[2453] in cryptography@c2.net mail archive
ALERT: CSPAN coverage of last night's MIT encryption panel
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Wed Apr 8 10:29:58 1998
Date: Wed, 8 Apr 1998 10:11:23 -0400
To: dcsb@ai.mit.edu, dbs@philodox.com, e$@vmeng.com, cypherpunks@cyberpass.net,
cryptography@c2.net
From: Robert Hettinga <rah@shipwright.com>
Last night, there was a panel discussion on encryption and wiretap policy
at MIT. The panel was moderated by Hal Abelson of MIT's computer science
department, revered author of MIT's intro to computing curriculum. The
panelists were Ron Rivest, the world's most prolific cryptographer :-),
Whitfield Diffie, the inventor of public cryptography itself, the FBI
official (I can't remember his name) in charge of implementing CALEA and
controlling domestic cryptography (though, of course, the FBI *says* they
don't want to regulate domestic cryptography ;-)), and Diffie's co-author
of their new book "Privacy on the Line", who's a very sharp crypto-policy
lawyer from the University of Massachusetts.
Certainly privacy-focused panels like this one on encryption policy ---
even one of this caliber -- are a dime a dozen, which has been one of my
pet peaves about any new debates on the subject of privacy "policy".
However, this panel is certainly worth watching when it shows up on CSPAN,
for something entirely unrelated to cryptography "policy" itself.
The discussion shows, for the first time that I've seen, the beginnings of
some serious acknowlegement of the economic reality of financial
cryptography and digital commerce by people on both sides of the issue.
Nobody was quite as emphatic as I am when I say that "financial
cryptography is the only cryptography that matters", of course, because my
bread and butter comes from getting out on a limb like that, but lots of
very clueful people seem to be getting there quite quickly by other means.
:-).
Most interesting to me was Whitfield Diffie's very important point that
organizations, and businesses in particular, are going to be individually
responsible for defending themselves from *economically* motivated -- and
increasingly granular --information warfare attacks on their computer
systems, and that government isn't going to be able to do much to help
them, most particularly by trying to legislate physics with cryptographic
"policy".
Diffie's remarks, and even some of Rivest's as well, certainly showed me
that a lot of the early encryption pioneers, who, I think, started out as
liberal statists with a privacy fetish :-), are now starting to think
beyond the very concept of the nation state itself. Though, they only just
starting to do so, as when I pointed this out to Diffie afterward, it took
a while for him to understand what I was getting at.
Certainly none of these guys are flaming cryptoanarcocapitalists yet, :-),
and certainly lots of people, like cypherpunks, have evangelized this stuff
to people like Diffie and Rivest many times before. But, I think that the
crypto establishment, if we can call them that, are beginning to understand
some of the more profound economic effects of financial cryptography on
ubiquitous public internetworks, things that lots of the rest of us are
beginning to actually implement.
In the subsequent question and answer session, after thanking Mr. Diffie
for inventing my business, :-), I made a point in a comment about not
needing the law to settle a digital bearer transaction, though I'm sure
most people missed what I meant by it. I certainly should have been
clearer. That is, if you you use digital bearer settlement, you don't need
"and then you go to jail" as the terminating error step in your transaction
protocol. You don't need to rely on government for your economic security,
which is why Diffie's remark made me spontaneously applaud when I heard it
(embarrasing, that was :-)).
Unfortunately, I also took the occasion of making this point to also take a
cheap shot at the gentleman from the FBI, by saying that because of
financial cryptography, I could ignore him, because he didn't matter
anymore. ;-). I went back later and apologized to him personally. I'm
afraid that I was a little bit past boorish with that remark.
Heckling from the audience later didn't help matters, I'm afraid :-).
Fortunately, I'm much better behaved when I'm running things or when I'm up
front on the dias. Which is why I like to run my *own* stuff for the most
part. :-). I tend to make a very bad audience member, and for that I
apologize, to anyone in the audience who was offended by it. "Doesn't play
well with others" was a frequent comment on the deportment section of my
report cards growing up, I'm afraid. :-/. So, obviously, there *is* a
reason why my most preferred means of expression is the written word.
One of the most important things I keep forgetting in the heat of a moment
like that is that the frontiers of financial cryptography and digital
commerce are *not* about attacking the status quo. Seen that way, the
issue becomes one of *educating* people who don't know something about how
the world works; showing them how they can use this new technology how to
make themselves, and as a result, all of us, economically better off. The
issue stops being one of *debating* people who do know how the world works
and want to use it to hurt you, which is what the crypto "policy" debate is
really all about.
Remember, we are *not* talking about -- and now building -- the antithesis
of state-supported capitalism. We are building something *beyond* the very
nation-state itself. Something several orders of magnitude more
capitalistic than anyone steeped in the "policies" and "programs" of a
so-called "mixed" economy can ever imagine.
Using cryptographic techniques, we are now able to create digital bearer
versions of every conceivable financial instrument, so we don't need the
state to enforce non-repudiation of our transactions.
Using cryptographic techniques, we are able to create limited-liability
entities with anonymous voting control which don't need state-enforced
corporate charters to exist.
Finally, using cryptographic techniques, we are able to create cash-settled
instantaneous auctions for *all* goods and services, not just those which
can shoved down a wire like information and financial assets.
For instance, Paul Harrison of the Cambridge Technology Group and I had a
fascinating discussion on the way home about other easily digitable bearer
instruments, things like bills of lading. Attached to a physical object,
these digital bearer certificates can literally buy the object's way
through the transportation system, in the same way that internet packets,
or circuits, or whatever, may buy their way across the network someday.
With exponentially collapsing switching prices creating a ubiquitous
geodesic internetwork, we get *dis*economies of organizational scale, which
I could see that Diffie was starting to bump into with that, well,
geodesic, infowar comment.
That exponentially increasing granularity of operation means that
oligopolistic -- much less monopolistic -- markets for *any*thing will be
obsolete someday, and probably in our lifetime. Including the physical
force, implicit or otherwise, we all require for our own personal safety.
So, "policy" may be increasingly optional, but physics, much less
economics, certainly isn't.
Not surprizingly, the FBI wiretap czar was quite explicitly trying to make
exactly the opposite point all evening.
That's why I think discussions of cryptography "policy" are going to be
increasingly fruitless. Or, more to the point, they'll become more
*orthogonal* to the technology of cryptography itself as time, and
progress, continues.
Cheers,
Bob Hettinga
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
