elaborated on these thoughts in what is considered to be his manifesto called Conspiracy as Governance.By October 2006, he registered the domain name “WikiLeaks.org” and started to gather accomplices. He reached out to reputable personas in the field of activism such as John Young, who was running the intelligence leak website Cryptome, who, along with Jim Bell, shared the more militant tendencies of the faction within the Cypherpunks. He also reached out to John Gilmore, Daniel Ellsberg, Danny O’Brien, Ben Laurie, and Australian journalist Phillip Adams. While Ellsberg refused, the rest agreed to join the board of the soon-to-be-set-up nonprofit organization. In January 2007, he wrote a post describing the nature of WikiLeaks:

Principled leaking has changed the course of human history for the better; it can alter the course of history in the present; it can lead to a better future … Public scrutiny of otherwise unaccountable and secretive institutions pressures them to act ethically. What official will chance a secret corrupt transaction when the public is likely to find out? … When the risks of embarrassment through openness and honesty increase, the tables are turned against conspiracy, corruption, exploitation and oppression
Instead of a couple of academic specialists, WL will provide a forum for the entire global community to examine any document relentlessly for credibility, plausibility, veracity and falsifiability … WL may become the most powerful intelligence agency on earth, an intelligence agency of the people … WL will be an anvil at which beats the hammer of the collective conscience of humanity … WL, we hope, will be a new star in the political firmament of humanity

The story of WikiLeaks, as well as Assange’s life, has been told many times in various books, movies, and articles. For one, Andy Greenberg’s This Machine Kills Secrets: Jullian Assange, the Cypherpunks, and Their Fight to Empower captures many details from both. Assange and the organization he founded have become the subject of controversy. While some perceived WikiLeaks to have too close a tie to the CIA, others found it captured by “the Left”. Nonetheless, by many measures, it may be considered a successful project as it won awards from both Amnesty International and The Economist, as well as managed to successfully publish a crazy amount of information that would not have been available to the public otherwise. This was all the more clear after the infamous release of Collateral Murder, which gained Wikileaks massive attention worldwide. Even though it seemed to be a well-running organization, there was much tension within. Assange’s complicated personality was not helpful in this regard, and some of his colleagues began to see the dark side of his genius. Like many great men in history, Assange too was fighting many battles, including the one with his ego:

I don’t like your tone. If it continues you’re out. I am the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all of the rest. If you have a problem … piss off.

Those were the words Assange reportedly said to one of his companions, Herbert Snorrason. It was not only him that witnessed increasing tension as well as dictatorial tendencies inside WikiLeaks. The organization was imploding from within. By the time the rape allegations against Assange occurred in 2010, he had amassed enemies all over the world, and some inside the organization as well. Assange embodied many of the ideals that the Cypherpunks movement was based on. He has been a great example of a heroic vanguard, fighting selflessly for universal freedom of expression as well as his vanity.

Cypherpunks did not get involved only in software projects, however. They built hardware too, including the incredibly expensive Deep Crack machine that brute-forced the Data Encryption Standard in just a few days, demonstrating the weak security it provided to prove the government’s claims and recommendations of the algorithm wrong. They also engaged in policy advocacy offering their expertise on various matters related to encryption, despite long discussions about the efficiency of lobbying versus coding. Wei Dai in one of his posts in 1995 argued:

Recently there's been a great deal of discussion on this list about upcoming legislations (HR666 S314 etc.). Maybe it's time to step back a little and look at the bigger picture. I've been assuming (perhaps incorrectly) for some time that most cypherpunks hold a belief somewhat like the following:

There has never been a government that didn't sooner or later try to reduce the freedom of its subjects and gain more control over them, and there probably never will be one. Therefore, instead of trying to convince our current government not to try, we'll develop the technology (e.g., remailers and ecash) that will make it impossible for the government to succeed. Efforts to influence the government (e.g., lobbying and propaganda) are important only in so far as to delay its attempted crackdown long enough for the technology to mature and come into wide use.But even if you do not believe the above is true, think about it this way: If you have a certain amount of time to spend on advancing the cause of greater personal privacy (or freedom, or cryptoanarchy, or whatever), can you do it better by using the time to learn about cryptography and develop the tools to protect privacy, or by convincing your government not to invade your privacy? I argue that since there are many more people doing the former (EFF, CPSR, etc) than latter, that you'd be more effective if you spent the time on the former.

The mailing list members significantly contributed to the report on encryption policy made by the National Research Council in 1996. The report recommended that the US government loosen restrictions on encryption. Some of the Cypherpunks were heavily involved with several lawsuits they filed, with a significant portion of them filed against the US government and its actions they deemed unconstitutional. They encouraged civil disobedience, especially with regard to laws related to the export of cryptography in the mid-90s. The list of members included many interesting names even though not all would label themselves as Cypherpunks. To sum up a few of the more prominent names on the list:

Julian Assange - founder of WikileaksJacob Appelbaum - Tor developerAdam Back - creator of Hashcash, co-founder of BlockstreamJim Bell - author of Assassination PoliticsSteven Bellovin - Bell Labs researcher and Chief Technologist for the US Federal Trade CommissionBram Cohen - creator of BitTorrentJohn Gilmore - founder of Electronic Frontier FoundationStuart Haber - co-inventor of “blockchainEric Hughes - Cofounder of CypherpunksBrian LaMacchia - head of research at Microsoft ResearchTim May - author of Crypto Anarchy ManifestoHal Finney - creator of RPOWBruce Schneier - well-known security researcher and authorEmin Gün Sirer - Founder of Karma and Ava LabsScott Stornetta - co-inventor of “blockchainNick Szabo - inventor of Bitgold and smart contractsZooko Wilcox - founder of ZcashPhilip Zimmermann - creator of PGP

Cypherpunks today

Nowadays even though the mailing list does not exist anymore, quite a few self-described Cypherpunks are active on “Bitcoin twitter”. Their scope of hacking extends from computer systems to legal systems. Perhaps the most authentic image of what it means to be a modern cypherpunk is referenced by a well-known Bitcoiner James Lopp in his 2018 Baltic Honeybadger talk noted in the bibliography.

Today, one may find one of the largest concentrations of Cypherpunks in Prague at Paralelni Polis, during the Hackers Congress held annually in early October. Here builders and thinkers from the space gather to discuss the ideas and tools of freedom. It’s where the movement’s icons like Tim May and Jim Bell meet the new generation, and where old ideas are rethought and reshaped. The venue itself is a manifestation of human creativity. It was built on the ideas of Czech dissident Vaclav Benda, who called for building parallel institutions that could provide an alternative to the corrupted and dysfunctional system within former Czechoslovakia. Blending these concepts with the ones of Cypherpunk visionaries resulted in the creation of the world’s first Bitcoin-only cafe in Prague that has become the gathering place for hackers, artists, libertarians, and liberty advocates from the region of Central Europe. One of the founders, Pavol Lupták, an ethical “white hat” hacker explains his view on governments and their efforts to control emerging parallel systems:

Governments will never give up admitting their failures — that's why they are governments. I don't know any government in the world that has ever publicly disclosed they lie about anything. The more likely scenario is that in a complex peer-to-peer high tech society after some time, we will not need them anymore, and they will become obsolete like most technologies in the following years we are using now.
I think something like 'decentralized Uber for everything' can be a big game-changer. If one's 'perfect app can fulfil almost all desires of all people and connect all people according to their needs allowing anyone to offer anything, then we will not need the central government anymore. Peer-to-peer digital decentralized economy with minimal transaction costs will replace inefficient gigantic monopoly from the last millennium.

Communities like this have popped up in other places around the world as well. Some of the most vocal voices of today’s Cypherpunks movement are Berlin-based hackers Frank Braun and Smuggler, who host the Bitstream podcast and are also active on Twitter. They also regularly give talks at the Hackers Congress. In our interview, Smuggler provided insightful comments on the overlap of the Bitcoin community and the Cypherpunks heritage:

I think that it (the Bitcoin community) can only be a successor in small parts. I think one of the things in which it is a successor, is that there is a certain enthusiasm to do things outside of state control. Which only applies to a small part of the Bitcoin community. There are quite a lot of people within that community that want to have Bitcoin within the context of the state. There's also the issue that the Cryptoanarchist ideas are much bigger than just Bitcoin or payment systems. And to be exact, I actually think that the early standards of the Cryptoanarchist ideas, when it came to payments, were different in a way it was higher in privacy etc., it was lower in the aspect of issuer risk.
So there has been a change on what is important. So, for example, one of the things that only really came from the cryptocurrency field was that everything has to be decentralized and a lot of people use decentralization as a synonym for Cryptoanarchy, but I think it has actually very little to do with each other. If a system is centralized or decentralized has not that many effects as we believe it does. It's mostly a technical question and it's a question on how good you are in modeling risks and governance.

History suggests that to be passionate about digital privacy rights in the modern era does not require one to be a crypto-anarchist. As Phil Zimmermann outlined in his 2016 talk at the CeBIT conference, PGP was essentially a human rights project. As governments come and go, some more democratic than others, the assumption of a continuous benevolent government is not realistic. Even strong democracies may eventually turn into dictatorships.

Therefore, it is of utmost importance to design society on the principles that will guarantee a balance between the power of governments and the public. Individuals should always have a way to steer clear of government oversight when it comes to their digital life, without the fear of being prosecuted. Arguing against privacy because of possible criminal activities is unfair, unjust, and incorrect. Criminals also operate in the nexus of government institutions, if not more frequently than do in the general population. History is full of evidence proving it. Governments should not be afraid of technological progress in the hands of the people. The reasons behind creating and developing technologies that safeguard the public, though, are more than legitimate.

Chapter 03
00 — Intro