On the Horizon Editors: Alessandro Acquisti, [email protected] | Hugh Thompson, [email protected]

hand, crypto-for-privacy often has What Happened to the social and political goals, and a mis- alignment of incentives frequently occurs. It’s crypto-for-privacy’s Crypto Dream?, Part 1 track record that’s of interest to us. The pioneers of modern crypto clearly recognized both types of Arvind Narayanan | Princeton University goals. In particular, they foresaw that as analog activities moved online, the ease of monitoring, logging, and searching everything meant that we could easily slip into a surveillance teven Levy’s fascinating 2001 in a way that would resist attack society. They saw crypto as a way to S book Crypto has the subtitle by governments, as long as the key thwart this danger and keep the same How the Code Rebels Beat the Gov- was secret. For the first time, some level of privacy we had in the analog ernment, Saving Privacy in the Digi- encryption algorithms came with world. I call this, for lack of a better tal Age.1 The “code rebels”—a loose clear mathematical evidence (albeit term, “Pragmatic Crypto”—cryp- coalition of academics, hobbyists, not proofs) of their strength. These tographic enhancements to various and civil-liberties organizations— developments came on the eve of digital systems that roughly maintain did indeed beat the government, the microcomputing revolution, and predigital privacy levels. I’ll return to causing the earlier restrictions on computers were gradually coming this in part 2 of this article. distribution of cryptographic tools to be seen as tools of empowerment In addition, there was a grander to be largely abandoned. However, and autonomy rather than instru- crypto dream. Its technical roots are this victory seems to have done ments of the state. These were the in the work of David Chaum in the miserably little to save privacy. In seeds of the “crypto dream.” early ’80s, culminating in his 1985 fact, you might look at the early paper “Security without Identifica- 2000s as the years when digital pri- Flavors of Crypto tion: Transaction Systems to Make vacy took a nosedive. Why did Levy To delve further, we must distin- Big Brother Obsolete.”2 Anony- and many other observers get it so guish different uses of cryptogra- mous digital cash, one of the key wrong back then? phy. The first distinction is between parts of Chaum’s proposal, by itself For over 2,000 years, evidence crypto-for-security and crypto-for- has political significance in that it seemed to support Edgar Allan Poe’s privacy. Even though they’re simi- offers an alternative to government- assertion, “human ingenuity can- lar at the technical level, they’re backed currencies. But Chaum went not concoct a cypher which human quite different at the social level. further. In his ideas of credentials ingenuity cannot resolve,” implying a The former is used in contexts and “blacklisting without lists,” we cat-and-mouse game with an advan- such as protecting financial trans- can see hints of pseudonymous rep- tage to the party with more skills and actions (for example, encrypting utation systems. Also, his technique resources. This changed abruptly in your credit card number when you for anonymity revocation contin- the 1970s owing to three separate buy stuff online). This means that, gent on double-spending of a coin developments: the symmetric cipher crucially, the incentives of all par- can be seen as an example of encod- DES (Data Encryption Standard), ties are aligned toward using crypto ing a social norm or rule (public the asymmetric cipher RSA, and to maintain security. And indeed, exposure of thieves) into crypto. Diffie-Hellman key exchange. For crypto-for-security has been the first time, it was conceivable that extremely successful, at least by the Cypherpunk someone with modest computing criterion that it has been a key to The cypherpunk activist move- resources could encrypt a message enabling e-commerce. On the other ment, which originated in the late

2 March/April 2013 Copublished by the IEEE Computer and Reliability Societies 1540-7993/13/$31.00 © 2013 IEEE ’80s, took Chaum’s ideas and ran anonymity technologies have an contributed to its success, although quite far with them in terms of rhet- important role to play in oppressive this impact shouldn’t be overstated. oric—in an explicitly subversive regimes. In particular, Tor (www. The organization itself derives its direction. For cypherpunks, crypto torproject.org) has found consider- protection primarily from Sweden’s was at the core of a vision of how able success as a censorship-circum- laws rather than anonymity tech- technology would cause sweeping vention tool. nologies. On the other hand, cryp- social and political change, weaken- Two more problems with tographic anonymity does seem to ing the power of governments and Cypherpunk Crypto seem worth be a factor in some whistleblowers’ established institutions. A closely pointing out. First, the more ambi- decisions to take that step. related term is crypto-anarchism, tious ideas such as Chaum’s pro- a political philosophy that, in its posal of commerce using “card idealized form, recognizes no laws computers” seem to require societal he lesson, I think, is reassur- except those that can be described buy-in. This requirement for a criti- T ing. Crypto and other tech- by math and enforced by code. cal mass of potential users unhappy nological tools have a role to play in Combined with ideas such as with the status quo makes the ide- keeping power in check, whether in information markets and predic- ology even more infeasible. In con- protecting those resisting authori- tion markets, even relatively simple trast, more modest tools such as tarian regimes or in bringing more crypto can be quite powerful. One email encryption are more incre- transparency to democratic ones. proposal was for markets that would mentally deployable. On the other hand, the evidence render legal intellectual-property Second, to impact the real world, doesn’t support an overly techno- restrictions meaningless. Another cryptosystems must come into logically determinist view in which was for pervasive untraceable (and contact with the real world; many crypto has its own logic that’s pow- hence unregulable) transactions. convenient abstractions and math- erful enough to reshape society The vision of crypto fundamentally ematical assumptions break down against the collective will. and inexorably reshaping social, at this boundary. For example, soft- economic, and political power ware security remains an unsolved Acknowledgments structures is what I call “Cypher- problem, which means digital cre- I’m extremely grateful to Joseph Bon- punk Crypto.” (Although I’ve dentials and cash can be stolen with neau, Ed Felten, and Vitaly Shmatikov described two extremes, a spectrum little recourse available to the vic - (in no particular order) for comments on exists between Cypherpunk Crypto tim. Also, anonymous digital mar- a draft, and to the audience at my talks at and Pragmatic Crypto.) kets for physical goods are useless if the Electronic Frontier Foundation and I don’t mean to suggest that this the goods aren’t actually shipped, so Princeton for useful feedback. Any errors, belief was mainstream in the crypto such systems still must contend with opinions, and omissions are my own. or tech communities—when law enforcement. cypherpunk cofounder Tim May References handed out copies of his Crypto- Rebirth? 1. S. Levy, Crypto: How the Code Reb- Anarchist Manifesto at the 1988 Some have claimed that Bit- els Beat the Government, Saving Crypto conference in Santa Bar- coin (http://bitcoin.org) and Privacy in the Digital Age, Penguin bara, the academics “pretty much WikiLeaks represent a rebirth of the Putnam, 2002. ignored him.”3 But the cypher- cypherpunk dream. I find this ques- 2. D. Chaum, “Security without Iden- punks were vocal enough and per- tionable. Although Bitcoin is a fine tification: Transaction Systems suasive enough that Wired, for technology with interesting niche to Make Big Brother Obsolete,” example, was a prominent early uses, it so far has had essentially Comm. ACM, vol. 28, no. 10, 1985, champion of the movement. no societal impact. The fact that its pp. 1030–1044. At least in retrospect, explaining more prominent uses such as Silk 3. A. Greenberg, This Machine Kills why the cypherpunk dream remains Road (an online black market) tar- Secrets: How WikiLeakers, Cypher- unrealized is like shooting fish in get fringe elements reinforces my punks, and Hacktivists Aim to Free a barrel. To put it simply, demo- point in the previous section. the World’s Information, Dutton cratic governments exist, to a first WikiLeaks is more complicated. Adult, 2012. approximation, with the consent Like Cryptome (www.cryptome. of the governed. So, the demand org), it has played a valuable role in Arvind Narayanan is an assistant for technologies that will upset that shining the light on abuses of power, professor of computer science at power balance is quite low. By the albeit a far cry from cypherpunk Princeton University. Contact him same token, however, crypto and rhetoric. And crypto has indeed at [email protected]. www.computer.org/security 3