what does C-A-C-L stand for? alpha ----- Original Message ----- From: "Tim May" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 17, 2001 10:00 AM Subject: CDR: The Crypto Winter
> Alternative Subject Name: Decline and Fall: Crypto without politics is > just applied number theory > > This will be a long article. Fair warning. > > Also, I plan to reply only to folks who make a serious effort to debate. > Folks who chime in with inanities or with "Another C-A-C-L rant!" will > of course just ignore. I don't expect much discussion, though. For the > same "lots of reasons" I mention many times below. Still, I wanted to > make these points even if only six of you are worth responding to. > > > On Saturday, November 17, 2001, at 12:10 AM, Declan McCullagh wrote: > > > On Fri, Nov 16, 2001 at 10:31:24PM -0800, Petro wrote: > >> Part of the energy in those days was people pushing in to vastly > >> new territories, figuring out how to solve the hard problems--and there > >> were a whole bunch back then. There are still lots of hard problems, > >> but > >> they come in dribs and drabs, and often one of these new problems can > >> be > >> reduced to one or two old problems--which isn't nearly as interesting. > > > > I may have started reading the list in 1994. To add something to the > > above: Also in the early days, folks were still thinking through the > > implications of the technologies, the future was a bit sunnier than it > > is nowadays, and there weren't quite as many (this may be just wishful > > thinking) loserflamers around. In addition, the FBI and Secret Service > > and TIGTA and whatnot hadn't been interrogating and arresting list > > members. > > There are many reasons/factors for the decline. Few would argue that the > decline has been a many-year process. As I lack the energy or will to > write a detailed essay (which is one of the reasons...), I'll summarize > a few basic reasons: > > 1. The newness issue. Even before the list/group started, finding new > and amazing implications was so easy that we were able to figure out a > bunch of things before the official crypto community noticed them. Early > list messages were often about these implications. Hal Finney, Eric > Hughes, Duncan Frissell, and a dozen others were all actively debating > these implications--years before the "crypto press" started reporting > them, years before even apologists for Big Brother started denouncing > them. The newness has shifted. I'll come back to this issue again. > > 2. Fewer infusions of new blood. We had some good infusions of new blood > in the 1993-95 period, including people like Lucky Green, Declan > McCullagh, and Greg Broiles. In the past couple of years, fewer creative > contributors have arrived. We had a guy from Germany, whose name I have > spaced out on, but he showed up at ZKS (another point I will get to in a > moment) and hasn't been active on the list in a long while. In the last > year or two, David Molnar stands out as a new and innovative > contributor, but I believe his is now involved in a start up in NYC and > so he doesn't post here often anymore. > > A couple of apologists for Big Brother have arrived (George@Orwellian, > whom I am tentatively assuming is the same as the frequent Nomen Nescio > user: a leftie who rants about the evils of ideas here), a couple of > agent provocateurs have arrived, and several infantile flamers are still > here. > > [Note: Related to this point and the one following below, we had a > _huge_ number of students and grad students active on the list in the > early years. "Wired" did a big piece on Cypherpunks in their second > issue, and "Wired" was still cool in those years. A surge of subscribers > hit the list in 1993. And Clipper was much in the news. Many of those > students contributed provocative, anarchist-leaning ideas. Many went on > to get jobs in industry, even in crypto and security. Some went to > Microsoft (Matt Tomlinson, I believe, and possibly Wei Dai, though I > could be wrong), some went to Netscape, some to RSA, and so on.] > > 3. The commercialization of crypto. This has been a plus and a minus. On > the plus side, several startup companies have drawn heavily from former > (or lurking) list members, including C2Net, Digicash, PGP, RSA and > Verisign, security consulting companies in the Bay Area, Zero Knowledge, > and the security departments of leading dot com and Net companies. Even > Mojo Nation, which had about half a dozen list members in it--not much > being heard from it now. > > (Remember when three members of the same family were on the list and two > of them were essentially Netscape's security department! Remember when > at least three key list members worked for Digicash?) The ZKS issue > alone took half a dozen of our most significant contributors off the > list (for various obvious reasons), including Ian Goldberg, both Adams > (Back and Shostack), and some others. And when ZKS recast itself a year > or so ago as some kind of "consulting company" (??) and then when they > recently dropped the Freedom remailer/proxy service, things took another > steep decline. Even if these former list members end up leaving ZKS, as > would seem likely, I doubt they'll return to our list.) > > The effects of the commercialization were manyfold (or is it manifold?) > and deserve an entire essay, but here are a few of them: > > a) Cypherpunks physical meetings (second Saturday of each month, held in > the South Bay 1992-95, held all around the Bay Area after that) became > more corporate-focused. Guys at companies often recruited. A kind of > rolling job fair. > > b) The projects discussed started being more and more about what some > particular company was doing > > c) I believe some people are much less willing to discuss radical > implications and ideas when they think future employers may be reading, > or may have access to their posts through search engines. It may be > coincidental, but the beginning of the real decline of the list happened > at just about the same time the Web was becoming ubiquitous (which has > other implications, mentioned later) and as search engines like Deja > News and Alta Vista made it obvious that one's words on the list would > echo forever. > > d) Siphoning of energy. Not a bad thing, but the commercialization of > crypto definitely meant that many long-range projects were shifted to > short-range. Depressingly, most of the short-range efforts never really > went very far. (Between the dot com crash and other things, all we > really have is what we had in 1992: basic crypto and signatures.) > > e) The mess with PGP. At one point, probably a dozen list members worked > at PGP, and we often heard updates from them on new versions. (One of > those pluses as well as minuses. A plus that PGP was expanding, and that > usage was increasing, but a minus because all it really was basic > encryption stuff, so it was fairly boring to spend meetings discussing > the details of a version update.) The transfer of PGP to NAI further > confused things, and now there are probably fewer PGP users than in > 1996. (Multiple versions, an OpenPGP version, a GPG effort, Zimmermann > at Hushmail, and NAI saying they plan to demphasize PGP....already a > moot point.) > > [Note: There was a period when using PGP was "cool." Lots of digerati > were using it, playing with it. It showed up on "Wired"'s "hot" list. > This has changed. Lots of reasons.] > > 4. The discrediting of "politics." After the first heady year or two of > discussing digital money, data havens, dead drops, black nets, tax > avoidance, colonization of cyberspace, and so on, some voices began to > argue against talking politics. To be sure, the list had always been > focused on the "exploitation of crypto for meta-political purposes." > Mundane politics about left vs. right was not interesting to most of us. > Yes, the list had a strong libertarian focus, but so does much of the > Net and so does much of the computer community (with also a > lefty/Green/ecobabble contingent out there, though not on this list). > Why this is so should not surprise anyone. > > The discrediting of politics was correlated to the formation of > alternative lists. Lewis McCarthy started a moderated list called > "Coderpunks" in which only code and programming techniques was to be > discussed. Perry Metger started a moderated list called "Cryptography." > Some of the active participants in Cypherpunks did most of their posting > on those lists...let a thousand flowers bloom and all. I chose not to > subscribe to those lists for a couple of reasons. First, I hate > moderated lists where some satrap decides what is OK for me to talk > about and what is not. Second, I am much less interested in the C++ > coding of Rijndael than I am in discussing digital money and > quasi-political issues touching on economics, public policy, social > repudiation and reputation issues, etc. In my view, crypto without > politics is just applied number theory. > > The discrediting is even happening on the Cypherpunks list. It is deeply > ironic that people who have never contributed an innovative idea, > poitical or technical, are hectoring us that "Cypherpunks write code!" > (Having been involved since the Ur-Cypherpunk days, I know precisely > what that slogan means, and it _doesn't_ mean what many think it means.) > > 5. The resurgence of politics and law. Strangely, despite the above > discrediting, politics and law became _more_ of the focus of the list! > How could that be? Here's a partial list: Communications Decency Act, > the Bernstein case, crypto export laws, ITAR, European plans to regulate > crypto, Napster, copyright, the DMCA, and on and on. Despite the > "Cypherpunks write code!" pseudo-mantra, more and more physical meetings > were devoted to hearing from various spokeslawyers representing the EFF, > EPIC, CDT, and other lobbying/litigating firms. More and more list > members muttered about going to law school...and some did. > > (Not to besmirch the reputation of Greg Broiles, who was already > well-along in law school before beginning to contribute many fine > > On to another major, possibly _the_ major, factor: > > 5. The boredom factor. As Declan and Petro have noted, the ideas are not > new. The same reasons that made the 1992-94 period so heady also mean > that later developments are usually just revisitations or rediscoveries > of the "nuggets" found in the early years. This is like any new field: > the early pioneers find gems and nuggest lying on the ground, lots of > low-hanging fruit. (To mix some metaphors.) Later arrivals find the > low-hanging fruit gone, the richest veins of ore already mined. > > (I have not given up. There are amazing things yet to be done. I had a > stimulating discussion with some computer pioneers last weekend and am > redoubling my own efforts in my "ontology" project I have occasionally > mentioned.) > > The "read the archives!" advice often given, especially by me, is only > to be expected. When literally tens of thousands of articles, some of > them very long and detailed, have already been written on core topics, > why should any of the "old-timers" spend an hour writing an essay to > educate a newbie who is unwilling to even spend a few minutes with > Google looking for already-written articles? > > (And many of the newcomers are shockingly ignorant of even the basic > definitions and ideas, ones that have been written about in full-length > articles. My own chapter-length essays outline the basics and have been > included in recent books like "Building-In Big Brother" (Ludlow), > "Crypto Anarchy, Cyberstates and Pirate Utopias" (also Ludlow), and the > forthcoming "True Names and the Opening of the Cyberspace Frontier" > (Vinge, Frenkel, others). Any search on the keywords so common on our > list will turn up full-length articles, as well as the "Cyphernomicon" > mega-FAQ I spent (wasted?) about a year of my life working on.) > > 6. The failure to get true digital money. Call it what you like, > "digital cash" or "ecash" or even one of Hettinga's pet names, but the > fact is that for both political and technical reasons we don't have > digital cash. This has ripple effects for nearly all of the constructs > which depend on digital money: data havens, good remailers, black nets, > beacons, and of course for certain sociopolitical implications of > untraceable transactions. > > Without this basic building block, we are left just with the "privacy" > stuff...and the privacy stuff is both fairly boring and at the same time > wrapped-up in legal/political baggage about secrecy, hiding things, etc. > Boring! > > Why digital money has not happened is still an interesting topic to > discuss. I described the two axes of "value of untraceability" versus > "cost of untraceability" in an article I wrote a few months ago. I > characterized the "millicent ghetto" that most companies have > concentrated on, and the fallacy of the "one size fits all" pricing > models. > > Now, given the events of 911 and the rush to control the Net and to > impose new and unconstitutional limitations on what people can do with > their own money, the likelihood of a quasi-visible digital money > operation like Mark Twain Bank setting up seems to be nil. > > Money-laundering laws, and the attempted crackdowns on "hawalah" > exchanges, will mean any digital cash effort will have to be done beyond > the margins of the law. Maybe for something with no identifiable nexus, > something beyond even what Gnutella and Freenet are doing. Beyond > Morpheus/Music City, beyond Mojo Nation, beyond _any_ of the current P2P > efforts. (By the way, the only book that I know of on Peer-to-Peer > computing has references to the pioneering role that Cypherpunks played, > in remailers, in screen-saver code crackers, etc. Look to the archives > from 1992-94 and one will see most of the P2P issues covered, from the > point of view of distributed, agoric models, black markets, etc. My own > BlackNet, 1988, is obviously a P2P model.) > > This failure to get workable untraceable digital cash (true 2-way > untraceable, not the bastardized, banker-friendly, government-friendly > one-way untraceable form) is the _deep_ reason things are stagnating. > > And we are not alone... > > "How to make money off of these ideas" is the fundamental reason the dot > com crash happened. Absent efficient digital payment systems, and absent > strong cryptographic constructs to build cyberspace structures, just > about the only working model for funding all of these dot com things was > "online advertising." That, coupled with scads of companies all > figuring they would dominate their markets. > > I'm concentrating here on the online digital services companies, not so > much the "clicks and mortar" companies trying to sell dog food over the > Net (yeah, the pets.com and boo.com companies failed, but in their cases > the Net was just another communications medium for basically a > mail-order or phone-order business). More interesting are why the > crypto-related companies are failing. People just aren't paying for > digital signatures, encryption, and other "Cypherpunkish" things. > > This doesn't surprise me at all. But, I see that I am drifting away from > my intended brief listing of reasons for the decline and am instead > moving into something that should be saved for another article. > > In closing, the long-term prospects for our ideas are still bright. The > "degrees of freedom" (multiple senses) still mean that crypto anarchy > will likely triumph over central control. But we probably are facing a > "crypto winter" lasting at least 5 years, and maybe much longer. The > moves to expand wiretapping and surveillance, the Carnivore boxes, the > rapid move to reduce civil liberties in the wake of 911, the calls by > various European and Asian countries to crack down on use of the Net, > and the draconian restrictions on money....all of these things will make > it very difficult to establish Cypherpunks technologies. > > Maybe a collapse will come, maybe P2P will sneak these ideas in through > the back door (*). > > (* as might well have happened sooner had Napster _started_ in a > distributed, no nexus sort of way instead of starting as a central file > server with a huge "Sue me!" sign painted on the roof of their San Mateo > offices) > > The thing I would advise folks to do is to not think about getting rich. > Those who lust after the riches of an IPO for their Digital Signature > Datawhack, Inc. startup are probably heading for crushing > disapppointment. "Do what you love and the money will follow" is still > good advice. > > And working on the interesting stuff, even if it doesn't appear to be > "commercial," will probably be where the commercial things of ten years > from now come from. There are so many examples of this from past years > that I can't begin to list them here. > > Well, now I'm again moving afield into career advice, so I'll stop here. > > Best wishes, > > > --Tim May > "Gun Control: The theory that a woman found dead in an alley, raped and > strangled with her panty hose, is somehow morally superior to a woman > explaining to police how her attacker got that fatal bullet wound" > >