Just a week after Zimmermann released PGP 2.0, Hughes and May invited forty of their favorite coders and cryptographers to Hughes’s newly purchased home in Oakland. About twenty of them showed up, and the group, mostly wearing its de facto uniform of beards and ponytails, crowded into the furniture-free living room and sat cross-legged on his floor. Tim May, a larger man and a louder personality than Hughes, presided. He distributed a fifty-seven-page handout of background materials and began by reading his “Crypto-Anarchist Manifesto,” to great approval.
Then Hughes and May moved on to a game they’d invented—more or less on the spot—called Crypto Anarchy. It was based, like many of May’s fantasies, on an idea from David Chaum. This one was called a Mix Network. The concept of a Mix was a simple one from years before Chaum’s seminal Big Brother paper with its crypto-card computers and networks of dining cryptographers. It would also become by far the most influential of Chaum’s ideas, and one that would reshape anonymity technologies for decades to come.
Users of a Mix Network give the slip to anyone who might be tracking them the same way they would in the real world: by getting lost in the crowd. If someone is being tailed, she might go into a movie theater, find a seat in the dark, and then reemerge in a crowd of people. But a Mix Network gives the followed a much larger head start over the follower: To extend the same analogy, it ushers a crowd of people into a theater, all of whom want to avoid being followed, gives them a chance to remove their hats, wigs, sunglasses, and clothes and put on new ones, and then releases them again. Then the crowd disperses to mix with other crowds of disguised people who enter other theaters with other crowds, change their disguises, and repeat the process until no stalker has any hope of keeping up with his target.
Chaum came up with Mixes two years after Martin Gardner’s article on public key encryption, and it cleverly applied the MIT researchers’ idea of a cipher that only one intended recipient could unscramble. But Chaum took the encryption idea another step: He imagined encrypting the message multiple times in layers. The first layer of encryption would use the public key of the intended recipient as usual. But then that encrypted message would be encrypted again, only this time using the public key of an intermediary. That middleman’s job would simply be to decrypt the outer layer of encryption with his or her public key. Inside would be a forwarding address and the rest of the message, still encrypted with that first layer of scrambling.
If that middleman—what would come to be known as a remailer—collected enough messages before decrypting them and forwarding them out in a large batch, there would be little way for anyone eavesdropping on the network to know the origin of any of those messages. Not even the recipient would necessarily know. If the message contained no information about the sender, it would show up at its destination, encrypted specifically for that recipient, but with no evidence of who had sent it. Or it could contain an encrypted return address, but suggest that the recipient reply through another remailer so that no snoop would be able to know that the two were communicating.
Chaum had taken encryption, which masks the content of a message, and applied it to create anonymity, which protects something else altogether: the identity of the people communicating.
His Mix idea didn’t end there. If a message could be wrapped in two layers of encryption and routed through a remailer, why not encrypt it three times and send it through two relays? Or encrypt it half a dozen times and bounce it through five remailers, each of which has the key to remove just one layer of encryption before forwarding it? With multiple ricochets, not even the remailers themselves need to be trusted. Each one would know only the next recipient, not the entire chain from sender to recipient. And even if a large number of those remailers betrayed the users and collaborated to try and link the ends of the chain, just one trustworthy link—one remailer who refused to spill the beans—would ensure that the identities of the two ends of the chain couldn’t be matched up.
In their game of Crypto Anarchy in Hughes’s living room, May and Hughes split their hacker friends into two teams, one of ambassadors, corporations, and rebels trying to communicate anonymously and securely, and the other acting as spies, trying to eavesdrop on those communications. The communicators wrote messages on slips of paper and hid them in envelopes to represent PGP, putting those envelopes inside of other envelopes and addressing them to remailer friends—including some members of the spy team posing as trusted remailers—to try and route secret anonymous messages to each other. In their simulated game of spying cats and crypto-rebel mice, Chaum’s ideas came through clearly: With enough layers of encryption and just a few trustworthy friends, the mice could actually win the game.
The meeting’s drafted hackers were soon infected with all the same excited sense of encryption’s potential as May and Hughes themselves. They talked late into the night, slept on Hughes’s floor, and dreamed of crypto-anarchy.
The next morning, May and Hughes went out to buy bagels and brainstorm about the potential of the group that had begun to coalesce around their meeting. Why limit the club to the physical world, for instance, when the real mass of potential cryptography fanatics was online? As May had years earlier realized, cyber-utopias would have to be created on the Internet, not in someone’s living room. They later asked John Gilmore if he would host an e-mail list on the server of his personal site, Toad.com, and he eagerly agreed.
But it was Jude Milhon, Hughes’s girlfriend several decades his senior, who provided the group’s name. At the time, science fiction authors like William Gibson and Neal Stephenson had adopted the “cyberpunk” genre, stories of bohemian hackers fighting steely megacorporations in virtual worlds. But Milhon, a writer for the early technoculture magazine Mondo 2000, told Hughes that the group he and May were creating wasn’t composed of mere cyberpunks, but a new species of hacker: “cypherpunks.”
So Gilmore’s e-mail forum was christened the Cypherpunk Mailing List. As it blossomed to nearly a thousand subscribers over the mid-1990s, its physical meetings would expand too. Within a year the group had moved out of Hughes’s house and into a spare conference room at John Gilmore’s software company, Cygnus, in Mountain View, in a building that bordered an herb farm and was permeated with the scent of fresh basil. The cypherpunks would assemble there monthly, eat burritos, and then sit through talks from invited academics and hobbyist crypto-rebels on their latest schemes, coded contraptions, and diatribes about secrecy politics. The group kept its strong libertarian strain: One adjunct group called the Cypherpunks Shooting Club even organized trips to rifle ranges to teach each other to shoot .22s and semiautomatic weapons, the final resort should the government ever come after their electronic and physical freedoms. (Tim May, an avid gun enthusiast himself, didn’t attend. “I don’t give free lessons, especially not to clueless software people,” he says.)
Shortly after the group’s first meeting, John Gilmore and another cypherpunk named Hugh Daniel had bet Hughes that he couldn’t write an anonymous remailer system for stripping the identifying traces off e-mail messages within a single month. The next weekend, Hughes dropped all his other projects and cranked out a script in the software language Perl in just two days. It became the first official Cypherpunk Remailer, and would be copied and improved upon by a dozen others in universities and basements around the world to form a growing, living implementation of Chaum’s Mix Network.
Around the same time, Hughes answered May’s “Crypto-Anarchist Manifesto” with an updated “Cypherpunk’s Manifesto,” laying out the group’s common mission and the tenets of its newborn subculture. It included a sentence that would become a philosophical maxim for the group: “Cypherpunks write code.” The slogan represented action instead of rhetoric, writing tools that would shape the world of technology so that when the government belatedly arrived to regulate it, the feds would find an untamable landscape populated by crypto-wielding civilians.
We know tha
t someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. . . .
We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down. . . .
Even laws against cryptography reach only so far as a nation’s border and the arm of its violence.
That antiregulation note was a prescient message. Within a month, the U.S. government would test the cypherpunks’ resolve.
As Zimmermann polishes off his noodles, I pull a tome off the shelf in his dining room, the one that changed the course of his life fifteen years earlier: PGP: Source Code and Internals. As the title suggests, it’s literally a printed copy of PGP’s code, hardly legible to humans, not to mention the nongeek members of a jury deciding Zimmermann’s fate. But as Zimmermann explains, it wasn’t any argument or fact written in that volume, but rather the book’s mere existence—the fact that PGP’s source code was represented in ink on slices of pulped tree between two sheets of cardboard—that made it a crucial weapon in the Crypto Wars.
In 1993, two years before that book was printed and shortly after Zimmermann had been formally notified about a grand jury assembled to decide whether he would be prosecuted, he had been summoned to Washington to testify in a congressional hearing on the future of cryptography. Word of his case spread quickly through the legal community, and by the time he arrived in Washington, lawyers from the Electronic Frontier Foundation and the American Civil Liberties Union were ready to represent him in his upcoming trial.
All of them, to his dismay, believed he had absolutely no chance of winning. In a meeting after his congressional testimony, his pro bono lawyers sat around a conference table and told Zimmermann that there was little doubt that he had done exactly what the law prohibited: created a program that included military-grade encryption, and distributed it across U.S. borders. “To have ten lawyers all tell me almost unanimously that it was hopeless . . . it was a ton of bricks. It was the worst day,” he says.
Only one lawyer seemed optimistic: Phil Dubois, the cut-rate criminal lawyer that Zimmermann had hired in Boulder.
Dubois clashed with Zimmermann’s other counsel on the strategic question of taking his case to the press. As a peace activist, Zimmermann instinctively felt he should publicize his pending indictment. And against the advice of all of his other lawyers, Dubois agreed. After all, Zimmermann wasn’t an accused drug dealer or murderer like some of Dubois’s other clients. He was a soft-spoken, suit-wearing nerd whose crime was only to have written a privacy-preserving piece of software. “Phil was just delighted to have a client who didn’t have a spiderweb tattooed on his face,” Zimmermann says.
Their media strategy mattered, because Zimmermann’s case was about to become especially newsworthy. Shortly after the grand jury was assigned to investigate him, the prophecy of Joe Biden’s S.266 finally came true: The newly elected Clinton administration unveiled a new invention called the Clipper Chip, and brought to life every cypherpunk’s nightmare.
The chip, designed by the NSA, was meant to solve the government’s crypto dilemma. It aimed to offer strong cryptography to the public without giving up the government’s ability to decrypt any message it wished to. The Clipper Chip would be made available to private industry so that eventually every computer or phone that offered encryption would use its new, classified scheme known as Skipjack. But in return for that NSA-created scrambling technology, there was a catch: The U.S. government would keep a copy of a backdoor key to every chip in a database, ready to step in and unlock any message.
To May and Hughes’s crowd, the chip was stark confirmation: The government feared cryptography because of its subversive power and was determined to cripple it. Who was the NSA kidding? Encryption becomes useless the moment anyone other than you has a copy of your private key. And when that someone is none other than Big Brother, the entire idea is a sick, deceitful parody.
When the plan became public in a front-page New York Times story, the cypherpunks held an emergency meeting on a Saturday that packed Cygnus’s conference space. They brainstormed about possible schemes to undermine the dreaded chip, from boycotts of AT&T, which had signed on to put the Clipper in an encrypted phone it had begun selling, to injecting negative stories into the press.
Tim May drew the “Intel Inside” logo created by his former employer on the whiteboard at Cygnus, replacing the words with “Big Brother Inside.” The cypherpunks later printed that logo on stickers and would sneak into electronics stores to plant it on any machine infected by the hated Clipper spy bug. (A cease-and-desist letter from Intel threatening a suit for trademark infringement eventually kiboshed that guerrilla sticker campaign.) Privacy groups from the Electronic Privacy Information Center to the Electronic Frontier Foundation railed against the idea in the press, and even tech titans like Bill Gates spoke out against what they saw as the government putting its clumsy hands into Silicon Valley, the greatest economic engine of the 1990s.
But it was Phil Zimmermann who embodied Hughes’s maxim: “Cypherpunks write code.” And there was no better response to the threat of the Clipper Chip than ubiquitous PGP.
The man who had populated the Internet with free, uncrackable crypto had remained at a remove from the cypherpunks—he viewed their gun-toting, ponytailed culture as counterproductive compared to his suit-and-tie, mainstream approach. “I saw them as angry young men in leather jackets, without children and with too much testosterone,” he says.
Several times Zimmermann ran into May during trips to the Bay Area and pleaded with him to tone down his antigovernment rhetoric. After all, PGP’s inventor was the one facing incarceration for the crypto cause, not May, and he felt that May’s movement painted him as another techno-insurgent hell-bent on destroying the government—exactly the image he needed to avoid. May being May, he firmly refused to tone down a word of his anarchist philosophy.
Meanwhile, Zimmermann had been drafted by the media as the face of the Crypto Wars, the man who had put his freedom on the line to fight for the right to privacy. And against the advice of all his lawyers except Phil Dubois, he assumed that role with Ellsberg-like gusto, taking dozens of interviews a week from newspapers and magazines. The resulting articles almost universally came out against crypto-export laws and the Clipper Chip. “Every last article was sympathetic to me,” says Zimmermann. “Not ninety-nine percent. One hundred point zero percent.”
Though he wasn’t one of them, the cypherpunks held Zimmermann up as a folk hero. And it was a cypherpunk, the Qualcomm researcher Phil Karn, who followed Hughes’s maxim that code, not mere words, would prove the best way to undermine the government’s regulations and keep Zimmermann out of prison.
The cypherpunks, with their eagle eye for vulnerabilities in security software, also had a knack for finding legal loopholes. After one astute subscriber to the mailing list found a clause that allowed munitions like Stinger missiles to be exported if they were in fact being fired at an enemy country, there was some discussion of strapping a copy of PGP to a missile and shooting it at Mexico, just to prove a point.
But Karn found a better trick to undermine those export laws, with all the subtleties of a cryptanalytic attack. The State Department allowed Americans to apply for permission to export goods if they weren’t sure about whether they qualified as munitions or other contraband. So Karn bought a copy of Bruce Schneier’s book Applied Cryptography and sent it to the State Department to ask for export permission. In one of its appendices, the textbook contained the source code for the Digital Encryption Standard (DES), the NSA’s declassified encryption scheme for military and civilian uses. Some unwitting official at the State Department took a look at Schneier’s book and quickly rubber-stamped the request.
Then came the second stage of Karn’s multipronged maneuver. He sent the same DES code
to the State Department with the same exact request. But this time it was stored on a floppy disk. “When they got that one, I can imagine the blood draining from their faces,” Zimmermann says gleefully.
The State Department had figured out Karn’s game by this point, and denied his floppy disk request. He appealed and was denied again. So Karn sued them in a federal court.
While that lawsuit was under way, Zimmermann ran into an editor at MIT Press while attending a privacy conference. The editor wanted to publish the PGP user’s manual that Zimmermann had included with PGP 1.0. Zimmermann was willing, but he asked for a favor. “I’d like you to also publish the source code to PGP,” Zimmermann said. “All of it.”
The code added up to close to eight hundred pages, and MIT printed it in a font that was designed to be easily readable for scanning software, so that it could be converted from ink to bits with minimal effort. Zimmermann was playing with the distinction highlighted by Phil Karn’s trick: rendering the line between words—protected by the First Amendment—and ITAR-banned code as blurry as possible.
MIT Press played along, and enacted the final piece of Phil Karn’s pincer attack. The publishing house mailed its bound, legitimate-looking textbook filled with PGP’s source code to the State Department’s export approval office. The department, caught in its own contradictions, never responded to MIT’s request for export permission. So with only silence from the U.S. government, MIT Press went ahead and shipped the book to European bookstores along with all its other textbooks. PGP had been exported right under the government’s nose.
It’s doubtful many Europeans ever scanned that book to implement its code. PGP was already being used across the world, after all. But now Zimmermann’s legal team could wield that bound chunk of paper—the one, today long out of print, sitting on Zimmermann’s shelf—as a logic bomb planted under the feet of Zimmermann’s prosecutors that they would detonate as soon as he was indicted.
This Machine Kills Secrets Page 10