Back to "Code Warriors"

Building a Better Monkey Wrench

By Julian Dibbell

julian@panix.com

( 1993, Originally published as a sidebar to "Code Warriors: Battling for the Keys to Privacy in the Info Age" in The Village Voice, August 3, 1993)


Contrary to the conventional wisdom of an age gone cuckoo for "smart" technology, Luddism is neither dead nor beside the point -- it's just gotten smarter. The Cypherpunks and other cryptography hackers are model practitioners of a new, techno-savvy Luddism, implementing and popularizing sophisticated gadgets that could short-circuit the awesome surveillance capabilities built into cyberspace without harming its equally awesome power to connect individuals. Long-term, these brave new tools will do more to keep Big Brother out of your business than any legislation can, so you owe yourself at least a cursory understanding of how they work. The following primer should jump-start you. Read it and get smart.

PUBLIC-KEY CRYPTOGRAPHY: Most encryption schemes require sender and receiver to agree on a secret encoding number, or key, before communication. This increases vulnerability, since that first message establishing the key can't itself be encrypted. Public-key systems, invented in 1975 by Ur-cypherpunk Whitfield Diffie along with Martin Hellman, have no such requirement, making them ideal for the highly snoopable channels of computer networks. In public-key crypto, everybody creates two keys, one published for all the world to read, and one kept absolutely secret. Whatever's encrypted with the first can only be unlocked with the second. Thus, if you want to send someone a secret message there's no need to make prior contact -- you just look up that person's public key and use it to encrypt the text. Current usage: The free public-key encryption program PGP is one of the most popularly deployed crypto tools in the on-line world, with PGP public keys rapidly becoming the electronic superhighway's equivalent of vanity plates.

ANONYMOUS REMAILERS: These systems aim to conceal not the contents of a message but its source. A remailer is a network-connected computer that takes in e-mail, then sends it on to a destination specified in attached, encrypted instructions, thus placing a veil between sender and receiver. If the message is sent through a chain of even a few remailers, the veil quickly becomes rock solid, guaranteeing the sender's anonymity. Current usage: The Cypherpunks maintain a working anonymous remailer chain, but the most active are the one-hop systems used by participants in public on-line discussions of bondage, foot worship, and assorted other predilections they might not want their computer-literate boss/parents/neighbors to know about.

DIGITAL SIGNATURES: In the fluid world of digital info, how do you verify that a message is really from whom it claims it's from? Turn public-key cryptography inside out, that's how. Have the sender encrypt the message with her private key, then let the receiver try to decrypt it with the sender's public key. If the decryption comes out clear, then the sender's identity is confirmed -- without revealing her private key or even, if the public key is attached to a pseudonymous but otherwise trustworthy on-line persona, her physical identity. This is more or less how digital signatures work. Current usage: mainly in corporate and bureaucratic settings, though all good Cypherpunks try to make a habit of e-signing their e-mail.

ELECTRONIC CASH: Imagine the convenience of credit cards combined with the anonymity of cash. Imagine a microchip-equipped debit card that instantly deducts transactions from the user's bank account, yet does so without revealing the payer's identity to the payee or linking payer and payee in the bank's records. Imagine these mechanisms set loose in the world's computer nets, converting great chunks of money supply into fast, loose, digital e-cash. The wizardry of public-key crypto can make all this happen and probably will. Current usage: experimental, mostly. Denmark, however, is gearing up to implement an encrypted smart-card system, based on the ideas of crypto-hacker David Chaum, who holds patents on most e-money applications.

BACK TO "Code Warriors"