The biggest threat we face is our tendency to enslave ourselves in the name of a perfect society.
"Our government has kept us in a perpetual state of fear — kept us in a continuous stampede of patriotic fervor — with the cry of grave national emergency. Always there has been some terrible evil at home or some monstrous foreign power that was going to gobble us up if we did not blindly rally behind it by furnishing the exorbitant funds demanded. Yet, in retrospect, these disasters seem never to have happened, seem never to have been quite real." -General Douglas MacArthur July 30th 1957
Ike omitted the Congressional portion of the equation.
It's taken the collusion of both mainstream political parties, in concert with the military-industrial establishment, to bring us to the current juncture.
It would be so incredibly helpful for America's democracy if it had a multi-party system, where a new party could "easily" rise up to become the major one after 2 or so elections.
Having a 2 party system (for decades or centuries at a time) only guarantees that there will be a lot of things both parties will agree on, and there's nothing the citizens can do about it (other than massive protests, which don't seem to be happening in America anymore, or if they do happen they get mocked by the media, and then by the brainwashed masses who watch said media).
I think approval voting would change things dramatically, but even using the voting systems of other countries (such as having 2 voting tours) would help a lot:
>Democracy is a rather crap form of government, with several failure modes (of which the tendency to converge on an oligarchy is but one), but it has one huge advantage over other forms of government: it provides a mechanism for peacefully transferring power when a governing clique has outlived its popularity
First, I'd like to point out that by "democracy" he's referring to what we all understand by democracy right now - a democratic republic.
Now, I think the way most democratic republics work has failed. I think we need a lot more direct democracy elements implemented in the democratic republic system. He says there that even the democratic republics were formed so the transfer of power is done without bloodshed.
But what do you do when even in such a system, the people feel compelled to create massive protests, possibly even violent ones (most revolutions)? I think the answer is an even more democratic republic. And I think you can achieve that with more direct democracy elements, such as more citizen-made laws, referendums, citizen vetos of bills, and so on (some of these exist in some countries like Germany or Switzerland, but not a lot of them, and there need to be more to become "more democratic").
This way, when the citizens are really frustrated about something, they can just fight to change the laws themselves, instead of waiting for the corrupt government to do it, and instead of having to gather in the millions to protest the government in the streets.
Note: I'm not saying we should completely discard the democratic republic system, and do away with "representatives". That's what most people (mistakenly) think when they hear this type of suggestion.
What I'm saying is far from it. I just want the republics to become more democratic, and for more ways to exist to bypass the representatives in certain situations (explicitly defined in the law), when there is big frustration about something. But of course a balance must be kept, and the representatives should still handle 95%-99% of the policies.
An idea I find promising is delagate system. Every voter starts with one vote, which they can delagate to someone else (who can delagate to someone else, etc...). Additionally, you can reclaim or redelagate your vote at any time, or for a specific issue.
This system preserves the main benifits of a republic, while allowing direct democracy.
As an added bonus, it solves the problem of rebublics like the US where a party could have 5% support and 0% representation.
The UK is an interesting case study as for large chunks of its existence the publicly unacknowledged surveillance state, and legally unregulated surveillance state, policed itself on some very hard and fast rules.
MI5 (the internal security service) held very firmly to only gathering intelligence on political movements seeking to overthrow democracy rather than conforming to the wishes of the ruling party at the time. Successive left wing politicians on becoming Prime Minister feared there were large files on them or that the service wouldn't help. Instead they received briefings on the members of their party who were actually members of Militant Tendency, working for Russia or otherwise seeking to undermine democracy in the UK.
Compared to the FBI during the same period they were paragons of virtue. MI5 wasn't, and isn't perfect, but replacing a system of internal morality with outside laws and placement can easily corrupt.
Encryption is just one (important) piece of the privacy puzzle. Another important piece is steganography.[1]
Effective steganography could hide the fact that you're using encryption at all, and could make traffic analysis[2] more difficult. Widespread use of effective steganography could make wholesale digital spying a lot more difficult.
The use of anonymous remailers[3] also needs to become much more popular; in particular, the mixminion[4] remailer, which was designed to address many weaknesses in earlier remailers.
Traditionally much more difficult, but as or even more important than the technological solutions mentioned above, is educating the general public about the need for and value of privacy enhancing technologies. Fortunately, the massive publicity around the recent spying scandals is doing a lot of the hard work for us in this area.
Finally, there's a great need for educating the general public on how to use these privacy enhancing technologies properly, and making them easier to use. There's still a lot to be done on this front, but the challenges are not insurmountable, and they are getting easier as the general public becomes more computer literate and more privacy- and security-conscious.
I read something a while back (unfortunately, I can't find it) in the NYTimes postulating that the 9/11 hijackers used steganographic techniques to communicate via the open 'net. If that's true, I wondered, then what could possibly be the point of storing/analyzing internet communications twelve years later? If they were using steganography in 2001, I can't imagine the techniques they're using to hide in plain view today.
It makes you wonder what the actual point to all of this surveillance is. Regardless, I whole-heartedly agree with you that steganography should be prioritized much higher than crypto.
You are naive if you think that national security is the reason for all this surveillance. It's a pretext, a convenient excuse for the masses. The real reason is establishing a global surveillance network, monitoring digital communications both in the US and abroad and establishing/continuing international supremacy.
Since you can't explain it in those exact terms to the masses without causing an outrage, you have to tell them it's for their own safety and to protect them from brown skinned tunic-wearing AK47-waving freedom-hating lunatics.
Sixty years ago, if something weird happened most people would say, "Gee, I wish I owned a camera!"
Ten years ago, if something weird happened most of us would say, "Gee, I wish I'd brought a camera!".
Today, if something weird happens most of us would say, "Gee, I wish I'd had my phone out of my pocket when that happened!".
A couple of years from now, we'll just take for granted that we're recording everything around us all the time.
Humans love sharing stories, but we're obsessed with our own credibility. We could entertain others with a well spun tale far better than with a cellphone snap-shot, but we still strive to record that snap-shot so we won't need to tell the story and risk being doubted. In the process, we are eliminating the mutability of truth and perspective in human experience in favor of cold, hard bits that tell only the objective truth, and will do so perfectly for as long as they are stored.
While we worry about keeping the secrets we have, we're generating new secrets at an exponentially increasing rate. Secrets are necessarily losing their impact as a result. A nude photo was once a scandal. A hardcore pornographic movie, deliberately leaked, is now cheap promotion. Here in Canada, the mayor of a major city was allegedly caught doing crack on tape. People weren't sure whether to care or not, and it mostly came down to whether or not they already liked him. Society is changing to accommodate the reduction of personal privacy by becoming less responsive to scandal.
This is why the use of encryption has such difficulty overcoming sloth and why there is so little rage among the U.S. public about their loss of privacy. Compared to the indignities their pop-idols are subjected to, the snooping of the NSA seems benign. The government would have to start placing cameras in their bathrooms and bedrooms before they'd be properly outraged, and in a decade or two even that may be tolerable! However, even as some types of information lose their ability to wound, the type of information the government seeks will still serve as an instrument of control.
It's a bit of a conundrum. How do we make people care more about privacy when society is busy transforming itself to care less? I don't think the cypherpunk movement has a hope of combating this trend. Whatever it does for the good of society will have to be done in spite of society rather than with it's willing participation.
It's a bit of a conundrum. How do we make people care more about privacy when society is busy transforming itself to care less?
I'm not sure that society is transforming itself. I feel like there are certain corporate actors that are extremely influential in this area and should either review their business ethics or prepare to be regulated out of their present mode of existence.
I don't think the cypherpunk movement has a hope of combating this trend.
Perhaps you are right, but defeatism and apathy is easy. Why shouldn't people who dislike the negative aspects of society's present direction challenge themselves? As the old Margaret Mead saying goes, "Never doubt that a small, group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has."
Whatever it does for the good of society will have to be done in spite of society rather than with it's willing participation.
Will is a funny one. If you take the oft-quoted computational sphere view on truths, cultimating in self-evidence, then it may be fair to say that such truths entering the stage of self-evidence are indeed accepted by society with it's willing participation.
What scares me most is that now that storage is so cheap, everything can be stored for later. So even though no one may be watching now (likely), they keep a dossier with all your calls, mails, visited sites, google searches, for any time in the future to look at at their leisure.
It always reminds me of a shocking fact in Dutch history:
In the Netherlands, the Germans managed to exterminate a relatively large proportion of the Jews. The main reason was that before the war, the Dutch authorities had required citizens to register their religion so that church taxes could be distributed among the various religious organizations (https://en.wikipedia.org/wiki/Dutch_resistance)
And this looks so quaint now. We can only imagine what potentially damning information a totalitarian government can now find about every citizen retroactively.
Digital networks are increasingly an intermediate in every little communication and transaction between people. And with the internet of things, in everything we do, in the future maybe even inside our bodies (what's after Google Glass?).
We really need a way to prevent rampant data collection, otherwise the internet is a large threat to civilization. I didn't go into technology to facilitate some 1984-ish world government :(
And of course the prime example:
https://en.wikipedia.org/wiki/IBM_and_the_Holocaust
Putting aside questions about IBM's complicity, it's certain that Jews were indeed identified and recorded in their millions using the Hollerith punched card technology.
So is your plan to move technology back in time to 1938 so that people can't be tracked automatically?
Given that I don't see that as being feasible we should ask ourselves instead what can be done to avoid a homicidal state, even under the assumption that they have more computing power available than in your iPhone.
It's also a poster child of secure F/OSS comms - easy to get the source code, and crazy difficult to have a secure conversation with a verified buddy.
There's no obvious getting started guide, no plain English explanation stating that Pidgin must be installed first, nothing about configuring for first use, and nothing about starting a verified conversation.
Will that solve things? As we are seeing, much of the value is in the metadata, who is speaking to whom. Cryptography won't necessarily hide that, as ultimately the network itself needs to know where messages are going to.
The design of the network has a role to play. Is it possible to design a network that doesn't expose where information is flowing, or better yet, doesn't even need to know where information is flowing (it can't leak what it doesn't know)? Such a network would presumably not require an address space.
Freenet does something like this, exchanging messages by a process akin to a dead drop and restricting each node's view of the network to its immediate neighbours. I'm thinking something like Freenet, but operating as a physical network rather than an overlay network. Does such a thing already exist?
"Is it possible to design a network that doesn't expose where information is flowing, or better yet, doesn't even need to know where information is flowing (it can't leak what it doesn't know)?"
Post encrypted messages to Usenet; since anyone can receive them, there is no need for a destination address. Post the messages through anonymous remailers (mix-nets) if you want to avoid revealing that you sent them.
Strong crypto is only one step... but it's the no brainer softball step, it's _just code_ and it doesn't have to have any gnarly UI impact.
We won the important battle getting the regulations largely out of the way. If we can't achieve pervasive always on encryption— and at least kill passive dragnet content collection dead— then can we achieve anything at all?
I think there is a commonality between the war against pirating , wikileaks and government surveillance programs that all relate in some way to "information wants to be free." I'm not quite sure how to articulate it.
Basically, there is a trend. Technology liberates "information" by improving access to it. But the same forces also work on aggregating information. Information is not just what the government is doing. It's also what you are doing.
When we talk about governments trying harder to maintain their secrets or record companies trying to maintain their copyrights, it seems like they are fighting a lost cause. You can't fight the trend. copyright is meaningless in a world of digital copies. Information gets out. It gets aggregated. Is that any different from these
Same force only this time we don't like the result.
If you would not try to align record companies and the NSA in the axis of evil you would come to a less convoluted analogy: If we accept that copyright is meaningless in a world of digital copies (a.k.a. "cannot put the toothpaste back") the same holds for the river of digital traces everyone leaves behind.
So it's not governments who try harder to maintain their secrets, it's you (or us or whoever).
Just for the fun of it: take a recent pandora related artist-bashing thread, look for the "too late, digital wants to be free" comments and apply them to a scenario where we not talking about sound waves but phone metadata.
The cypherpunks have yet to do their greatest work. Join us.
Nice ending, a call to action and all that. Quick quiz then - what do fellow HN'ers see as some of the greatest work still to come from a cypherpunk-like movement?
If you are a moderately advanced user, then you can start using such methods right now. While no method is "perfect", they do exist.
Because you're advanced, you do not need to wait for Apple, Google, Microsoft, etc. to introduce them to you in their products and services.
Until these methods become popular beyond only advanced users, there will be a tradeoff in "convenience".
"Engineering" by nature involves tradeoffs. I think (and again, this is only my opinion) you have to decide what is more important to you and better in the lng run for everyone using computers: a. "convenience" or b. what is by advanced users perceived as "the smarter way" (for lack of a better phrase).
The large monopolies mentioned have set their focus not on the advanced user but on the user who purportedly values "convenience" (a subjective definition) above all else. They make guesses about what things might become popular and they make assumptions about what their end users want. The future of computers is always uncertain. These companies will react to what users are doing.
If you want the companies that provide "convenience" to redirect their focus toward what you believe is "the smarter way" then I think you must lead by example. Start using the methods you prefer, even when it is less convenient than not using them.
I do not believe any large company have economic interest in developing such technologies, in part because they can subvert current business models that are built on centralized identity authorities and communications monitoring, so I rely on independent efforts to see variants of these technologies that can reasonably be adopted by the people I interact with.
But we should be careful to distinguish technologies aimed at home users versus those aimed at the enterprise. Unlike the consumers they serve, US corporations are allowed and encouraged to secure their communications and the storage of their information. What technologies might be useful to them in this regard?
I also believe that when any software or system reaches a sufficiently large userbase, large companies will be soon to follow - whether their interest is in adopting the software/system for their own internal use or for some other reason, e.g. developing and marketing it themselves, under their own brand perhaps, to consumers. Software user mindshare has inherent economic value[1], even if the software users are attracted to is developed and distributed "for free" and even if it begins life with a cryptic command line interface.
1. Just as Microsoft. They will always react to whatever becomes popular among software users. Always. Even when it costs them milions with little hope of ROI.
For example, being able to communicate in an encrypted way with anyone.
This is not yet a solved problem, because now I can do that only with someone who is able and is willing to install PGP or other tools - a very limited number of people. That would be quite an achievement.
That would be nice, but such a goal faces at least five major challenges: not everyone has or wants computers, those with computers these days often don't control them anymore (OTA updates to or vendor-locked devices), most people aren't educated enough to use any solutions that do exist, global discoverability requires central or at least hierarchical registration prior to key exchange, and secure key management is still so painful that average individuals are not going to opt in to it without some kind of serious requirement on their part... or deal well with a potential scenario of key loss.
Don't forget identity management. It's easy to want to say you should be able to carry on an encrypted conversation with anyone as long as you think you can reasonably identify the other party as not being a government agent (or man-in-the-middle).
Yes, that was exactly my point - solution based on secure key management doesn't work for most people, so probably something completely different should be invented. I don't have solution that would work, I was just answering the question what "cypherpunks" can work on.
If there is a voice or video medium in the call, you can be pretty sure. If you are concerned about MITM for text and other data media, better to use non-real-time system that would use signed keys and public key crypto.
It sure would be nice if some major internet service offered a PKI-like service.
I'd call it X.509 Certificate Authorities. Unfortunately, the root of that is busted, so we should build on something else.
The same thing could be done with GPG, via identity validation (jumping through whichever hoops are required to link people's claimed 'real' world identities with their keys; probably checking documentation and then signing a key). However, that's probably best achieved via some decentralized method rather than trusting a centralized corporate intermediary as per X.509 CA's.
Its like saying in the 1950-s - if we ship enough weapons to the MLK supporters they will get their civil rights. Maybe, maybe not. What we will have for sure is more volatile and bloody situation.
Cryptography cannot be stable response to a surveillance/government overreach state. It just creates an arm race in which the government still has the power to beat you up to a pulp on whim. With a robot(wait 5 years).
It's the second amendment fallacy - enough technology in the hands of the people can stop the government.
By encrypting everything you just open the door for arbitrary enforcement on various laws.
What makes me disagree with this point is the same sentiment behind the phrase "the universe believes in encryption." As far as anyone on earth knows, prime factorization takes exponential time on a deterministic machine. Without one or two major advances in human knowledge, there can't be any "arms race".
More to the point, encryption isn't a "weapon" in this situation, it's the goal. If people are able to use encryption that can be trusted, the people have means to the basic right of privacy when they wish for it.
The arms race doesn't need to happen in the pure math realm of crypto. It can happen in a myriad of other areas. One example - if I have a keylogger installed on your computer, it doesn't matter how perfect your encryption algorithm is.
There is some math proof that you can always encrypt more than someone can decrypt, thus if everyone used crypto no government would be able to decrypt everything.
You are assuming that because he's proposing that crypto alone cannot be the answer to a surveillance state, that he wants a surveillance state. But I don't think that's what he wants.
Which is precisely why the government in the UK added encryption sections into the RIPA acts http://en.m.wikipedia.org/wiki/Regulation_of_Investigatory_P... people who fail to hand over keys to encryption can face a prison sentence. The rather obvious flaw in this is that people routinely forget their passwords and the prosecution have to prove intent.
Yet the UK has successfully obtained convictions for failing to hand over passwords - and the UK legal system hasn't yet been compromised to the level of ignoring reasonable doubt.
The majority of people who receive such notices hand over their decryption keys. Because the UK requires such notices only be made after consulting with specialists - it isn't like some random cop makes the requirement on their own. Those specialists can determine things like the likelihood of the "I forgot" defence working.
It should be fairly easy to come up with scenarios where claiming a forgotten password is unlikely. Especially if it is a case of the key being used regularly, for instance whole drive encryption, or one key for all email encryption. Then they're not claiming they forgot the key at some point - they're claiming they forgot it at the very moment the police came knocking. Because otherwise they'd have to claim they've been sitting on a bricked computer, or unusable email account. Which becomes even harder if you can show emails having been sent from that account up until a certain point in time.
Remember criminals tend not to be the smartest cookies running state of the art encryption with deniable characteristics etc.
When you argue against the routine use of strong encryption for data storage and communications, remember that before the NSA became the hot news, it was foreign hacking and spying that was the problem. You need strong encryption, and you will need it for threats that arise in the future.
Quick question then (which may be a bit naive). What happens when this crypto tech falls into the hands of terrorists - the ones that target human lives?
"Our government has kept us in a perpetual state of fear — kept us in a continuous stampede of patriotic fervor — with the cry of grave national emergency. Always there has been some terrible evil at home or some monstrous foreign power that was going to gobble us up if we did not blindly rally behind it by furnishing the exorbitant funds demanded. Yet, in retrospect, these disasters seem never to have happened, seem never to have been quite real." -General Douglas MacArthur July 30th 1957
Eisenhower warned us. http://www.youtube.com/watch?v=8y06NSBBRtY