Feeds

Cypherpunks RIP

List 'dead and buried' founder says

  • alert
  • submit to reddit

SANS - Survey on application security programs

The Cypherpunks list, an online forum that in many ways defined Internet activism, was booted unceremoniously from its original home, toad.com, earlier this week.

In an open posting to several mailing lists, Cypherpunks veteran John Gilmore all but dismissed the computer-security and privacy forum he co-founded in the early 1990s. It had, he wrote, "degenerated a long time ago to the point where I have no idea why more than 500 people are still receiving it every day."

Yet, for all the irrelevant comments, vicious infighting and radical libertarian politics that flourish on the list, Cypherpunks has chronicled every important event in the short history of modern cryptography, as well as the cyber-rights movement that grew out of it.

The mailing list spawned not just commerce but an entire philosophy. Members vanquished U.S. controls on cryptography exports, and opened up a wider dialogue about the use and misuse of technology.

"Cypherpunks has really advanced the state of the art," said Peter Wayner, a cryptographer who vetted every one of his eight books on programming and technology on the list. "One of the greatest advantages is so many people are not constrained by non-disclosure agreements or the need to keep their jobs."

Seemingly every major figure in cryptography and computer security has passed through the list from time to time. Past participants include noted cryptographers such as Matt Blaze and Adam Shostack, computer firewall inventor Steven Bellovin, and the first developer of a commercial firewall, Marcus Ranum.

Some say it was the Clipper Chip that made it all possible.

In 1992 the Clinton Administration revived an earlier Bush Administration proposal to, in effect, regulate all data-scrambling technology used in the U.S. The so-called Clipper Chip would have "escrowed" encryption keys that ordinary citizens used. If police ever encountered encrypted email or other data they could not decipher, they could monitor those communications under "legal authority."

A storm of controversy followed. Businesses said the proposal undermined U.S. products in a world market that required no such "key escrow." Civil libertarians predicted massive email snooping once the Internet took hold.

Hundreds of smart but worried programmers flocked to Cypherpunks. They learned about not just encryption, but digital cash, anonymous remailers capable of sending messages without a discernible return address, even "black nets" that would use all three together to form a perfect black market with worldwide reach.

Some reveled in the idea of "crypto-anarchy." Others went to work.

Lance Cottrell, then a graduate student at the University of California at San Diego, joined the list because he wanted to fight the Clipper Chip. Energized and excited by a field that was new to him, he soon went to work on what became the Mixmaster remailer, which solved many security vulnerabilities in traditional remailers.

"It earned me a reputation," Cottrell says today. "I was one of the people who had gone out and done something about it, instead of just talking about it."

Publicists now hawk his Anonymizer.com as one of the rare Internet-only companies that actually turns a profit.

Adam Shostack, a top cryptographers at Zero-Knowledge Systems in Montreal, earned his chops at Cypherpunks, too.

"Smart People with Cool Ideas"
Back in 1992, Shostack was a lowly systems administrator at Boston's Brigham and Women's Hospital just beginning to learn about computer security. His interest in firewalls led him to the list, and from there to contacts throughout the computer-security community. Soon he had learned enough to publish an early critique of secure log-in technology sold by Security Dynamics. Along the way, Shostack met Matt Blaze an early debunker of the Clipper Chip's flawed security, as well as Adam Back and Ian Goldberg, each of whom had discovered serious problems with credit-card security in early versions of the Netscape browser.

The work helped Shostack land the job at ZKS.

"It was involving," he says today. "There were lots of really smart people playing with these really cool ideas. As a young guy who was just getting into this stuff, it was a great way to really jump in. I'm not saying it was polite or easy we all did our share of roasting one another, but the ideas really overcame that."

Architect John Young found a new outlet for his political leanings through Cypherpunks, and in the process started one of the most closely followed archives on the Net.

Young was fascinated by the interplay of the civil and governmental on the list. The dynamic of intellectuals pitted against federal watchmen reminded him of his days as a 60s radical at Columbia University. Cypherpunks and the Internet gave him a new chance to follow in the footsteps of the time. Soon, he was publishing classified and formerly classified documents about encryption and surveillance at cryptome.org.

Over the years, documents from the FBI, NSA, CIA, British intelligence and a multitude of other sources have landed at his Web site. Major newspapers and television networks have picked up and run with the documents.

His archives also feature a long list of legal documents revolving around the fight to unseat copyright laws, like the Digital Millennium Copyright Act, that limit what consumers can do with materials they buy. Research itself, Young says, is threatened in fights over copying technologies like Napster, and tools designed to crack copy-protection schemes.

Like John Gilmore, Young concedes the Cypherpunks list has lost something it once had. But unlike Gilmore, he thinks it is still valuable.

Other, moderated forums like the popular Cryptography mailing list cannot equal the spontaneity of thought found on Cypherpunks, even today, he says. "These lists have more or less withered under moderation, but things continue to happen under Cypherpunks. These other ones get so serious and important sounding people walk away. They forget the Net is supposed to be entertaining as well as educational."

The Cypherpunks list will continue to be hosted on other sites, but many participants agree that the ejection from its birthplace is a moribund milestone.

Wayner, for his part, says many, more conventional lists sprang from Cypherpunks because one list simply could not do it all. That, he said, is a tribute in itself.

"The main reason the list doesn't seem to have the center of gravity anymore is the topic has gotten so big and gone in so many directions," Wayner says. "It used to be you could read maybe (the newsgroup) comp.risks and Cypherpunks and you had read all there was. Now there are so many things going on it can't be the center of gravity, it can't be the center of all things."

© 2001 SecurityFocus.com, all rights reserved.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.