[ISN] R.I.P. Cypherpunks

From: InfoSec News (isnat_private)
Date: Fri Nov 30 2001 - 03:21:45 PST

Forwarded from: "R. A. Hettinga" <rahat_private>

...and long live cypherpunks, of course, which, for years now, has existed
on a distributed network of un-killable lists, like some feral form of
Usenet, complete with obscene body piercings, matted hair, bad breath and
sharp, pointy teeth...

Send "info cypherpunks" in the body of a message to majordomoat_private for
details on how the cypherpunks distributed remailer system works now...




R.I.P. Cypherpunks

Once the online haunt of top cryptographers, the Cypherpunks list was
characterized by its mix of revolutionary politics and advanced
mathematics. This week, a founder pronounced it dead and buried

By Will Rodger
Nov 29 2001 10:15AM PT

The Cypherpunks list, an online forum that in many ways defined Internet
activism, was booted unceremoniously from its original home, toad.com,
earlier this week.

In an open posting to several mailing lists, Cypherpunks veteran John
Gilmore all but dismissed the computer-security and privacy forum he
co-founded in the early 1990s. It had, he wrote, "degenerated a long time
ago to the point where I have no idea why more than 500 people are still
receiving it every day."

Yet, for all the irrelevant comments, vicious infighting and radical
libertarian politics that flourish on the list, Cypherpunks has chronicled
every important event in the short history of modern cryptography, as well
as the cyber-rights movement that grew out of it.

The mailing list spawned not just commerce but an entire philosophy.
Members vanquished U.S. controls on cryptography exports, and opened up a
wider dialogue about the use and misuse of technology.

"Cypherpunks has really advanced the state of the art," said Peter Wayner,
a cryptographer who vetted every one of his eight books on programming and
technology on the list. "One of the greatest advantages is so many people
are not constrained by non-disclosure agreements or the need to keep their

Seemingly every major figure in cryptography and computer security has
passed through the list from time to time. Past participants include noted
cryptographers such as Matt Blaze and Adam Shostack, computer firewall
inventor Steven Bellovin, and the first developer of a commercial firewall,
Marcus Ranum.

Some say it was the Clipper Chip that made it all possible.

In 1992 the Clinton Administration revived an earlier Bush Administration
proposal to, in effect, regulate all data-scrambling technology used in the
U.S. The so-called Clipper Chip would have "escrowed" encryption keys that
ordinary citizens used. If police ever encountered encrypted email or other
data they could not decipher, they could monitor those communications under
"legal authority."

A storm of controversy followed. Businesses said the proposal undermined
U.S. products in a world market that required no such "key escrow." Civil
libertarians predicted massive email snooping once the Internet took hold.

Hundreds of smart but worried programmers flocked to Cypherpunks. They
learned about not just encryption, but digital cash, anonymous remailers
capable of sending messages without a discernible return address, even
"black nets" that would use all three together to form a perfect black
market with worldwide reach.

Some reveled in the idea of "crypto-anarchy." Others went to work.

Lance Cottrell, then a graduate student at the University of California at
San Diego, joined the list because he wanted to fight the Clipper Chip.
Energized and excited by a field that was new to him, he soon went to work
on what became the Mixmaster remailer, which solved many security
vulnerabilities in traditional remailers.

"It earned me a reputation," Cottrell says today. "I was one of the people
who had gone out and done something about it, instead of just talking about

Publicists now hawk his Anonymizer.com as one of the rare Internet-only
companies that actually turns a profit.

Adam Shostack, a top cryptographers at Zero-Knowledge Systems in Montreal,
earned his chops at Cypherpunks, too.

"Smart People with Cool Ideas"

Back in 1992, Shostack was a lowly systems administrator at Boston's
Brigham and Women's Hospital just beginning to learn about computer
security. His interest in firewalls led him to the list, and from there to
contacts throughout the computer-security community. Soon he had learned
enough to publish an early critique of secure log-in technology sold by
Security Dynamics. Along the way, Shostack met Matt Blaze an early debunker
of the Clipper Chip's flawed security, as well as Adam Back and Ian
Goldberg, each of whom had discovered serious problems with credit-card
security in early versions of the Netscape browser.

The work helped Shostack land the job at ZKS.

"It was involving," he says today. "There were lots of really smart people
playing with these really cool ideas. As a young guy who was just getting
into this stuff, it was a great way to really jump in. I'm not saying it
was polite or easy we all did our share of roasting one another, but the
ideas really overcame that."

Architect John Young found a new outlet for his political leanings through
Cypherpunks, and in the process started one of the most closely followed
archives on the Net.

Young was fascinated by the interplay of the civil and governmental on the
list. The dynamic of intellectuals pitted against federal watchmen reminded
him of his days as a 60s radical at Columbia University. Cypherpunks and
the Internet gave him a new chance to follow in the footsteps of the time.
Soon, he was publishing classified and formerly classified documents about
encryption and surveillance at www.cryptome.org.

Over the years, documents from the FBI, NSA, CIA, British intelligence and
a multitude of other sources have landed at his Web site. Major newspapers
and television networks have picked up and run with the documents.

His archives also feature a long list of legal documents revolving around
the fight to unseat copyright laws, like the Digital Millennium Copyright
Act, that limit what consumers can do with materials they buy. Research
itself, Young says, is threatened in fights over copying technologies like
Napster, and tools designed to crack copy-protection schemes.

Like John Gilmore, Young concedes the Cypherpunks list has lost something
it once had. But unlike Gilmore, he thinks it is still valuable.

Other, moderated fora like the popular Cryptography mailing list cannot
equal the spontaneity of thought found on Cypherpunks, even today, he says.
"These lists have more or less withered under moderation, but things
continue to happen under Cypherpunks. These other ones get so serious and
important sounding people walk away. They forget the Net is supposed to be
entertaining as well as educational."

The Cypherpunks list will continue to be hosted on other sites, but many
participants agree that the ejection from its birthplace is a moribund

Wayner, for his part, says many, more conventional lists sprang from
Cypherpunks because one list simply could not do it all. That, he said, is
a tribute in itself.

"The main reason the list doesn't seem to have the center of gravity
anymore is the topic has gotten so big and gone in so many directions,"
Wayner says. "It used to be you could read maybe (the newsgroup) comp.risks
and Cypherpunks and you had read all there was. Now there are so many
things going on it can't be the center of gravity, it can't be the center
of all things."

R. A. Hettinga <mailto: rahat_private>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 10:02:12 PST