Feeds

Cypherpunks RIP

List 'dead and buried' founder says

  • alert
  • submit to reddit

Website security in corporate America

The Cypherpunks list, an online forum that in many ways defined Internet activism, was booted unceremoniously from its original home, toad.com, earlier this week.

In an open posting to several mailing lists, Cypherpunks veteran John Gilmore all but dismissed the computer-security and privacy forum he co-founded in the early 1990s. It had, he wrote, "degenerated a long time ago to the point where I have no idea why more than 500 people are still receiving it every day."

Yet, for all the irrelevant comments, vicious infighting and radical libertarian politics that flourish on the list, Cypherpunks has chronicled every important event in the short history of modern cryptography, as well as the cyber-rights movement that grew out of it.

The mailing list spawned not just commerce but an entire philosophy. Members vanquished U.S. controls on cryptography exports, and opened up a wider dialogue about the use and misuse of technology.

"Cypherpunks has really advanced the state of the art," said Peter Wayner, a cryptographer who vetted every one of his eight books on programming and technology on the list. "One of the greatest advantages is so many people are not constrained by non-disclosure agreements or the need to keep their jobs."

Seemingly every major figure in cryptography and computer security has passed through the list from time to time. Past participants include noted cryptographers such as Matt Blaze and Adam Shostack, computer firewall inventor Steven Bellovin, and the first developer of a commercial firewall, Marcus Ranum.

Some say it was the Clipper Chip that made it all possible.

In 1992 the Clinton Administration revived an earlier Bush Administration proposal to, in effect, regulate all data-scrambling technology used in the U.S. The so-called Clipper Chip would have "escrowed" encryption keys that ordinary citizens used. If police ever encountered encrypted email or other data they could not decipher, they could monitor those communications under "legal authority."

A storm of controversy followed. Businesses said the proposal undermined U.S. products in a world market that required no such "key escrow." Civil libertarians predicted massive email snooping once the Internet took hold.

Hundreds of smart but worried programmers flocked to Cypherpunks. They learned about not just encryption, but digital cash, anonymous remailers capable of sending messages without a discernible return address, even "black nets" that would use all three together to form a perfect black market with worldwide reach.

Some reveled in the idea of "crypto-anarchy." Others went to work.

Lance Cottrell, then a graduate student at the University of California at San Diego, joined the list because he wanted to fight the Clipper Chip. Energized and excited by a field that was new to him, he soon went to work on what became the Mixmaster remailer, which solved many security vulnerabilities in traditional remailers.

"It earned me a reputation," Cottrell says today. "I was one of the people who had gone out and done something about it, instead of just talking about it."

Publicists now hawk his Anonymizer.com as one of the rare Internet-only companies that actually turns a profit.

Adam Shostack, a top cryptographers at Zero-Knowledge Systems in Montreal, earned his chops at Cypherpunks, too.

"Smart People with Cool Ideas"
Back in 1992, Shostack was a lowly systems administrator at Boston's Brigham and Women's Hospital just beginning to learn about computer security. His interest in firewalls led him to the list, and from there to contacts throughout the computer-security community. Soon he had learned enough to publish an early critique of secure log-in technology sold by Security Dynamics. Along the way, Shostack met Matt Blaze an early debunker of the Clipper Chip's flawed security, as well as Adam Back and Ian Goldberg, each of whom had discovered serious problems with credit-card security in early versions of the Netscape browser.

The work helped Shostack land the job at ZKS.

"It was involving," he says today. "There were lots of really smart people playing with these really cool ideas. As a young guy who was just getting into this stuff, it was a great way to really jump in. I'm not saying it was polite or easy we all did our share of roasting one another, but the ideas really overcame that."

Architect John Young found a new outlet for his political leanings through Cypherpunks, and in the process started one of the most closely followed archives on the Net.

Young was fascinated by the interplay of the civil and governmental on the list. The dynamic of intellectuals pitted against federal watchmen reminded him of his days as a 60s radical at Columbia University. Cypherpunks and the Internet gave him a new chance to follow in the footsteps of the time. Soon, he was publishing classified and formerly classified documents about encryption and surveillance at cryptome.org.

Over the years, documents from the FBI, NSA, CIA, British intelligence and a multitude of other sources have landed at his Web site. Major newspapers and television networks have picked up and run with the documents.

His archives also feature a long list of legal documents revolving around the fight to unseat copyright laws, like the Digital Millennium Copyright Act, that limit what consumers can do with materials they buy. Research itself, Young says, is threatened in fights over copying technologies like Napster, and tools designed to crack copy-protection schemes.

Like John Gilmore, Young concedes the Cypherpunks list has lost something it once had. But unlike Gilmore, he thinks it is still valuable.

Other, moderated forums like the popular Cryptography mailing list cannot equal the spontaneity of thought found on Cypherpunks, even today, he says. "These lists have more or less withered under moderation, but things continue to happen under Cypherpunks. These other ones get so serious and important sounding people walk away. They forget the Net is supposed to be entertaining as well as educational."

The Cypherpunks list will continue to be hosted on other sites, but many participants agree that the ejection from its birthplace is a moribund milestone.

Wayner, for his part, says many, more conventional lists sprang from Cypherpunks because one list simply could not do it all. That, he said, is a tribute in itself.

"The main reason the list doesn't seem to have the center of gravity anymore is the topic has gotten so big and gone in so many directions," Wayner says. "It used to be you could read maybe (the newsgroup) comp.risks and Cypherpunks and you had read all there was. Now there are so many things going on it can't be the center of gravity, it can't be the center of all things."

© 2001 SecurityFocus.com, all rights reserved.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.