- Coming Into The Country
- Private Life in Cyberspace
- The Great Work
- Decrypting the Puzzle Palace
- Will Japan Jack In?
- Bill O' Rights Lite
- A Plaintext On Crypto
- Dad's Invisible Shield
- Death from Above
Coming Into the Country
For the January, 1991
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
Imagine discovering a continent so vast that it may have no other side. Imagine a new world with more resources than all our future greed might exhaust, more opportunities than there will ever be entrepreneurs enough to exploit, and a peculiar kind of real estate which expands with development.
Imagine a place were trespassers leave no footprints, where goods can be stolen an infinite number of times and yet remain in the possession of their original owners, where businesses you never heard of can own the history of your personal affairs, where only children feel fully at home, where the physics is psychology, and where everyone is as virtual as the shadows in Plato's cave.
Such a place actually exists, if "place" is the right word for it. It consists of electron states, microwaves, magnetic fields, light pulses and thought itself, arrayed like a standing wave in the web of our electronic processing and communication systems. I used to call it the Datasphere until I read William Gibson's Neuromancer and discovered that he had already given it the perfectly evocative name of Cyberspace.
Of course Gibson thought he was conjuring up some manifestation of a fanciful future. In fact, Cyberspace has been around, with rapidly increasing range and density, since that moment in March of 1876 when a certain Mr. Watson encountered Alexander Graham Bell there.
It is still familiar to most people as the "location" of a long-distance telephone conversation. But it is also the repository for all digital or electronically transferred information, and, as such, it is the venue for most of what is now commerce, industry, and broad-scale human interaction. Indeed, if you have any money besides what's crumpled in your pocket, it's probably in Cyberspace.
Few have even noticed this arising domain, despite the fact that most of us use its resources daily. Every day millions of people use ATM's and credit cards, place telephone calls, make travel reservations, and access information of limitless variety without any clear perception of the digital machinations behind these transactions.
Our financial, legal, and even physical lives are increasingly dependent on realities of which we have only dimmest awareness. We have entrusted the basic functions of modern existence to institutions we cannot name, using tools we've never heard of and could not operate if we had.
Thus, for all its importance to modern existence, Cyberspace remains a frontier region, across which roam the few aboriginal technologists and cyberpunks who can tolerate the austerity of its savage computer interfaces, incompatible communications protocols, proprietary barricades, cultural and legal ambiguities, and general lack of useful maps or metaphors.
Certainly, the old concepts of property, expression, identity, movement, and context, based as they are on physical manifestation, do not apply succinctly in a world where there can be none.
Sovereignty over this new world is not well defined. Large institutions own much of the hardware which supports it and therefore claim, with some justification, to hegemony over the whole thing.
Some of the locals... the UNIX cultists, sysops, netheads and byte drovers... are like the mountain men of the Fur Trade. They may be somewhat uncivilized, but most of them have come here in the service of corporations. However grudgingly, they tend to accept the idea that institutions can own information.
Another group, the cyberpunks, are nomadic and tribal. They have an Indian sense of property and are about as agreeable to the notion of proprietary data as the Shoshones were to the idea that the Union Pacific owned the landscape of southern Wyoming. By asserting their freedom of both movement and access to the local resource... knowledge... they have developed a culture in which the violation of institutional boundaries is inevitable. This will lead to more adamant efforts at security. And they will be met with an ascending symmetry of cracker ingenuity until either security is perfect (at which time no system will be accessible) or the savages take on civilization.
As communications and data processing technology continues to advance at a pace many times faster than society can assimilate it, additional conflicts have begun to occur on the border between Cyberspace and the physical world. Among the non-nerdly a kind of neo-Luddism is arising at the prospect of being dragged by Brute Progress into a place where they can't even take their bodies.
Every day it dawns on more ordinary corporate employees that they have become "knowledge workers." They find themselves chained to a device which is maddeningly uncooperative and inflexible in its mysterious requirements, and with which they perform tasks of questionable necessity. Worse, each time they master one opaque interface, their MIS master imposes on them version 2.0 and they have to start all over again. They are stuck on the Learning Curve of Sisyphus. They are not happy there.
And whether he works in an office or not, nearly everyone now has the nagging suspicion that, somewhere out there are hard disks containing information about his personal affairs which is either inaccurate or which he would prefer than no one knew. Worse, he knows that there is little he can do to alter this condition.
As a consequence, increasing numbers are coming to hate and fear not only the technology itself but the people who create it. In a very short time, the term "hacker" has gone from being an honorable appellation implying computer wizardry to a malign epithet of digital nihilism. There is a reason for this.
But Cyberspace is the homeland of the Information Age, the place where the citizens of the future are destined to dwell. We will all go there whether we want to or not and we would do better to approach the place with a settler's determination to civilize it as rapidly as possible.
What would it mean to civilize Cyberspace? To some, the answer to this question is simple and historically familiar: exterminate the savages, secure the resources into corporate possession, establish tariffs, and define culture strictly in terms of economy.
Such an approach, while highly advantageous to large institutions, might have serious consequences for the individuals of the future, whose privacy, freedom of expression, economic opportunity, and property rights could be foreclosed in a Cyberspace of this design. Indeed, it calls into question whether in the future the individual will count for very much at all.
Arising on the electronic frontier are questions which are subtle, profound, and of fundamental importance to the way tomorrow's society will function. With this column I hope to raise those questions and offer my own modest speculations about how we might begin the process of answering them.
This column will are also concern itself with the development of a new social contract for the digital domain... sort of a Cyberspace equivalent to the Code of the West... and an attendant definition of the rights and responsibilities of the inhabitants. I also hope to help create an awareness of the cultural implications of electronic design. And, finally, I want to propose some fundamental revision of our notions of speech, property, and place.
Big stuff. And easily ignored on that account. But a new world is being born. Uncorrected flaws in its design will scale up along with the rest of it. Today's minor misjudgements will become tomorrow's established horrors.
An example from the past might serve to illuminate this point. In the early days of broadcasting, the government decided that the airwaves (as well as the frequency resolution of crystal set receivers) had such limited bandwidth that it would be necessary for the government to license broadcasters. Well and good. However, someone also decided that if the government were going to regulate frequency allocation, it should regulate content as well.
Thus what is today the most common form of expression exists under constraints of governmental censorship which the founding fathers would have found intolerable, all because of bureaucratic error which, at the time, seemed too insignificant to correct.
Similar errors are being made today around the subject of intellectual property and its interstate transport. In our zeal to protect this stuff as though it were tangible as pig iron, we are enacting laws and regulations which will almost certainly limit free expression in the future unless we fix the system now. (See Dorothy Denning's article about Phrack in this issue for a good example of what I'm talking about.)
Pretending that it ain't broke sure won't fix it, but, in the numerous discussions I've had with members of the computer community, there doesn't seem to be much willingness to tackle these issues at any depth. Most of you have your attentions so firmly fixed on the concrete business at hand... and important business it usually is... that it's hard to find time for shadow-boxing abstractions.
"Hey, I do bus architecture, I'm no social philosopher," is the sort of rejoinder I hear a lot. It's a hard one to argue with. Keep your head down, do what you know, and hope it's all headed someplace good.
Trouble is, the rest of society is so utterly perplexed by digital technology that most ordinary citizens are even less qualified than bus architects to engage in cybernetic social philosophy. As readers of this magazine, you are almost certainly more knowledgeable about the legal and cultural ambiguities surrounding digital communication and property than your computerphobic fellow citizens. You are thus well suited to the task of civilizing Cyberspace. I hope you will join me on the electronic frontier, because I believe it is time for that process to begin consciously.
Whether consciously or unconsciously, we are presently shaping the future ethics and culture of Cyberspace. Only by bringing awareness to this task will we create the sort of place we would want to send our children as settlers.
Pinedale, Wyoming Friday, November 9, 1990
Private Life in Cyberspace
For the June, 1991
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
I have lived most of my life in a small Wyoming town, where there is little of the privacy which both insulates and isolates suburbanites. Anyone in Pinedale who is interested in me or my doings can get most of the information he might seek in the Wrangler Cafe. Between them, any five customers could probably produce all that was known locally about me, including a quite a number of items which were well known but not true.
For most people who have never lived in these conditions, the idea that one's private life might be public knowledge...and, worse, that one's neighbors might fabricate tales about him when the truth would do...is a terrifying thought. Whether they have anything to hide or not (and most everyone harbors something he's not too proud of), they seem to assume that others would certainly employ their private peccadillos against them. But what makes the fishbowl of community tolerable is a general willingness of small towns to forgive in their own all that should be forgiven. One is protected from the malice of his fellows not by their lack of dangerous information about him but by their disinclination to use it.
I found myself thinking a lot about this during a recent San Francisco conference on Computers, Privacy, and Freedom. Like most of the attendees, I had arrived there bearing the assumption that there was some necessary connection between privacy and freedom and that among the challenges to which computers may present to our future liberties was their ability to store, transfer, and duplicate the skeletons from our closets.
With support from the Electronic Frontier Foundation, Apple Computer, the WELL, and a number of other organizations, the conference was put on by Computer Professionals for Social Responsibility, a group which has done much to secure to Americans the ownership of their private lives.Their Man in Washington, Marc Rotenberg, hit the hot key which resulted in Lotus getting 30,000 letters, phone calls, and e-mail messages protesting the release of Lotus Marketplace: Households.
In case you haven't left your terminal in awhile, this was a product whose CD-ROM's of addresses and demographic information would have ushered in the era of Desktop Junkmail. Suddenly anyone with 600 bucks and a CD-ROM drive could have been stuffing your mailbox with their urgent appeals.
Marketplace withered under the heat, and I didn't hear a soul mourn its passage. Most people seemed happy to leave the massive marketing databases in institutional hands, thinking perhaps that junkmail might be one province where democracy was better left unspread.
I wasn't so sure. For example, it occurred to me that Lotus could make a strong legal, if not commercial, case that Marketplace was a publication protected by the First Amendment. It also seemed that a better approach to the scourge of junkmail might be political action directed toward getting the Postal Service to raise its rates on bulk mailing. (Or perhaps even eliminating the Postal Service, which seems to have little function these days beyond the delivery of instant landfills.) Finally, I wondered if we weren't once again blaming the tool and not the workman, as though the problem were information and not its misuse. I felt myself gravitating toward the politically incorrect side of the issue, and so I kept quiet about it.
At the Conference on Computers, Privacy, and Freedom, the no one was keeping quiet. Speaker after speaker painted a picture of gathering informational fascism in which Big Brother was entering our homes dressed in the restrained Italian suit of the Marketroid. Our every commercial quiver was being recorded, collated, and widely redistributed. One began to imagine a Cyberspace smeared all over with his electronic fingerprints, each of them gradually growing into a full-blown virtual image of himself as Potential Customer. I could see an almost infinite parade of my digital simulacra marching past an endless wall of billboards.
There was discussion of opting out of the databases, getting through modern American life without ever giving out one's National Identity Number (as the Social Security Number has indisputably become by default), endeavoring to restrict one's existence to the physical world. The poor fellow from Equifax mouthed smooth corporatisms about voluntary restraints on the secondary use of information...such practices as selling the fact of one's purchase from one catalog to fifteen other aspirants...but no one believed him. Everyone seemed to realize that personal information was as much a commodity as pork bellies, fuel oil, or crack and that the market would be served.
They were right. In the week following the Conference, I got a solicitation from CACI Marketing Systems which began: Now Available! Actual 1990 Census Data. This despite Department of Commerce assurances that Census Data would not be put to commercial use. Marketplace is dead. Long live Marketplace.
When it came down to solutions, however, there seemed to be developing a canonical approach which was all too familiar: let's write some laws. The European Community's privacy standards, scheduled to be implemented by the member nations in 1992, were praised. Similar legislation was proposed for the United States.
Quite apart from the impracticality of entrusting to government another tough problem (given its fairly undistinguished record in addressing the environmental, social, or educational responsibilities it already has), there is a good reason to avoid this strategy. Legally assuring the privacy of one's personal data involves nothing less than endowing the Federal Government with the right to restrict information.
It may be that there is a profound incompatibility between the requirements of privacy (at least as achieved by this methods) and the requirements of liberty. It doesn't take a paranoid to believe that restrictions placed on one form of information will expand to include others. Nor does it take a Libertarian to believe that the imposition of contraband on a commodity probably won't eliminate its availability. I submit, as Exhibit A, the War on Some Drugs.
I began to envision an even more dystopian future in which the data cops patrolled Cyberspace in search of illicit personal info, finding other items of legal interest along the way. Meanwhile, institutions who could afford the elevated price of illegal goods would continue to buy it from thuggish Data Cartels in places like the Turks and Caicos Islands, as sf-writer Bruce Sterling predicted in Islands in the Net.
I returned to Wyoming in a funk. My ghostly electronic selves increased their number on my way home as I bought airline tickets, charged to my credit cards, make long distance phone calls, and earned another speeding ticket. The more I thought about it, the more I became convinced that nothing short of a fugitive cash-based existence would prevent their continued duplication. And even that would never exorcise them all. I was permanently on record.
Back in Pinedale, where I am also on record, my head started to clear. Barring government regulation of information, for which I have no enthusiasm, it seemed inevitable that the Global Village would resemble a real village at least in the sense of eliminating the hermetic sealing of one's suburban privacy. Everyone would start to lead as public a life as I do at home.
And in that lies at least a philosophical vector towards long-term social solution. As I say, I am protected in Pinedale not by the restriction of information but by a tolerant social contract which prohibits its use against me. (Unless, of course, it's of such a damning nature that it ought to be used against me.) What may be properly restricted by government is not the tool but the work that is done with it. If we don't like junkmail, we should make it too expensive to send. If we don't trust others not to hang us by our errors, we must work to build a more tolerant society.
But this approach has a fundamental limit on its effectiveness. While it may, over the long run, reduce the suffering of marketing targets, it does little to protect one from the excesses of a more authoritarian government than the one we have today. This Republic was born in the anonymous broadsides of citizens who published them under Latinate pseudonyms like Publius Civitatus. How would the oppressed citizens of the electronic future protect the source of rebellion?
Furthermore, much of the tolerance which I experience in Pinedale has to do with the fact that we experience one another here. We are not abstracted into information, which, no matter how dense it becomes, is nothing to grow a human being from. And it will be a long time before we exist in Cyberspace as anything but information.
While I generally resist technical solutions to social problems, it seems best approach to this digital dilemma is also machine-based: encryption. At the CFP Conference, EFF co-founder John Gilmore called on the computer industry to include in their products tools which would enhance the privacy of their communications. These might include hardware-based public key encryption schemes, though these are probably too narrow in scale to cover the whole problem.
He also noted that it is possible to have an electronic identity which is not directly connected to one's physical self. I agree with him that it is not only possible but advisable. From the standpoint of credit assurance, there is no difference between the information that John Perry Barlow always pays his bills on time or that Account #345 8849 23433 (to whomever that may belong) is equally punctilious.
There are, of course, a number of problems with encrypted identity, not the least of which the development of a long-term credit record attached to disembodied number. And keeping that number disembodied over the same long term is not a trivial enterprise. Finally, there is the old political question..."What are you trying to hide?"...in which the effort to conceal is taken to be a statement of guilt. This might limit a willingness on the part of information carriers to engage in the compliance necessary to make this system work.
Of course, neither machine-based encryption systems nor encrypted identities will become reality unless the computer, communications, and information industries perceive there to be technically feasible methods of providing these services and people willing to pay for them. ACM members are well situated to provide both the technology and the initial market for it.
And, as usual, we would be well-advised to keep of abreast of political developments. As I write this, there are before congress a Couple of bills which would render encryption meaningless. Senator Joseph Biden has introduced Senate Bill 266 which declares:
It is the sense of Congress that providers of electronic communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.
It appears that the FBI's concern in requesting this language was the difficulty of tapping multiplexed phone lines, but the bill nevertheless says, "turn over your encryption keys." These words probably won't become law, but even if they don't, it seems certain that we haven't seen the last of them, inasmuch as similar language is also to be found in S. 618, The Violent Crime Control Act of 1991. Both of these bills address a legitimate law-enforcement concern: how to build a case when all the evidence is encrypted, but as in other areas of information vs. action, they should place their focus on the dirty deed and not the planning of it.
Another legislative vicinity to watch are efforts to amend the Electronic Communications Privacy Act to address more adequately cellular and other wireless technologies. This is especially relevant since, as Nicholas Negroponte has predicted, information which has traditionally flowed through cables, like telephone conversations, are taking to the air while broadcast information is moving underground. Entirely different assumptions prevail between broadcast and one-to-one communications which will now be questioned legally and technically.
EFF believes that legal constraints on intercepting private wireless communications will not be sufficient to address the problem. Cellular manufacturers and service providers must be urged provide their customers with the cheap encryption methods which are already available. At the same time, they should be legally required to inform their customers of the easy interception of non-encrypted communications. Finally, in our zeal to protect the privacy of cellular conversation, we should be careful not to criminalize simple scanning of the airwaves, most of which has no specific target or intent, lest we pass laws which inhibit access to information.
All in all, we are looking at some tough challenges, both technologically and politically. Computer technology has created not just a new medium but a new place. The society we erect there will probably be quite different from the one we now inhabit, given the fact that this one depends heavily on the physical property of things while the next one has no physical properties at all. Certain qualities should survive the transfer, however, and these include tolerance, respect for privacy of others, and a willingness to treat one's fellows as something besides potential customers.
But until we have developed the Social Contract of Cyberspace, we must create, though encryption and related means, the virtual envelopes and rooms within which we can continue to lead private lives as we enter this new and very public place. Pinedale, Wyoming March 30, 1991
The Great Work
For the January, 1992
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
Earlier in this century, the French philosopher and anthropologist Teilhard de Chardin wrote that evolution was an ascent toward what he called "The Omega Point," when all consciousness would converge into unity, creating the collective organism of Mind. When I first encountered the Net, I had forgotten my college dash through Teilhard's Phenomenon of Man. It took me a while to remember where I'd first encountered the idea of this immense and gathering organism.
Whether or not it represents Teilhard's vision, it seems clear we are about some Great Work here...the physical wiring of collective human consciousness. The idea of connecting every mind to every other mind in full-duplex broadband is one which, for a hippie mystic like me, has clear theological implications, despite the ironic fact that most of the builders are bit wranglers and protocol priests, a proudly prosaic lot. What Thoughts will all this assembled neurology, silicon, and optical fiber Think?
Teilhard was a Roman Catholic priest who never tried to forge a SLIP connection, so his answers to that question were more conventionally Christian than mine, but it doesn't really matter. We'll build it and then we'll find out.
And however obscure our reasons, we do seem determined to build it. Since 1970, when the Arpanet was established, it has become, as Internet, one of the largest and fastest growing creations in the history of human endeavor. Internet is now expanding as much as 25% a month, a curve which plotted on a linear trajectory would put every single human being online in a few decades.
Or, more likely, not. Indeed, what we seem to be making at the moment is something which will unite only the corporate, military, and academic worlds, excluding the ghettos, hick towns, and suburbs where most human minds do their thinking. We are rushing toward a world in which there will be Knows, constituting the Wired Mind, and the Know Nots, who will count for little but the labor and consumption necessary to support it.
If that happens, the Great Work will have failed, since, theological issues aside, its most profound consequence should be the global liberation of everyone's speech. A truly open and accessible Net will become an environment of expression which no single government could stifle.
When Mitch Kapor and I first founded the Electronic Frontier Foundation, we were eager to assure that the rights established by the First Amendment would be guaranteed in Cyberspace. But it wasn't long before we realized that in such borderless terrain, the First Amendment is a local ordinance.
While we haven't abandoned a constitutional strategy in assuring free digital commerce, we have also come to recognize that, as Mitch put it, "Architecture is politics." In other words, if the Net is ubiquitous, affordable, easy to access, tunnelled with encrypted passageways, and based on multiple competitive channels, no local tyranny will be very effective against it.
A clear demonstration of this principle was visible during the recent coup in the Soviet Union. Because of the decentralized and redundant nature of digital media, it was impossible for the geriatric plotters in the Kremlin to suppress the delivery of truth. Faxes and e-mail messages kept the opposition more current with developments than the KGB, with its hierarchical information systems, could possibly be. Whatever legal restraints the aspiring dictators might have imposed were impotent against the natural anarchy of the Net.
Well, I could have myself a swell time here soliloquizing about such notions as the Great Work or the assurance of better living through electronics, but all great journeys proceed by tedious increments. Though the undertaking is grand, it is the nuts and bolts...the regulatory and commercial politics, the setting of standards, the technical acceleration of bits...that matter. They are so complex and boring as to erode the most resolute enthusiasm, but if they don't get done, It doesn't.
So we need to be thinking about what small steps must be undertaken today. Even while thinking globally, we must begin, as the bumper sticker fatuously reminds us, by acting locally. Which is why I will focus the remainder of this column on near-term conditions, opportunities, and preferred courses of action within the boundaries of the United States.
To a large extent, America is the Old Country of Cyberspace. The first large interconnected networks were developed here as was much of the supporting technology. Leaving aside the estimable French Minitel system, Cyberspace is, in is present condition, highly American in culture and language. Though fortunately this is increasingly less the case, much of the infrastructure of the Net still sits on American soil. For this reason, the United States remains the best place to enact the policies upon which the global electronic future will be founded.
In the opinion of the Electronic Frontier Foundation, the first order of business is the creation of what we call the National Public Network...named with the hope that the word "National" should become obsolete as soon as possible. By this, we mean a ubiquitous digital web, accessible to every American in practical, economic, and functional terms. This network would convey, in addition to traditional telephone service, e-mail, software, faxes, such multimedia forms of communication as "video postcards," and, in time, High Definition Television as well as other media as yet barely imagined.
Its services should be extended by a broad variety of providers, including the existing telephone, cable, publishing, broadcast, and digital network companies. Furthermore, if its architecture is appropriately open to free enterprise, we can expect the emergence of both new companies and new kinds of companies. Properly designed, the National Public Network will constitute a market for goods and services which will make the $100 billion a year personal computer business look like a precursor to the Real Thing.
As a first step, we are proposing that Congress and state agencies establish regulatory mechanisms and incentives that will:
* Establish an open platform for information services by speedy nation-wide deployment of "Personal ISDN".
* Ensure competition in local exchange services in order to provide equitable access to communications media.
* Promote free expression by reaffirming principles of common carriage.
* Foster innovations that make networks and information services easier to use.
* Protect personal privacy.
That's a tall bill, most of which I will have to take up in subsequent columns. I will focus now on the first two.
For the last two years, the Internet community has generally regarded Senator Albert Gore's proposed National Research and Education Network as the next major component of the Great Work. This has been regrettable. NREN, as presently envisioned, would do little to enable the settlement of ordinary folks in Cyberspace. Rather it would make plusher accommodations for the "mountain men" already there.
Actually, NREN has been and may continue to be useful as a "policy testbed." By giving Congress a reason to study such legal connundra as unregulated common carriage and the intermingling of public and private networks, NREN may not be a waste of time and focus. But, as of this writing, it has become a political football. If the House version (H656) of the High Performance Computing Act passes with Dick Gephart's "Buy American" provisions in it, the Administration will surely veto it, and we'll be back to Square One.
Meanwhile, ISDN, a technology available today, has languished. ISDN or Integrated Services Digital Network is a software-based system based on standard digital switching. Using ISDN, an ordinary copper phone line can provide two full-duplex 64 kbs digital channels. These can be used independently, concurrently, and simultaneously for voice and/or data. (Actually, it's a bit more complex than that. Garden variety ISDN contains three channels. The third is a 16 kbs "signal" channel, used for dialing and other services.)
It isn't new technology, and, unlike fiber and wireless systems, it requires little additional infrastructure beyond the digital switches, which most telcos, under an FCC mandate, have installed anyway or will install soon. Even at the currently languid development rate, the telcos estimate that 60% of the nation's phones could be ISND ready in two years.
While those who live their lives at the end of a T1 connection may consider 64 kbs to be a glacial transfer rate, the vast majority of digital communications ooze along at a pace twenty-seven times slower, or 2400 baud. We believe that the ordinary modem is both too slow and too user-hostile to create "critical mass" in the online market.
We also believe that ISDN, whatever its limitations, is rapid enough to jump start the greatest free market the world has ever known. Widespread deployment of ISDN, combined with recent developments in compression technology, could break us out of what Adobe's John Warnock calls the "ascii jail", delivering to the home graphically rich documents, commercial software objects, and real-time multimedia. Much of the information which is now inappropriately wedged into physical objects...whether books, shrink-wrapped software, videos, or CD's...would enter the virtual world, its natural home. Bringing consumers to Cyberspace would have the same invigorating effect on online technology which the advent of the PC had on computing.
We admit that over the long term only fiber has sufficient bandwidth for the future we imagine. But denying "civilian" access to Cyberspace until the realization of a megabillion buck end-to-end fiber network leaves us like the mainframe users in the 60's waiting for the supercomputer. The real juice came not from the Big Iron but from user adaptable consumer "toys" like the Apple II and the original PC.
Just as consumers were oblivious to the advantages of FAX technology until affordable equipment arrived, we believe there is a great sleeping demand for both ISDN and the tools which will exploit it. And then there's the matter of affording the full fiber national network. Until the use of digital services has become as common as, say, the use of VCR's, Joe Sixpack's willingness to help pay fiber's magnificent cost will be understandably restrained.
Given that most personal modem users are unaware that ISDN even exists while the old elite of Internet grossly underestimates its potential benefits, it's not surprising that the telcos have been able to claim lack of consumer demand in their reluctance to make it available. A cynic might also point to its convenience as a hostage in their struggles with Judge Green and the newspaper publishers. They wanted into the information business and something like "Allow us to be information providers or we starve this technology," has been one of their longest levers.
This issue should now be moot. Judge Greene ruled in July that the telcos could start selling information. They got what they wanted. Now we must make them honor their side of the bargain.
Unfortunately it still seems they will only let us use their playing field if they can be guaranteed to win the game. To this end, they have managed to convince several state Public Utility Commissions that they should be allowed to charge tariffs for ISDN delivery which are grotesquely disproportionate to its actual costs. In Illinois, for example, customers are paying 10 to 12 cents a minute for an ISDN connection. This, despite evidence that the actual telco cost of a digitally switched phone connection, whether voice or data, runs at about a penny a minute. Even in the computer business, 1200% is not an ethical gross margin. And yet the telcos claim that more appropriate pricing would require pensioners to pay for the plaything of a few computer geeks.
Unfortunately, the computer industry has been either oblivious to the opportunities which ISDN presents or reluctant to enter the regulatory fray before Congress, the FCC, and the PUC's. The latter is understandable. National telecommunications policy has long been an in-house project of AT&T. It is brain-glazingly prolix by design and is generally regarded as a game you can't win unless you're on the home team. The AT&T breakup changed all that, but the industry has been slow to catch on.
Assurance of Local Competition
In the wake of Ma Bell's dismemberment, the world is a richer and vastly more complex place. Who provides what services to whom, and under what conditions, is an open question in most local venues. Even with a scorecard you can't tell the players since many of them don't exist yet.
Legislation is presently before the Edward Markey's (D-MA) Subcommittee on Telecommunications and Finance (a subset of the House Energy and Commerce Committee) which would regulate the entry of the Regional Bells into the information business. The committee is correctly concerned that the RBOC's will use their infrastructure advantage to freeze out information providers. In other words, rather as Microsoft uses DOS and Windows.
Somewhat hysterical over this prospect, the Newspaper Publishers Association and the cable television companies have seen to the introduction of a House Bill 3515 by Rep. Jim Cooper (D-TN) which would essentially cripple telco delivery of information services for the next decade. The bill would bar existing telephone service providers from information provision until 50% of subscribers in a given area had access to alternative infrastructures.
Of course neither approach would serve the public interest. The telcos have had so little experience with competition that we can't expect them to welcome it. And while eventually there will be local phone connection competition through wireless technologies, it's silly to wait until that distant day.
We need a bill which would require the telcos to make ISDN open and affordable to all information providers, conditioning their entry into the information business to the willing delivery of such service.
The computer industry has an opportunity to break the gridlock between the telcos and the publishers. By representing consumer interests, which are, in this case, equivalent to our own, we can shape legislation which would be to everyone's benefit. What's been missing in the debate has been technical expertise which serves neither of the existing contenders.
Finally, the Public Utilities Commissions seem unaware of the hidden potential demand for digital services to the home. What on earth would a housewife want with a 64 kbs data line? This is another area in which both consumers and computer companies need to be heard from.
What You Can Do
Obviously, the first task upon entering a major public campaign is informing oneself and others. In this, many Communications readers have a great advantage. Most of us have access to such online fora as RISKS digest, Telecom Digest, and the EFFectors regularly published in the EFF's newsgroup comp.org.eff.news. I strongly recommend that those interested in assisting this effort begin monitoring those newsgroups. I'm tempted to tell you to join the EFF and support our Washington lobbying efforts, but I probably abuse this podium with our message too much as it is.
Once you're up to speed on these admittedly labyrinthine issues, there are three levers you can start leaning against.
First, Congress will be actively studying these matters for the remainder of the year and is eagerly soliciting viewpoints other than those self-servingly extended by the telcos and the publishers. Rep. Markey said recently in a letter to the EFF,
"Please let me and my staff know what policies you and others in the computer industry believe would best serve the public interest in creating a reasonably priced, widely available network, in which competition is open and innovation is rewarded. I also want to learn what lessons from the computer industry over the past 10 to 15 years should apply to the current debate on structuring the information and communication networks of the future."
Second, it is likely that the Public Utility Commission in your state will be taking up the question of ISDN service and rates sometime in the next year. They will likely be grateful for your input.
Finally, you can endeavor to make your own company aware of the opportunities which ISDN deployment will provide it as well as the political obstacles to its provision. No matter what region of the computer business employs your toils, ISDN will eventually provide a new market for its products.
Though these matters are still on the back pages of public awareness, we are at the threshold of one of the great passages in the history of both computing and telecommunications. This is the eve of the electronic frontier's first land rush, a critical moment for The Great Work.
Pinedale, Wyoming Friday, November 15, 1991
Decrypting the Puzzle Palace
For the June, 1992
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
"A little sunlight is the best disinfectant."--Justice Louis Brandeis Over a year ago, in a condition of giddier innocence than I enjoy today, I wrote the following about the discovery of Cyberspace:
"Imagine discovering a continent so vast that it may have no other side. Imagine a new world with more resources than all our future greed might exhaust, more opportunities than there will ever be entrepreneurs enough to exploit, and a peculiar kind of real estate which expands with development."
One less felicitous feature of this terrain which I hadn't noticed then is what seems to be a long-encamped and immense army of occupation.
This army represents interests which are difficult to define, guards the area against unidentified enemies, meticulously observes almost every activity undertaken there, and continuously prevents most who inhabit its domain from drawing any blinds against such observation.
It marshals at least 40,000 troops, owns the most advanced computing resources in the world, and uses funds the dispersal of which does not fall under any democratic review.
Imagining this force won't require from you the inventive powers of a William Gibson. The American Occupation Army of Cyberspace exists. Its name is the National Security Agency.
It may be argued that this peculiar institution inhibits free trade, has directly damaged American competitiveness, and poses a threat to liberty anywhere people communicate with electrons. It's principal function, as my EFF colleague John Gilmore puts it, is "wire-tapping the world," which it is free to do without a warrant from any judge.
It is legally constrained from domestic surveillance, but precious few people are in a good position to watch what, how, or whom the NSA watches. And those who are tend to be temperamentally sympathetic to its objectives and methods. They like power, and power understands the importance of keeping it own secrets and learning everyone else's.
Whether it is meticulously ignoring every American byte or not, the NSA is certainly pursuing policies which will render our domestic affairs transparent to anyone who can afford big digital hardware. Such policies could have profound consequences on our liberty and privacy.
More to point, the role of the NSA in the area of domestic privacy needs to be assessed in the light of other recent federal initiatives which seem directly aimed at permanently denying privacy to the inhabitants of Cyberspace, whether foreign or American.
Finally it seems a highly opportune time, directly following our disorienting victory in the Cold War, to ask if the threats from which the NSA purportedly protects us from are as significant as the hazards its activities present.
Like most Americans I'd never given much thought to the NSA until recently. (Indeed its very existence was a secret for much of my life. Beltway types used to joke that NSA stood for "No Such Agency.")
I vaguely knew that it was another of the 12 or so shadowy federal spook houses which were erected shortly after the Iron Curtain with the purpose of stopping its further advance. It derives entirely from a memorandum sent by Harry Truman on October 24, 1952 to Secretary of State Dean Acheson and Defense Secretary Robert Lovatt. This memo, the official secrecy of which remained unpenetrated for almost 40 years, created the NSA, placed it under the authority of the Secretary of Defense, and charged it with monitoring and decoding any signal transmission relevant to the security of the United States.
Even after I started noticing the NSA, my natural immunity to paranoia combined with a general belief in the incompetence of all bureaucracies...especially those whose inefficiencies are unmolested by public scrutiny...to mute any sense of alarm. But this was before I began to understand the subterranean battles raging over data encryption and the NSA's role in them. Lately, I'm less sanguine.
As I mentioned in a previous column (Private Life in Cyberspace, August 1991), encryption may be the only reliable method for conveying privacy to the inherently public domain of Cyberspace. I certainly trust it more than privacy protection laws. Relying on government to protect your privacy is like asking a peeping tom to install your window blinds.
In fact, we already have a strong-sounding federal law protecting our electronic privacy, the Electronic Communications Privacy Act or ECPA. But this law has not particular effective in those areas were electronic eavesdropping is technically easy. This is especially true in the area of cellular phone conversations, which, under the current analog transmission standard, are easily accessible to anyone from the FBI to you.
The degree of law enforcement apprehension over secure cellular encryption provides mute evidence of how seriously they've been taking ECPA. They are moving on a variety of fronts to see that robust electronic privacy protection systems don't become generally available to the public. Indeed, the current administration may be so determined to achieve this end that they may be willing to paralyze progress in America's most promising technologies rather than yield on it.
Push is coming to shove in two areas of communications technology: digital transmission of heretofore analog signals and the encryption of transmitted data.
As the communications service providers move to packet switching, fiber optic transmission lines, digital wireless, ISDN and other advanced techniques, what have been discrete channels of continuous electrical impulses, voices audible to anyone with alligator clips on the right wires, are now becoming chaotic blasts of data packets, readily intelligible only to the sender and receiver. This development effectively forecloses traditional wire-tapping techniques, even as it provides new and different opportunities for electronic surveillance.
It is in the latter area where the NSA knows its stuff. A fair percentage of the digital signals dispatched on planet Earth must pass at some point through the NSA's big sieve in Fort Meade, Maryland, 12 underground acres of the heaviest hardware in the computing world. There, unless these packets are also encrypted with a particularly knotty algorithm, sorting them back back into their original continuity is not so difficult.
Last spring, alarmed at a future in which it would have to sort through an endless fruit salad of encrypted bits, the FBI persuaded Senator Joseph Biden to include language in Senate Bill 266 which would have directed providers of electronic communications services and devices (such as digital cellular phone systems or other multiplexed communications channels) to implement only such encryption methods as would assure governmental ability to extract from the data stream the plaintext of any voice or data communications in which it took a legal interest. It was if the government had responded to a technological leap in lock design by requiring building contractors to supply it with skeleton keys to every door in America.
The provision raised wide-spread concern in the computer community, which was better equipped to understand its implications than the general public, and in August of last year, the Electronic Frontier Foundation, in cooperation with Computer Professionals for Social Responsibility and other industry groups, successfully lobbied to have it removed from the bill.
Our celebration was restrained. I knew we knew we hadn't seen the last of it. For one thing, the movement to digital communications does create some serious obstacles to traditional wire-tapping procedures. I fully expected that law enforcement would be back with new proposals, which I hoped might be ones we could support. But what I didn't understand then, and am only now beginning to appreciate, was the extent to which this issue had already been engaged by the NSA in the obscure area of export controls over data encryption algorithms.
Encryption algorithms, despite their purely defensive characteristics, have been regarded by the government of this country as weapons of war for many years. If they are to be employed for privacy (as opposed to authentication) and they are any good at all, their export is licensed under State Department's International Traffic in Arms Regulations or ITAR.
The encryption watchdog is the NSA. It has been enforcing a policy, neither debated nor even admitted to, which holds that if a device or program contains an encryption scheme which the NSA can't break fairly easily, it will not be licensed for international sale.
Aside for marvelling at the silliness of trying to embargo algorithms, a practice about as practicable as restricting the export of wind, I didn't pay much attention to the implications of NSA encryption policies until February of this year. It was then that I learned about the deliberations of an an obscure group of cellular industry representatives called the Ad Hoc Authentication Task Force, TR45.3 and of the influence which the NSA has apparently exercised over their findings.
In the stately fashion characteristic of standard-setting bodies, this group has been working for several years on a standard for digital cellular transmission, authentication, and privacy protection to be known by the characteristically whimsical telco moniker IS-54B.
In February they met near Giants Stadium in East Rutherford, NJ. At that meeting, they recommended, and agreed not to publish, an encryption scheme for American-made digital cellular systems which many sophisticated observers believe to be intentionally vulnerable. It was further thought by many observers that this "dumbing down" had been done in direct cooperation with the NSA.
Given the secret nature of the new algorithm, its actual merits were difficult to assess. But many cryptologists believe there is enough in the published portions of the standard to confirm that it isn't any good.
One cryptographic expert, one of two I spoke with who asked not to be identified lest the NSA take reprisals against his company, said:
"The voice privacy scheme , as opposed to the authentication scheme, is pitifully easy to break. It involves the generation of two "voice privacy masks" each 260 bits long. They are generated as a byproduct of the authentication algorithm and remain fixed for the duration of a call. The voice privacy masks are exclusive_ORed with each frame of data from the vocoder at the transmitter. The receiver XORs the same mask with the incoming data frame to recover the original plaintext. Anyone familiar with the fundamentals of cryptanalysis can easily see how weak this scheme is."
And indeed, Whitfield Diffie, co-inventor of Public Key cryptography and arguably the dean of this obscure field, told me this about the fixed masks:
"Given that description of the encryption process, there is no need for the opponents to know how the masks were generated. Routine cryptanalytic operations will quickly determine the masks and remove them.''
Some on committee claimed that possible NSA refusal of export licensing had no bearing on the algorithm they chose. But their decision not to publish the entire method and expose it to cryptanalytical abuse (not to mention ANSI certification) was accompanied by the following convoluted justification:
"It is the belief of the majority of the Ad Hoc Group, based on our current understanding of the export requirements, that a published algorithm would facilitate the cracking of the algorithm to the extent that its fundamental purpose is defeated or compromised." (Italics added.)
Now this is a weird paragraph any way you parse it, but its most singular quality is the sudden, incongruous appearance of export requirements in a paragraph otherwise devoted to algorithmic integrity. In fact, this paragraph is itself code, the plaintext of which goes something like this: "We're adopting this algorithm because, if we don't, the NSA will slam an export embargo on all domestically manufactured digital cellular phones."
Obviously, the cellular phone systems manufacturers and providers are not going to produce one model for overseas sale and another for domestic production. Thus, a primary effect of NSA-driven efforts to deny some unnamed foreign enemy secure cellular communications is on domestic security. The wireless channels available to private Americans will be cloaked in a mathematical veil so thin that, as one crypto-expert put it, "Any county sheriff with the right PC-based black box will be able to monitor your cellular conversations."
When I heard him say that, it suddenly became clear to me that, whether consciously undertaken with that goal or not, the most important result of the NSA's encryption embargoes has been the future convenience of domestic law enforcement. Thanks to NSA export policies, they will be assured that, as more Americans protect their privacy with encryption, it will be of a sort easily penetrated by authority.
I find it increasingly hard to imagine this is not their real objective as well. Surely, they must be aware of how ineffectual their efforts have been in keeping good encryption out of inimical military possession. An algorithm is somewhat less easily stopped at the border than, say, a nuclear reactor. As William Neukom, head of Microsoft Legal puts it, "The notion that you can control this technology is comical."
I became further persuaded that this was the case upon hearing, from a couple of sources, that the Russians have been using the possibly uncrackable (and American) RSA algorithm in their missile launch codes for the last ten years and that, for as little as five bucks, one can get a software package called Crypto II on the streets of Saint Petersburg which includes both RSA and DES encryption systems.
Nevertheless, the NSA has been willing to cost American business a lot of revenue rather than allow domestic products with strong encryption into the global market.
While it's impossible to set a credible figure on what that loss might add up to, it's high. Jim Bidzos, whose RSA Data Security licenses RSA, points to one major Swiss bid in which a hundred million dollar contract for financial computer terminals went to a European vendor after American companies were prohibited by the NSA from exporting a truly secure network.
The list of export software containing intentionally broken encryption is also long. Lotus Notes ships in two versions. Don't count on much protection from the encryption in the export version. Both Microsoft and Novell have been thwarted in their efforts to include RSA in their international networking software, despite frequent publication of the entire RSA algorithm in technical publications all over the world.
With hardware, the job has been easier. NSA levied against the inclusion of a DES chip in the AS/390 series IBM mainframes in late 1990 despite the fact that, by this time, DES was in widespread use around the world, including semi-official adoption by our official enemy, the USSR.
I now realize that Soviets have not been the NSA's main concern at any time lately. Naively hoping that, with the collapse of the Evil Empire, the NSA might be out of work, I then learned that, given their own vigorous crypto systems and their long use of some embargoed products, the Russians could not have been the threat from whom this forbidden knowledge was to be kept. Who has the enemy been then? I started to ask around.
Cited again and again as the real object of the embargoes were Third-World countries. terrorists and... criminals. Criminals, most generally drug-flavored, kept coming up, and nobody seemed terribly concerned that some of their operations might be located in areas supposedly off-limits to NSA scrutiny.
Presumably the NSA is restricted from conducting American surveillance by both the Foreign Intelligence Surveillance Act of 1978 (FISA) and a series of presidential directives, beginning with one issued by President Ford following Richard Nixon's bold misuse of the NSA, in which he explicitly directed the NSA to conduct widespread domestic surveillance of political dissidents and drug users.
But whether or not FISA has actually limited the NSA's abilities to conduct domestic surveillance seemed less relevant the more I thought about it. A better question to ask was, "Who is best served by the NSA's encryption export policies?" The answer is clear: domestic law enforcement. Was this the result of some spook plot between NSA and, say, the Department of Justice? Not necessarily.
Certainly in the case of the digital cellular standard, cultural congruity between foreign intelligence, domestic law enforcement, and what somebody referred to as "spook wannabes on the TR45.3 committee" might have a lot more to do with the its eventual flavor than any actual whisperings along the Potomac.
Unable to get anyone presently employed by the NSA to comment on this or any other matter and with little opportunity to assess the NSA's congeniality toward domestic law enforcement from the inside, I approached a couple of old hands for a highly distilled sample of intelligence culture.
I called Admirals Stansfield Turner and Bobby Ray Inman. Not only had their Carter administration positions as, respectively, CIA and NSA Directors, endowed them with considerable experience in such matters, both are generally regarded to be somewhat more sensitive to the limits of democratic power than their successors. None of whom seemed likely to return my calls anyway.
My phone conversations with Turner and Inman were amiable enough, but they didn't ease my gathering sense that the NSA takes an active interest in areas which are supposedly beyond its authorized field of scrutiny.
Turner started out by saying he was in no position to confirm or deny any suspicions about direct NSA-FBI cooperation on encryption, but he didn't think I was being exactly irrational in raising the question. In fact, he genially encouraged me to investigate the matter further.
He also said that while a sub rosa arrangement between the NSA and the Department of Justice to compromise domestic encryption would be "injudicious," he could think of no law, including FISA (which he helped design), which would prevent it.
Most alarmingly, this gentleman who has written eloquently on the hazards of surveillance in a democracy did not seem terribly concerned that our digital shelters are being rendered permanently translucent by and to the government.
He said, "A threat could develop...terrorism, narcotics, whatever...where the public would be pleased that all electronic traffic was open to decryption. You can't legislate something which forecloses the possibility of meeting that kind of emergency."
Admiral Inman had even more enthusiasm for assertive governmental supervision. Although he admitted no real knowledge of the events behind the new cellular encryption standard, he wasn't the least disturbed to hear that it might be flawed.
And, despite the fact that his responsibilities as NSA Director had been restricted to foreign intelligence, he seemed a lot more comfortable talking about threats on the home front.
"The Department of Justice," he began, "has a very legitimate worry. The major weapon against white collar crime has been the court-ordered wiretap. If the criminal elements go to using a high quality cipher, the principal defense against narcotics traffic is gone." This didn't sound like a guy who, were he still head of NSA, would rebuff FBI attempts to get a little help from his agency.
He brushed off my concerns about the weakness of the cellular encryption standard. "If all you're seeking is personal privacy, you can get that with a very minimal amount of encipherment."
Well, I wondered, Privacy from whom?
And he seemed to regard real, virile encryption to be something rather like a Saturday Night Special. "My answer," he said, "would be legislation which would make it a criminal offense to use encrypted communication to conceal criminal activity."
Wouldn't that render all encrypted traffic automatically suspect? I asked.
"Well, he said, "you could have a registry of institutions which can legally use ciphers. If you get somebody using one who isn't registered, then you go after him."
You can have my encryption algorithm, I thought to myself, when you pry my cold dead fingers from its private key.
It wasn't a big sample, but it was enough to gain a better appreciation of the cultural climate of the intelligence community. And these guys are the liberals. What legal efficiencies might their Republican successors be willing to employ to protect the American Way?
Without the comfortably familiar presence of the Soviets to hate and fear, we can expect to see a sharp increase in over-rated bogeymen and virtual states of emergency. This is already well under way. I think we can expect our drifting and confused hardliners to burn the Reichstag repeatedly until they have managed to extract from our induced alarm the sort of government which makes them feel safe.
This process has been under way for some time. One sees it in the war on terrorism, against which pursuit "no liberty is absolute," as Admiral Turner put it. This, despite the fact that, during last year for which I have a solid figure, 1987, only 7 Americans succumbed to terrorism.
You can also see it clearly under way in the War on Some Drugs. The Fourth Amendment to the Constitution has largely disappeared in this civil war. And among the people I spoke with, it seemed a common canon that drugs (by which one does not mean Jim Beam, Marlboros, Folger's, or Halcion) were a sufficient evil to merit the government's holding any more keys it felt the need for.
One individual close to the committee said that at least some of the afore-mentioned "spook wannabes" on the committee were "interested in weak cellular encryption because they considered warrants not to be "practical"when it came to pursuing drug dealers and other criminals using cellular phones."
In a miscellaneously fearful America, where the people cry for shorter chains and smaller cages, such privileges as secure personal communications are increasingly regarded as expendable luxuries. As Whitfield Diffie put it, "From the consistent way in which Americans seem to put security ahead of freedom, I rather fear that most of them would prefer that all electronic traffic was open to government decryption right now if they had given it any thought."
In any event, while I found no proof of an NSA-FBI conspiracy to gut the American cellular phone encryption standard, it seemed clear to me that none was needed. The same results can be delivered by a cultural "auto-conspiracy" between like-minded hardliners and cellular companies who will care about privacy only when their customers do.
You don't have to be a hand-wringing libertarian like me to worry about the domestic consequences of the NSA's encryption embargoes. They are also, as stated previously, bad for business, unless, of course, the business of America is no longer business but, as sometimes seems the case these days, crime control.
As Ron Rivest (the "R" in RSA) said to me, "We have the largest information based economy in the world. We have have lots of reasons for wanting to protect information, and weakening our encryption systems for the convenience of law enforcement doesn't serve the national interest."
But by early March, it had become clear that this supposedly business-oriented administration had made a clear choice to favor cops over commerce even if the costs to the American economy were to become extremely high.
A sense of White House seriousness in this regard could be taken from their response to the first serious effort by Congress to bring the NSA to task for its encryption embargoes. Rep. Mel Levine (D-Calif.) proposed an amendment to the Export Administration Act to transfer mass market software controls to the Commerce Department, which would relax the rules. The administration responded by saying that they would veto the entire bill if the Levine amendment remained attached to it.
Even though it appeared the NSA had little to fear from Congress, the Levine amendment may have been part of what placed the agency in a bargaining mood for the first time. They entered into discussions with the Software Publishers Association who, acting primarily on behalf of Microsoft and Lotus, got to them to agree "in principle" to a streamlined process for export licensing of encryption which might provide for more robust standards than have been allowed previously.
But the negotiations between the NSA and the SPA were being conducted behind closed doors, with the NSA-imposed understanding that any agreement they reached would be set forth only in a "confidential" letter to Congress. As in the case of the digital cellular standard, this would eliminate the public scrutiny by cryptography researchers which anneals genuinely hardened encryption.
Furthermore, some cryptographers worried that the encryption key lengths to which the SPA appeared willing to restrict its member publishers might be too short to provide much defense against the sorts of brute-force decryption assaults which advances in processor technology will yield in the fairly near future. And brute force has always been the NSA's strong suit.
Whether accurate or not, the impression engendered by the style of the NSA-SPA negotiations was not one of unassailable confidence. The lack of it will operate to the continued advantage of foreign manufacturers in an era when more and more institutions are going to be concerned about the privacy of their digital communications.
But the economic damage which the NSA-SPA agreement might cause would be minor compared to what would result from a startling new federal initiative, the Department of Justice's proposed legislation on digital telephony. If you're wondering what happened to the snooping provisions which were in Senate Bill 266, look no further. They're back. And they're bigger and bolder than ever.
They are contained in a sweeping proposal which have been made by the Justice Department to the Senate Commerce Committee for legislation which would "require providers of electronic communications services and private branch exchanges to ensure that the Government's ability to lawfully intercept communications is unimpeded by the introduction of advanced digital telecommunications technology or any other telecommunications technology."
Amazingly enough, this really means what it says: before any advance in telecommunications technology can be deployed, the service providers and manufacturers must assure the cops that they can tap into it. In other words, development in digital communications technology must come to a screeching halt until Justice can be assured that it will be able to grab and examine data packets with the same facility they have long enjoyed with analog wire-tapping.
It gets worse. The initiative also provides that, if requested by the Attorney General, "any Commission proceeding concerning regulations, standards or registrations issued or to be issued under authority of thiss ection shall be closed to the public." This essentially places the Attorney General in a position to shut down any telecommunications advance without benefit of public hearing.
When I first heard of the digital telephony proposal, I assumed it was a kind of bargaining chip. I couldn't imagine it was serious. But it now appears they are going to the mattresses on this one.
Taken together with NSA's continued assertion of its authority over encryption, a pattern becomes clear. The government of the United States is so determined to maintain law enforcement's traditional wire-tapping abilities in the digital age that it is willing to fundamentally cripple the American economy to do so. This may sound hyperbolic, but I believe it is not.
The greatest technology advantage this country presently enjoys is in the areas of software and telecommunications. Furthermore, thanks in large part to the Internet, much of America is already wired for bytes, as significant an economic edge in the Information Age as the existence of a railroad system was for England one hundred fifty years ago.
If we continue to permit the NSA to cripple our software and further convey to the Department of Justice the right to stop development the Net without public input, we are sacrificing both our economic future and our liberties. And all in the name of combatting terrorism and drugs.
This has now gone far enough. I have always been inclined to view the American government as pretty benign as such creatures go. I am generally the least paranoid person I know, but there is something scary about a government which cares more about putting its nose in your business than it does about keeping that business healthy.
As I write this, a new ad hoc working group on digital privacy, coordinated by the Electronic Frontier Foundation, is scrambling to meet the challenge. The group includes representatives from organizations like AT&T, the Regional Bells, IBM, Microsoft, the Electronic Mail Association and about thirty other companies and public interest groups.
Under the direction of Jerry Berman, EFF's Washington office director, and John Podesta, a capable lobbyist and privacy specialist who helped draft the ECPA, this group intends to stop the provisions in digital telephony proposal from entering the statute books.
We also intend to work with federal law enforcement officials to address their legitimate concerns. We don't dispute their need to conduct some electronic surveillance, but we believe this can be assured by more restrained methods than they're proposing.
We are also preparing a thorough examination of the NSA's encryption export policies and looking into the constitutional implications of those policies. Rather than negotiating behind closed doors, as the SPA has been attempting to do, America's digital industries have a strong self-interest in banding together to bring the NSA's procedures and objectives into the sunlight of public discussion.
Finally, we are hoping to open a dialog with the NSA. We need to develop a better understanding of their perception of the world and its threats. Who are they guarding us against and how does encryption fit into that endeavor? Despite our opposition to their policies on encryption export, we assume that NSA operations have some merit. But we would like to be able to rationally balance the merits against the costs.
We strongly encourage any organization which might have a stake in the future of digital communication to become involved. Letters expressing your concern may be addressed to: Sen. Ernest Hollings, Chairman, Senate Commerce Committee, U.S. Senate, Washington, DC and to Don Edwards, Chairman, Subcommitee on Constitutional Rights, House Judiciary Committee. (I would appreciate hearing those concerns myself. Feel free to copy me with those letters at my physical address, c/o P.O. Box 1009, Pinedale, WY 82941 or in Cyberspace, email@example.com.)
If your organization is interested in becoming part of the digital privacy working group, please contact EFF's Washington office at: 666 Pennsylvania Avenue SE, Suite 303, Washington, DC 20003, 202/544-9237, fax: 202/547-5481. EFFs also encourages individuasl interested in these issues to join the organization. Contact us at: Electronic Frontier Foundation, 155 Second Street, Cambridge, MA 02141, 617/864-0665, firstname.lastname@example.org.
The legal right to express oneself is meaningless if there is no secure medium through which that expression may travel. By the same token, the right to hold certain unpopular opinions is forfeit unless one can discuss those opinions with others of like mind without the government listening in.
Even if you trust the current American government, as I am still largely inclined to, there is a kind of corrupting power in the ability to create public policy in secret while assuring that the public will have little secrecy of its own.
In its secrecy and technological might, the NSA already occupies a very powerful position. And conveying to the Department of Justice what amounts to licensing authority for all communications technology would give it a control of information distribution rarely asserted over English-speaking people since Oliver Cromwell's Star Chamber Proceedings.
Are there threats, foreign or domestic, which are sufficiently grave to merit the conveyance of such vast legal and technological might? And even if the NSA and FBI may be trusted with such power today, will they always be trustworthy? Will we be able to do anything about it if they aren't?
Senator Frank Church said of NSA technology in 1975 words which are more urgent today:
"That capability at any time could be turned around on the American people and no American would have any privacy left. There would be no place to hide. If this government ever became a tyranny, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny. There would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capacity of this technology."
San Francisco, California Monday, May 4, 1992
Will Japan Jack In?
For the October, 1992
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
I am writing this column in a large aluminum tube somewhere over the Pacific Ocean, halfway between El Camino Real and the Ginza. A airliner over the gulf which separates the two parallel universes of the United States and Japan is probably the right "place" to think about culture on the electronic frontier. This is about as virtual an experience as one can have and bring his body along.
There are no landmarks anywhere in this viewshed. The cabin is darkened so the other (mostly Japanese) passengers can watch the American movie, but when I raise the shade and peer below, the sea is featureless and vast as the Net.
The design aesthetics inside this aircraft are classic Generican... as culturally inert as possible. Like most modern American corporate designers, be they decorating Marriotts or the Friendly Skies, the folks who picked these earth tones wished to offend no one, whether American, Japanese or Martian. It's as odorless and colorless as ascii, but it is this very aspect of it, the intentional absence of cultural content, which makes it both so perfectly American and so much in keeping with the rest of the Information Age.
When I first became conscious of the existance of Cyberspace, it didn't immediately dawn on me what an American place...one might even say colony...it is.
An American myself, I didn't find it strange that the Virtual World, from the televised sit-com barrens of the Global Suburbs to the linear vectors of international air traffic control to the Net itself, is a landscape where American English is the lingua franca and American "culture"dominates to the point of invisibility. As McLuhan once observed, "We don't know who it was that discovered water, but we're pretty sure it wasn't a fish."
That this should be the case is not surprising. In addition to being the being birthplace of both telephony and the Internet, America has always had a fascination with blank slates, an impulse to form itself unhindered on the conceptual map rather than adapt to the physical requrements of the landscape.
My first sense that there might be something parochial about my model of the Datasphere arrived not long after the Electronic Frontier Foundation began to make itself known on the Net.
At first, we presented outselves as an organization which primarily intended to assure the application of the First Amendment to digital media. I got a plaintive piece of e-mail from what was still the Soviet Union saying, in effect, "That's all very good, but what about us?" More of the same followed from such precincts as Canada and the United Kingdom. I realized that I had always thought... incorrectly...there was something inherently free about the English language.
Since then, we have placed less emphasis on the easily revised assurances of local law and more on promoting the more robust and natural protections provided by an architecture for Cyberspace which is commercially and technically open, ubiquitous, redundant, and cheap.
But, as I am now discovering, there are other barriers to jacking in which all the fiber, coax, RJ-11 outlets, and sensible rate structures in the world aren't going to overcome immediately. It may be that the most obdurate of these is cultural immune response.
Subtler questions arise. I mean, our aspirations to assure freedom of speech sound noble enough to our own American ears or even recently Soviet sensibilities, but this plane is about to land on an island where dwell millions of people for many of whom freedom of speech is a puzzling irrelevancy.
A Japanese magazine recently requested reprint and translation rights on an essay of mine which deals in part with person's right to speak his or her mind. They are trying to find someone to write an introduction which will attend to the trickier task of cultural translation. As one of their editors told me, "You are preaching the freedom of individuals, but that concept really doesn't exist here, constitutionally or otherwise."
By which I don't mean to suggest that Japan is not a "free country" in our terms. But the very word "free" may mean something profoundly different in a society which is in collective agreement, not due to the imposed ideological will of a despotic bureaucracy, but because they, well...agree.
I sense some restlessness with that agreement in certain surprising precincts of Japanese society. At a conference on globally networked computing in Oita Prefecture in February, I was astonished to hear a number of Japanese corporate officials, apparently orderly as soldiers in their blue pinstripes, proclaim enthusiastically the potential of the "Hypernetwork" (as they call Cyberspace) to tenderize the hierarchical rigidity of both own organizations and Japanese society.
It was a little disorienting. Imagine an IBM vice-president with his fist thrust passionately in the air and you'll get the idea,
But it occurred to me that, if they are right, no organism with an immune system as subtle and robust as that of the larger, unindividuated Japanese whole is going to admit without response a virus which promises to attack its structural integrity. And not without cause. This is, after all, a society which is also largely free of such artifacts of individuality as random and violent crime. It is a society which works to the satisfaction of most of its constuents who might be expected to ask, "Why fix it? It ain't broke."
Perhaps if there were other persuasive reasons for Japan to jack into the Net, they might be willing to tolerate the deconstructive risks of networked computing. But why would people whose language is written, not typed, be eager to enter an environment where they would have to express themselves in the hard little alphanumerics of lower ascii? In fact, the recently developed Kanji keyboard does make it possible for the Japanese to input their data with something besides a calligraphy brush.
Why would a people who speak very little English be eager to enter a place where little else is spoken? Why would a people who have shown themselves to resistant to the global cultural blender of American culture eagerly enter a place as thoroughly American as Cyberspace is today?
Then there is the most fundamental question: why would a society so deeply interlaced with ancient and completely de-bugged human networks want a cranky new one of our design?
That there are no ready answers to these questions probably accounts for the scarcity, relative to population and technological sophistication, of Japanese Internet connections and a subdued market for high-speed data links in general. Unless one counts fax traffic, little of what passes through Japan's wires is digital. The best estimates I can get from several different sources indicate only about five to ten percent of Japan's 10 million personal computers are connected to a modem. Of these, about 200,000 are subscribers to NEC's PCvan. NiftyServe also has about 200,000 subscribers, but it's thought that many of these are the same people.
NEC is very committed to changing all this and one sees its billboards everywhere extolling "C&C", it's trademarked Romanji icon for computers and communications. Unfortunately, NEC's beliefs in the future of this market are not shared by the institution which must provide much of the infrastructure for that connection, the Nippon Telephone and Telegraph Company, the stately bureaucracy which does the phone in Japans.
When I spoke with Koichiro Hayashi, NTT's vice president of Leased Line Services (now head of NTT America), he told me there were only about 12,500 ISDN hook-ups in Japan (as of February of this year). When I asked him why this was, he said he couldn't imagine a general market for ISDN. His beliefs had a cultural basis.
"What about telecommuting?" I asked. Many of the office workers in Tokyo spend up to four hours every day in the middle of the most hellish commute imaginable. Wouldn't it be better if they could only come into the office a couple of days a week? "Japanese will never accept working in the home," he said.
He went on to point out that being part of the group is something which requires direct physical proximity with one's fellow workers. (There are neither individual offices nor even divided cubicles in Japanese white collar environments.) He didn't say so, but he also inferred that managers wouldn't accept a system where they couldn't watch their workers all the time.
He also that fewer than 5 percent of Japan's lines are digitally switched and thus ISDN ready, a figure which NTT feels no compelling justification for changing any time soon. Again, its reasons are cultural. NTT feels a sense of familial responsbility to the 70,000 telephone operators who jobs would be endangered by converson to digital switches. They claim there is neither a market now, nor on the horizon, which would justifiy laying off any of those operators.
This might change fairly soon. The same renegade managers who welcome networked computing labor in organizations which are busily trying to provide technological answers to the questions asked above. They are hard at work on their own pen-based interfaces and Kanji character-recognition systems. These will shortly make computers usable to the vast majority of Japanese who understandably find the Kanji keyboard an unacceptable kludge.
They have also embraced multmedia (or New Media, as the Newspeak commissars at Apple have now decreed it be called) and Virtual Reality with considerably greater enthusiasm than their American counterparts. As the cognitive bandwidth of Cyberspace fattens from text into video, sound and 3-D Garoud-rendered body puppets, we can expect to see a Japanese interest both in computing and digital communications which will reveal our current lead in these fields to be less a matter of our superiority than their disinterest.
At that point, we might might see some stiffening of our own cultural immune response systems.
More and more American commerce is in"soft" products... media, content, works of the mind. Whether actual software, digitized Hollywood films, the latest bestsellers, rock 'n' roll, dirty pictures, inside dope, you name it, if it can be turned into ones and zeros, it will be.
Once digitized, information is free to slip from the old physical "bottles"to which we have always attached our protective marks and into its natural home, Cyberspace. Online, it will be as hard to own or contain as air. Harder, in fact, since, unlike air, digitized data is infinitely reproducable and and malleable.
As things stand, practically the only protection which can be afforded soft products is the cultural willingness of people to pay for them. Contrast the American software market (where at least some percentage of the users feel ethically bound to pay for the stuff) with the market in Europe (where almost no one does) and you get some sense of how important conscience becomes when enforcement becomes impractical.
For all of their recent self-protective patent-filing, the ownership of ideas is as culturally alien to the Asian conceptial frame as the ownership of real estate was to the Sioux. It just doesn't seem to make sense to them. (Possibly because it may not make sense, but that's a topic for another column...)
Are we really going to want to share Cyberspace with cultures don't feel morally bound by our concepts of property, especially if those concepts are backed neither by workable laws, nor clearly defined jurisdictions to pass them. nor realistic means of enforcing anything which did get passed?
Then there is the matter of paying for Cyberspace itself. In the past, this wasn't a problem. There were only a couple of ways to ship a bit from here to there. You could use the phone system or the Internet.
The phone companies, public or private, owned the phones and that which connected. They knew what they had and how much it cost to keep it up. They knew how many users there were, how much they used it, and, with a little basic arithmetic and some horse trading with the Public Utilities Commission, how much to charge for carrying your data across the country.
The Internet was always a something of an anarchy, created and maintained from the bottom largely by volunteers with a little help from the Military Industrial Complex up top, but it was too small to cost much and too unimportant to raise many alarms as grew in complexity beyond anyone's mapping abilities.
More to the point, digtal communication tended to stay either within the confines of the a country or a company. Either way, it was pretty clear who set the fares, who paid them, and who was using what service.
These days, the Internet extends around the globe, and is too important to rely entirely on grad students and an underfunded arm of the American government, the National Science Foundation. Besides, there's a lot of money to be made.
Now, any entity which can propagate a signal is lining up to get rich in the info transport racket. The Net floats in an increasingly baffling web of heterogeneous connections: the suddenly bidirectonal coax of cable TV providers, optical fiber owned by railroad lines, microwaves bounced from surplus Soviet satellites, packets from amateur radios, the whole mess woven and tangled into an impossible spagetti of chaotic unaccountability.
When I finish this column and dispatch it from the Roppongi section of Tokyo to ACM headquarters on west 42nd Street, will consist of about a hundred thousand voltage shifts. No one will nor could know all the wires, waves, hard disks, central processors, earth stations, and light tubes will convey them there. No one will know who owns all these various media nor how to pay each of them a fair toll for this column's way.
Somehow, it all works, by grace and spit, but one wonders how long it can continue to do so before differences between such rigid, centralized organizational approaches as Japan's NTT will be culturally incompatible with the increasingly incomprehensible ecosystem of American telecommuncations.
Will it be possible for companies like Sprint or PSI to enter Japan to simply pull an end run around NTT and get provide high speed packet switched service? (I saw an advertisment for SprintLink in the Japan Times this morning.) Will other indigenous Japanese digital service providers arise? Will NTT suddenly recognize the economic potential of connected computing?
It all adds up to this: digitally connecting the two most most advanced technology bases in the world is not going to be an easy or straight-forward process. Getting Japan jacked into the Net in any useful sense may take years. Until they can overcome their cultural aversions to this evironment we may find America all hooked up with nowhere to go.
It's kind of like an updated version of the old Koan: what is the sound of one modem handshaking?
Tokyo, Japan Thursday, July 30, 1992
Bill O' Rights Lite
For the March, 1993
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
I do not fear Satan half so much as I fear those who fear him.
-Saint Theresa of Avila
It's now been almost three years since I first heard of the Secret Service raids on Steve Jackson Games and the cyberurchins from the Legion of Doom. These federal exploits, recently chronicled in Bruce Sterling's book Hacker Crackdown, precipitated the formation of the Electronic Frontier Foundation and kicked loose an international digital liberties movement which is still growing by leaps and conferences.
I'm greatly encouraged by the heightened awareness among the citizens of the Global Net of our rights, responsibilities, and opportunities. I am also heartened that so many good minds now tug at the legal, ethical, and social riddles which come of digitizing every damned thing. The Social Contract of Cyberspace is being developed with astonishing rapidity, considering that we are all still deaf, dumb, and disembodied in here.
Meanwhile, back in the Physical World, I continue to be haunted by the words of the first lawyer I called on behalf of Steve Jackson, Phiber Optik, and Acid Phreak back in the Spring of 1990. This was Eric Lieberman of the prestigious New York civil liberties firm Rabinowitz, Boudin, Standard, Krinsky, and Lieberman. I told him how the Secret Service had descended on my acquaintances and taken every scrap of circuitry or magnetized oxide they could find. This had included not only computers and disks, but clock radios and audio cassettes.
I told him that, because no charges had been filed, the government was providing their targets no legal opportunity to get recoup their confiscated equipment and data. (In fact, most of the victims of Operation Sun Devil still have neither been charged nor had their property returned to them.)
The searches were anything but surgical and the seizures appeared directed less at gathering evidence than inflicting punishment without the bothersome formality of a trial. I asked Lieberman if Secret Service might not be violating the 4th Amendment's assurance of "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures."
He laughed bitterly. "I think if you take a look at case law for the last ten years or so, you will find that the 4th Amendment has pretty much gone away, " he said.
I did. He was right. A lot of what remained of it was flushed a year later when the Rehnquist Court declared that in the presence of "probable cause"...a phrase of inviting open-ness...law enforcement officials could search first and obtain warrants later.
Furthermore, I learned that through such sweeping prosecutorial enablements as RICO and Zero Tolerance, the authorities could enact their own unadjudicated administrative "fines" by keeping much of what they seized for their own uses.
(This incentive often leads to disproportionalities between "punishment"and "crime" which even ol' Kafka might have found a bit over the top. I know of one case in which the DEA acquired a $14 million dollar Gulfstream b izjet from a charter operator because one of its clients left half a gram of cocaine in its washroom.)
I tried to imagine a kind of interactive Bill of Rights in which Amendments would fade to invisibility as they became meaningless, but I knew that was hardly necessary. The citizens of Stalin's Soviet Union had a constitutional guarantee of free expression which obviously, like our own, allowed some room for judicial interpretation.
It occurred to me then that a more honest approach might be to maintain a concordant Bill of Rights, running in real time and providing up to the minute weather reports from the Federal Bench, but I never got around to it.
Recently I started thinking about it again. These thoughts were inspired partly by Dorothy Denning's apology for the FBI's Digital Telephony proposal (which appears elsewhere in this issue). I found her analysis surprisingly persuasive, but I also found it fundamentally based on an assumption I no longer share: the ability of the Bill of Rights to restrain government, now or in the future.
The men who drafted the United States Constitution and its first ten amendments knew something which we have largely forgotten: Governments exist to limit freedom. That's their job. And to the extent that utterly unbridled liberty seems to favor the reptile in us, a little government is not such a bad thing. But it never knows when to quit. As there is no limit to either human imagination or creativity in the wicked service of the Self, so it is always easy for our official protectors to envision new atrocities to prevent.
Knowing this, James Madison and company designed a government which was slightly broken up front. They intentionally created a few wrenches to cast into the works, and these impediments to smooth governmental operation were the Bill of Rights.
Lately though, we find ourselves living in a world where the dangers we perceive are creatures of information rather than experience. Since the devil one knows is always less fearsome than the worst one can imagine, there is no limit to how terrifying or potent these dangers can seem.
Very few of us, if any, have ever felt the malign presence of a real, live terrorist or drug lord or Mafia capo or dark side hacker or kiddy pornographer. They are projected into our consciousness by the media and the government, both of which profit directly from our fear of them. These enemies are, in our (tele)visions of them, entirely lacking in human decency or conscience. There is no reason they should be mollycoddled with constitutional rights.
And so, we have become increasingly willing to extend to government what the founding fathers would not: real efficiency. The courts, heartily encouraged by the older white suburbanites who still vote, have been updating the Bill of Rights to fit modern times and perils, without anyone's having to go through the cumbersome procedure of formal amendment.
The result, I would suggest with only a little sarcasm or hyperbole, has come to look something like this:
Bill o' Rights Lite
Congress shall encourage the practice of Judeo-Christian religion by its own public exercise thereof and shall make no laws abridging the freedom of responsible speech, unless such speech is in a digitized form or contains material which is copyrighted, classified, proprietary, or deeply offensive to non-Europeans, non-males, differently-abled or alternatively preferenced persons; or the right of the people peaceably to assemble, unless such assembly is taking place on corporate or military property or within an electronic environment, or to make petitions to the Government for a redress of grievances, unless those grievances relate to national security.
A well-regulated Militia having become irrelevant to the security of the State, the right of the people to keep and bear Arms against one another shall nevertheless remain uninfringed, excepting such arms as may be afforded by the poor or those preferred by drug pushers, terrorists, and organized criminals, which shall be banned.
No soldier shall, in time of peace, be quartered in any house, without the consent of the owner, unless that house is thought to have been used for the distribution of illegal substances.
The right of the people to be secure in their persons, houses, papers. and effects against unreasonable searches and seizures, may be suspended to protect public welfare, and upon the unsupported suspicion of law enforcement officials, any place or conveyance shall be subject to immediate search, and any such places or conveyances or property within them may be permanently confiscated without further judicial proceeding.
Any person may be held to answer for a capital, or otherwise infamous crime involving illicit substances, terrorism, or child pornography, or upon any suspicion whatever; and may be subject for the same offense to be twice put in jeopardy of life or limb, once by the State courts and again by the Federal Judiciary; and may be compelled by various means, including the forced submission of breath samples, bodily fluids, or encryption keys, to be a witness against himself, refusal to do so constituting an admission of guilt; and may be deprived of life, liberty, or property without further legal delay; and any property thereby forfeited shall be dedicated to the discretionary use of law enforcement agents.
In all criminal prosecutions, the accused shall enjoy the right to a speedy and private plea bargaining session before pleading guilty. He is entitled to the Assistance of underpaid and indifferent Counsel to negotiate his sentence, except where such sentence falls under federal mandatory sentencing requirements.
In Suits at common law, where the contesting parties have nearly unlimited resources to spend on legal fees, the right of trial by jury shall be preserved.
Sufficient bail may be required to ensure that dangerous criminals will remain in custody, where cruel punishments are usually inflicted.
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others which may be asserted by the Government as required to preserve public order, family values, or national security.
The powers not delegated to the United States by the Constitution, shall be reserved to the United States Departments of Justice and Treasury, except when the States are willing to forsake federal funding.
New York, New York January 3, 1993
A Plain Text on Crypto Policy
For the October, 1993 Electronic Frontier column in Communications of the ACM
by John Perry Barlow
The field of cryptography, for centuries accustomed to hermetic isolation within a culture as obscure as its own puzzles, is going public. People who thought algorithms were maybe something you needed to dig rap music are suddenly taking an active interest in the black arts of crypto.
We have the FBI and NSA to thank for this. The FBI was first to arouse public concerns about the future of digital privacy with its injection of language year before last into a major Senate anti-crime bill (SB 266) which would have registered the congressional intent that all providers of digitized communications should provide law enforcement with analog access to voice and data transmissions of their subscribers.
When this was quietly yanked in committee, they returned with a proposed bill called Digital Telephony. If passed, it would have essentially called a halt to most American progress in telecommunications until they could be assured of their continued ability to wiretap. Strange but true.
They were never able to find anyone in Congress technologically backward enough to introduce this oddity for them, but they did elevate public awareness of the issues considerably.
The National Security Agency, for all its (unknown but huge) budget, staff, and MIPS, has about as much real world political experience as the Order of Trappists and has demonstrated in its management of cryptology export policies the maddening counter-productivity that is the usual companion of inexperience.
The joint bunglings of these two agencies were starting to infuriate a lot of people and institutions who are rarely troubled by Large Governmental Foolishness in the Service of Paranoia. Along with all the usual paranoids, of course.
Then from the NSA's caverns in Fort Meade, Maryland there slouched a chip called Clipper.
For those of you who just tuned in (or who tuned out early), the Clipper Chip...now called Skipjack owing to a trademark conflict...is a hardware encryption device that NSA designed under Reagan-Bush. In April it was unveiled by the Clinton Administration and proposed for both governmental and public use. Installed in phones or other telecommunications tools, it would turn any conversation into gibberish for all but the speaker and his intended listener, using a secret military algorithm.
Clipper/Skipjack is unique, and controversial, in that it also allows the agents of government to listen under certain circumstances. Each chip contains a key that is split into two parts immediately following manufacture. Each half is then placed in the custody of some trusted institution or "escrow agent."
If, at some subsequent time, some government agency desires to legally listen in on the owner of the communications device in which the chip has been placed, it would present evidence of "lawful authority" to the escrow holders. They will reveal the key pairs, the agency will join them, and begin listening to the subject's unencrypted conversations.
(Apparently there are other agencies besides law enforcement who can legally listen to electronic communications. The government has evaded questions about exactly who will have access to these keys, or for that matter, what, besides an judicial warrant, constitutes the "lawful authority" to which they continually refer.)
Clipper/Skipjack was not well received. The blizzard of anguished ASCII it summoned forth on the Net has been so endlessly voluble and so painstaking in its "How-many-Cray-Years-can-dance-on-the-head-of-a-Clipper-Chip"technical detail that I would guess all but the real cypherpunks are by now data-shocked into listlessness and confusion.
Indeed, I suspect that even many readers of this publication...a group with prodigious capacity for assimilating the arid and obscure...are starting to long for the days when their knowledge of cryptography and the public policies surrounding it was limited enough to be coherent.
So I almost hesitate to bring the subject up. Yet somewhere amid this racket, decisions are being made that will profoundly affect your future ability to communicate without fear. Those who would sacrifice your liberty for their illusions of public safety are being afforded some refuge by the very din of opposition.
In the hope of restoring both light and heat to the debate, I'm going to summarize previous episodes, state a few conclusions I've drawn about the current techno-political terrain, and recommend positions you might consider taking, as well as actions that might support them.
Clipper/Skipjack Really Is A Dumb Idea.
When I first heard about Clipper/Skipjack, I thought it might not be such a bad idea. This false conclusion was partly due to the reality distorting character of the location...I was about fifty feet away from the Oval Office at the time...but it also seemed like one plausible approach to what may be the bright future of crime in the Virtual Age.
I mean, I can see what the Guardian Class is worried about. The greater part of business is already being transacted in Cyberspace. Most of the money is there. At the moment, however, most of the monetary bits in there are being accounted for. Accounting is digital, but cash is not.
It is imaginable that, with the widespread use of digital cash and encrypted monetary exchange on the Global Net, economies the size of America's could appear as nothing but oceans of alphabet soup. Money laundering would no longer be necessary. The payment of taxes might become more or less voluntary. A lot of weird things would happen after that...
I'm pretty comfortable with chaos, but this is not a future I greet without reservation.
So, while I'm not entirely persuaded that we need to give up our future privacy to protect ourselves from drug dealers, terrorists, child molesters, and un-named military opponents (the Four Horsemen of Fear customarily invoked by our protectors), I can imagine bogeymen whose traffic I'd want visible to authority.
Trouble is, the more one learns about Clipper/Skipjack, the less persuaded he is that it would do much to bring many actual Bad Guys under scrutiny.
As proposed, it would be a voluntary standard, spread mainly by the market forces that would arise after the government bought a few tons of these chips for their own "sensitive but unclassified" communications systems. No one would be driven to use it by anything but convenience. In fact, no one with any brains would use it if he were trying to get away with anything.
In fact, the man who claims to have designed Clipper's basic specs, Acting NIST Director Ray Kammer, recently said, "It's obvious that anyone who uses Clipper for the conduct of organized crime is dumb." No kidding. At least so long as it's voluntary.
Under sober review, there mounted an incredibly long list of reasons to think Clipper/Skipjack might not be a fully-baked idea. In May, after a month of study, the Digital Privacy and Security Working Group, a coalition of some 40 companies and organizations chaired by the Electronic Frontier Foundation (EFF), sent the White House 118 extremely tough questions regarding Clipper, any five of which should have been sufficient to put the kibosh on it.
The members of this group were not a bunch of hysterics. It includes DEC, Hewlett-Packard, IBM, Sun, MCI, Microsoft, Apple, and AT&T (which was also, interestingly enough, the first company to commit to putting Clipper/Skipjack in its own products).
Among the more troubling of their questions:
* Who would the escrow agents be?
* What are Clipper's likely economic impacts, especially in regard to export of American digital products?
* Why is its encryption algorithm secret and why should the public have confidence in a government-derived algorithm that can't be privately tested?
* Why is Clipper/Skipjack being ram-rodded into adoption as a government standard before completion of an over-all review of U.S. policies on cryptography?
* Why are the NSA, FBI, and NIST stone-walling Freedom of Information inquiries about Clipper/Skipjack? (In fact, NSA's response has been, essentially, "So? Sue us.")
* Assuming Clipper/Skipjack becomes a standard, what happens if the escrow depositories are compromised?
* Wouldn't these depositories also become targets of opportunity for any criminal or terrorist organization that wanted to disrupt US. law enforcement?
* Since the chip transmits its serial number at the beginning of each connection, why wouldn't it render its owner's activities highly visible through traffic analysis (for which government needs no warrant)?
* Why would a foreign customer buy a device that exposed his conversations to examination by the government of the United States?
* Does the deployment and use of the chip possibly violate the 1st, 4th, and 5th Amendments to the U.S. Constitution?
* In its discussions of Clipper/Skipjack, the government often uses the phrase "lawfully authorized electronic surveillance." What, exactly, do they mean by this?
* Is it appropriate to insert classified technology into either the public communications network or into the general suite of public technology standards?
And so on and so forth. As I say, it was a very long list. On July 29, John D. Podesta, Assistant to the President and White House Staff Secretary (and, interestingly enough, a former legal consultant to EFF and Co-Chair of the Digital Privacy Working Group), responded to these questions. He actually answered few of them.
Still un-named, undescribed, and increasingly unimaginable were the escrow agents. Questions about the inviolability of the depositories were met with something like, "Don't worry, they'll be secure. Trust us."
There seemed a lot of that in Podesta's responses. While the government had convened a panel of learned cryptologists to examine the classified Skipjack algorithm, it had failed to inspire much confidence among the crypto establishment, most of whom were still disinclined to trust anything they couldn't whack at themselves. At the least, most people felt a proper examination would take longer than the month or so the panel got. After all, it took fifteen years to find a hairline fissure in DES .
But neither Podesta nor any other official explained why it had seemed necessary to use a classified military algorithm for civilian purposes. Nor were the potential economic impacts addressed. Nor were the concerns about traffic analysis laid to rest.
But as Thomas Pynchon once wrote, "If they can get you asking the wrong questions, they don't have to worry about the answers." Neither asked nor answered in all of this was the one question that kept coming back to me: Was this trip really necessary?
For all the debate over the details, few on either side seemed to be approaching the matter from first principles. Were the enshrined threats...drug dealers, terrorists, child molesters, and foreign enemies...sufficiently and presently imperiling to justify fundamentally compromising all future transmitted privacy?
I mean...speaking personally now...it seems to me that America's greatest health risks derive from the drugs that are legal, a position the statistics overwhelmingly support. And then there's terrorism, to which we lost a total of two Americans in 1992, even with the World Trade Center bombing, only 6 in 1993. I honestly can't imagine an organized ring of child molesters, but I suppose one or two might be out there. And the last time we got into a shooting match with another nation, we beat them by a kill ratio of about 2300 to 1.
Even if these are real threats, was enhanced wire-tap the best way to combat them? Apparently, it hasn't been in the past. Over the last ten years the average total nation-wide number of admissible state and federal wire-taps has numbered less than 800. Wire-tap is not at present a major enforcement tool, and is far less efficient than the informants, witnesses, physical evidence, and good old fashioned detective work they usually rely on.
(It's worth noting that the World Trade Center bombing case unraveled, not through wire-taps, but with the discovery of the axle serial number on the van which held the explosives.)
Despite all these questions, both unasked and unanswered, Clipper continues (at the time of this writing) to sail briskly toward standardhood, the full wind of government bearing her along.
On July 30, NIST issued a request for public comments on its proposal to establish Clipper/Skipjack as a Federal Information Processing Standard (FIPS). All comments are due by September 28, and the government seems unwilling to delay the process despite the lack of an overall guiding policy on crypto. Worse, they are putting a hard sell on Clipper/Skipjack without a clue as to who might be escrow holders upon whose political acceptability the entire scheme hinges.
Nor have they addressed the central question: why would a criminal use a key escrow device unless he were either very stupid...in which case he'd be easily caught anyway...or simply had no choice.
All this leads me to an uncharacteristically paranoid conclusion:
The Government May Mandate Key Escrow Encryption and Outlaw Other Forms.
It is increasingly hard for me to imagine any other purpose for the Clipper/Skipjack operetta if not to prepare the way for the restriction of all private cryptographic uses to a key escrow system. If I were going to move the American people into a condition where they might accept restrictions on their encryption, I would first engineer the wide-spread deployment of a key escrow system on a voluntary basis, wait for some blind sheik to slip a bomb plot around it and then say, "Sorry, folks this ain't enough, it's got to be universal."
Otherwise, why bother? Even its most ardent proponents admit that no intelligent criminal would trust his communications to a key escrow device. On the other hand, if nearly all encrypted traffic were Skipjack-flavored, any transmission encoded by some other algorithm would stick out like a licorice Dot.
In fact, the assumption that Cyberspace will roar one day with Skipjack babble lies behind the stated reason for the secrecy for the algorithm. In their Interim Report, the Skipjack review panel puts it this way:
Disclosure of the algorithm would permit the construction of devices that fail to properly implement the LEAF [or Law Enforcement Access Field], while still interoperating with legitimate SKIPJACK devices. Such devices would provide high quality cryptographic security without preserving the law enforcement access capability that distinguishes this cryptographic initiative.
In other words, they don't want devices or software out there that might use the Skipjack algorithm without depositing a key with the escrow holders. (By the way, this claim is open to question. Publishing Skipjack would not necessarily endow anyone with the ability to build an interoperable chip.)
Then there was the conversation I had with a highly-placed official of the National Security Council in which he mused that the French had, after all, outlawed the private use of cryptography, so it weren't as though it couldn't be done. (He didn't suggest that we should also emulate France's policy of conducting espionage on other countries' industries, though wide-spread international use of Clipper/Skipjack would certainly enhance our ability to do so.)
Be that as it may, France doesn't have a Bill of Rights to violate, which it seems to me that restriction of cryptography in America would do on several counts.
Mandated encryption standards would fly against the First Amendment, which surely protects the manner of our speech as clearly as it protects the content. Whole languages (most of them patois) have arisen on this planet for the purpose of making the speaker unintelligible to authority. I know of no instance where, even in the oppressive colonies where such languages were formed, that the slave-owners banned their use.
Furthermore, the encryption software itself is written expression, upon which no ban may be constitutionally imposed. (What, you might ask then, about the constitutionality of restrictions on algorithm export. I'd say they're being allowed only because no one ever got around to testing from that angle.)
The First Amendment also protects freedom of association. On several different occasions, most notably NAACP v. Alabama ex rel. Patterson and Talley vs. California, the courts have ruled that requiring the disclosure of either an organization's membership or the identity of an individual could lead to reprisals, thereby suppressing both association and speech. Certainly in a place like Cyberspace where everyone is so generally "visible," no truly private "assembly" can take place without some technical means of hiding the participants.
It also looks to me as if the forced imposition of a key escrow system might violate the Fourth and Fifth Amendments.
The Fourth Amendment prohibits secret searches. Even with a warrant, agents of the government must announce themselves before entering and may not seize property without informing the owner. Wire-taps inhabit a gray-ish area of the law in that they permit the secret "seizure" of an actual conversation by those actively eavesdropping on it. The law does not permit the subsequent secret seizure of a record of that conversation. Given the nature of electronic communications, an encryption key opens not only the phone line but the filing cabinet.
Finally, the Fifth Amendment protects individuals from being forced to reveal self-incriminating evidence. While no court has ever ruled on the matter vis a vis encryption keys, there seems something involuntarily self-incriminating about being forced to give up your secrets in advance. Which is, essentially, what mandatory key escrow would require you to do.
For all these protections, I keep thinking it would be nice to have a constitution like the one just adopted by our largest possible enemy, Russia. As I understand it, this document explicitly forbids governmental restrictions on the use of cryptography.
For the moment, we have to take our comfort in the fact that our government...or at least the parts of it that state their intentions...avows both publicly and privately that it has no intention to impose key escrow cryptography as a mandatory standard. It would be, to use Podesta's mild word, "imprudent."
But it's not Podesta or anyone else in the current White House who worries me. Despite their claims to the contrary, I'm not convinced they like Clipper any better than I do. In fact, one of them...not Podesta...called Clipper "our Bay of Pigs," referring to the ill-fated Cuban invasion cooked up by the CIA under Eisenhower and executed (badly) by a reluctant Kennedy Administration. The comparison may not be invidious.
It's the people I can't see who worry me. These are the people who actually developed Clipper/Skipjack and its classified algorithm, the people who, through export controls, have kept American cryptography largely to themselves, the people who are establishing in secret what the public can or cannot employ to protect its own secrets. They are invisible and silent to all the citizens they purportedly serve save those who sit the Congressional intelligence committees.
In secret, they are making for us what may be the most important choice that has ever faced American democracy, that is, whether our descendants will lead their private lives with unprecedented mobility and safety from coercion, or whether every move they make, geographic, economic, or amorous, will be visible to anyone who possesses whatever may then constitute "lawful authority."
Who Are the Lawful Authorities?
Over a year ago, when I first fell down the rabbit hole into Cryptoland, I wrote a Communications column called Decrypting the Puzzle Palace. In it, I advanced what I then thought a slightly paranoid thesis, suggesting that the NSA-guided embargoes on robust encryption software had been driven not by their stated justification (keeping good cryptography out of the possession of foreign military adversaries) but rather restricting its use by domestic civilians.
In the course of writing that piece, I spoke to a number of officials, including former CIA Director Stansfield Turner and former NSA Director Bobby Ray Inman, who assured me that using a military organization to shape domestic policy would be "injudicious" (as Turner put it), but no one could think of any law or regulation that might specifically prohibit the NSA from serving the goals of the Department of Justice.
But since then I've learned a lot about the hazy Post-Reagan/Bush lines between law enforcement and intelligence. They started redrawing the map of authority early in their administration with Executive Order 12333, issued on December 4, 1981. (Federal Register #: 46 FR 59941)
This sweeping decree defines the duties and limitations of the various intelligence organizations of the United States and contains the following language:
1.4 The Intelligence Community. The agencies within the Intelligence Community shall...conduct intelligence activities necessary for the... protection of the national security of the United States, including: ... (c) Collection of information concerning, and the conduct of activities to protect against, intelligence activities directed against the United States, international terrorist and international narcotics activities, and other hostile activities directed against the United States by foreign powers, organizations, persons, and their agents; (Italics Added)
Further, in Section 2.6, Assistance to Law Enforcement Authorities, agencies within the Intelligence Community are
authorized to...participate in law enforcement activities to investigate or prevent clandestine intelligence activities by foreign powers, or international terrorist or narcotics activities.
In other words, the intelligence community was specifically charged with investigative responsibility for international criminal activities in the areas of drugs and terrorism.
Furthermore, within certain fairly loose guidelines, intelligence organizations are "authorized to collect, retain or disseminate information concerning United States persons" that may include "incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws."
Given that the NSA monitors a significant portion of all the electronic communications between the United States and other countries, the opportunities for "incidentally obtaining" information that might incriminate Americans inside America are great.
Furthermore, over the course of the Reagan/Bush administration, the job of fighting the War on Some Drugs gradually spread to every element of the Executive Branch.
Even the Department of Energy is now involved. At an Intelligence Community conference last winter I heard a proud speech from a DOE official in which he talked about how some of the bomb-designing supercomputers at Los Alamos had been turned to the peaceful purpose of sifting through huge piles of openly available data...newspapers, courthouse records, etc....in search of patterns that would expose drug users and traffickers. They are selling their results to a variety of "lawful authorities," ranging from the Southern Command of the U.S. Army to the Panamanian Defense Forces to various County Sheriff's Departments.
"Fine," you might say, "Drug use is a epidemic that merits any cure." But I would be surprised if there's anyone who will read this sentence who has broken no laws whatever. And it's anybody's guess what evidence of other unlawful activities might be "incidentally obtained" by such a wide net as DOE is flinging.
The central focus that drugs and terrorism have assumed within the intelligence agencies was underscored for me by a recent tour of the central operations room at the CIA. There, in the nerve center of American intelligence, were desks for Asia, Europe, North America, Africa and "Middle East/Terrorism," and "South America/Narcotics." These bogeymen are now the size of continents on the governmental map of peril.
Given this perception of its duties, the NSA's strict opposition to the export of strong cryptographic engines, hard or soft, starts to make more sense. They are not, as I'd feared, so clue-impaired as to think their embargoes are denying any other nation access to good cryptography. (According to an internal Department of Defense analysis of crypto policy, it recently took 3 minutes and 14 seconds to locate a source code version of DES on the Internet.)
Nor do they really believe these policies are enhancing national security in the traditional, military sense of the word, where the U.S. is, in any case, already absurdly over-matched to any national adversary, as was proven during the Gulf War.
It's the enemies they can't bomb who have them worried, and they are certainly correct in thinking that the communications of drug traffickers and whatever few terrorists as may actually exist are more open to their perusal than would be the case in a world where even your grandmother's phone conversations were encrypted.
And Clipper or no Clipper, such a world would be closer at hand if manufacturers hadn't known than any device that embodies good encryption would not be fit for export.
But with Clipper/Skipjack, there is a lot that the combined forces of government will be able to do to monitor all aspects of your behavior without getting a warrant. Between the monitoring capacities of the NSA, the great data-sieves of the Department of Energy, and the fact that, in use, each chip would continually broadcast the whereabouts of its owner, the government would soon be able to isolate just about every perpetrator among us.
I assume you're neither a drug-user nor a terrorist, but are you ready for this? Is your nose that clean? Can it be prudent to give the government this kind of corrupting power?
I don't think so, but this is what will happen if we continue to allow the secret elements of government to shape domestic policy as though the only American goals that mattered were stopping terrorism (which seems pretty well stopped already) and winning the War on Some Drugs (which no amount of force will ever completely win).
Unfortunately, we are not able to discuss priorities with the people who are setting them, nor do they seem particularly amenable to any form of authority. In a recent discussion with a White House official, I asked for his help in getting the NSA to come out of its bunker and engage in direct and open discussions about crypto embargoes, key escrow, the Skipjack algorithm, and the other matters of public interest.
"I'll see what we can do," he said.
"But you guys are the government," I protested. "Surely they'll do as you tell them."
"I'll see what we can do," he repeated, offering little optimism.
That was months ago. In the meantime, the NSA has not only remained utterly unforthcoming in public discussions of crypto policy, they have unlawfully refused to comply with any Freedom of Information Act requests for documents in this area.
It is time for the public to reassert control over their own government. It is time to demand that public policy be made in public by officials with names, faces, and personal accountability.
When and if we are able to actually discuss crypto policy with the people who are setting it, I have a list of objectives that I hope many of you will share. There are as follows:
A Policy on Cryptography
1. There should no law restricting any use of cryptography by private citizens.
2. There should be no restriction on the export of cryptographic algorithms or any other instruments of cryptography.
3. Secret agencies should not be allowed to drive public policies.
4. The taxpayer's investment in encryption technology and related mathematical research should be made available for public and scientific use. 5. The government should encourage the deployment of wide-spread encryption.
6. While key escrow systems may have purposes, none should be implemented that places the keys in the hands of government.
7. Any encryption standard to be implemented by the government should developed in an open and public fashion and should not employ a secret algorithm.
And last, or perhaps, first...
8. There should be no broadening of governmental access to private communications and records unless there is a public consensus that the risks to safety outweigh the risks to liberty and will be effectively addressed by these means.
If you support these principles, or even if you don't, I hope you will participate in making this a public process. And there are a number of actions you can take in that regard.
The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack"key-escrow system as a Federal Information Processing Standard. You've got until September 28 to tell them what you think of that. Comments on the NIST proposal should be sent to:
Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899
If you belong to or work for an organization, you can encourage that organization to join the Digital Privacy Working Group. To do so they should contact EFF's Washington office at:
Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 202/347-5400 Fax 202/393-5509 email@example.com
I also encourage individuals interested in these issues to either join EFF, Computer Professionals for Social Responsibility, or one of the related local organizations which have sprung up around the country. For the addresses of a group in your area, contact EFF.
Dad's Invisible Guard-All Shield
For the April, 1993
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
The fathers have eaten a sour grape, and the children's teeth are set on edge. --Jeremiah 31:29
Some years back, when I was still a Wyoming environmentalist, I found myself crossing South Pass with an old sheep rancher I knew. We were going to a federal hearing in Casper where, as an ideologically committed resource rapist, he would be my principal opponent. I can't remember the issue at contest. Probably strip-mine reclamation or something. That memory is blurred by the more vivid recollection of sun dogs through the tinted windows of his Olds Tornado and something he said to me that winter afternoon.
Our opinions had few intersections, but we liked each other. Our opposition was cultural, not personal. He had his sense of Nature and what one might responsibly do to Her. I had mine. We'd been arguing for about an hour, getting nowhere near any joint accommodation, when old Leonard leaned back and said, "Well, John Perry, look at it this way. Someday I'll be dead and you won't."
By this he meant that a time would come when world management would be up to me and others of my generation. Then it would be ours to mess up as we saw fit. Of course, he was also saying that we should wait patiently while his generation continued to mess it up as they saw fit. But still, he had a point.
Over the last year I've frequently found myself close to the places from which the world really does get managed, to whatever little degree it doesn't somehow manage itself. As Leonard predicted, the good old boys are now mostly either dead or terminally golfing. For the first time in my life, the President is a contemporary.
During its first year, Bill 'n' Al's Excellent Adventure seemed proof that, however unwillingly, the previous generation had finally relaxed their defining grip on the dominant American Reality. It looked like the stiff-lipped, big-fisted, team-playing, can-do geopolitical style to which they adapted while coming of age in World War II might finally be ready for History's Yard Sale.
But now I begin to wonder if they haven't out-foxed us after all. Like Pharaohs booby-trapping the Pyramids, they have left behind great institutional automata which will keep much of government dancing to Sinatra (and all the cultural perceptions and values he embodies) until the Dead finally are. They are reaching out from the grave (or some back nine at Palm Desert) and defining the New World Order around the same old paranoid paradigm.
The Sixties were a scary time for everyone. I, for one, fully intended to bring about The End of Civilization as We Knew It. Of course, the guardians of that Civilization responded accordingly. First, they disinherited the lot of us. Then they remained in office themselves much longer than is usually the custom any place but Beijing or Salt Lake City. Then whenever possible, they passed the torch over to our younger siblings who, being more generally comfortable in a nice blue serge, were less likely to conduct government by apocalypse.
Given what was going down at the time, I could hardly blame the old guys for their reaction to us. And, in retrospect, I am even forced to admit that a few of their policies, most notably Mutually Assured Destruction, were not as mad as they seemed to me then. After all, there hasn't been a global bloodbath since the one they fought in. It may well be that such vile psychic weather as used to blow up every generation was prevented by their tight forty year focus on assuring the Soviets that attacking us was tantamount to committing national suicide.
But maintaining that threat also meant keeping my peacenik kind away from the hideous machines which would carry it out, so they protected them behind billowing ink-clouds of secrecy and semi-permeable political membranes called security clearances.
The latter included, as a prerequisite to serious government service, being asked the following questions (from National Agency Questionnaire (NAQ) DD Form 398-2):
Question 20: Drug/Alcohol Use and Mental Health ("YES" answers must be explained in accordance with DETAILED INSTRUCTIONS)
a. Have you ever tried or used or possessed any narcotic (to include heroin or cocaine), depressant, (to include quaaludes), stimulant, hallucinogen, (to include LSD or PCP), or cannabis (to include marijuana or hashish), or any mind-altering substance (to include glue or paint), even one time or on an experimental basis, except as prescribed by a licensed physician.
b. Have you ever been involved in the illegal purchase, manufacture, trafficking, production, or sale of any narcotic, depressant, stimulant, hallucinogen, or cannabis?
c. Have you ever misused or abused any drug prescribed by a licensed physician for yourself or someone else?
e. Have you ever been treated for a mental, emotional, psychological, or personality disorder/condition/problem?
The "DETAILED INSTRUCTIONS" say:
If "Yes" is answered to any of the questions in this item, describe the circumstance in item 14, in accordance with the following explanations. If necessary, attach additional sheets for a full detailed statement.
a. Drug Use/Possession. A listing of those drugs which have been designated as controlled substances is located on the last page of these instructions. If you used any of these drugs, or any other mind-altering substances, mark "Yes", and provide in Item 14, the following details:
* Drug(s) used/possessed * Date(s) of use/possession * Frequency of use/possession * Intentions regarding future use/possession * City and state (or country if not in U.D.) where used/possessed * Circumstances surrounding use/possession
IF MORE THAN ONE DRUG HAS BEEN USED/POSSESSED, PROVIDE THE Information ABOVE FOR EACH DRUG SEPARATELY
b. Drug Activity. The drugs referred to are again those listed on the attachment or any other mind-altering substances. If "Yes", you must indicate on the NAQ the activity (or activities) in which you were involved by circling "purchase", "manufacture", "trafficking", "production", or "sale" and provide in Item 14 the following details:
* drugs involved * Dates(s) of activity * Number of times you participated in activity * Current activity * Intentions regarding future activity * City and state (or country if not in U.S.) where activity took place * Circumstances surrounding activity
AGAIN, IF MORE THAN ONE DRUG IS INVOLVED, PROVIDE SPECIFIC INFORMATION FOR EACH DRUG SEPARATELY.
Now I'm probably a special case, but I don't have very many friends or colleagues who could remember detailed answers to such a quiz, let alone find time to answer them in the required detail. Then of course there's the matter the matter of self-incrimination. Or the fact that either way, you don't get the job.
Even if you were perfectly straight with regard to other drugs besides the legal ones, getting a security clearance requires that neither you nor your friends are made uncomfortable by having FBI agents inquiring into the finer shades of your sexual settings (and, sex being what it is, almost everyone has some minor oddity in the closet), your political associations, your personal associations, or any of the other details of a life which might deviate from their own pious path.
A security clearance is, in other words, a cultural filter which is designed to assure that the higher reaches of government will be staffed by the conventional, the dutiful (generally younger or older than me), the strangely old paradigm Dan Quayle types nobody wanted to hang out with in college, or those of us who are willing to swear under oath that we never did any of the things that most of my generation did several times a week. (And that, in many cases, they still do.)
In fact, it assures that America will be run by people who are temperamentally quite different from the people they serve, unless you think that most Americans are like FBI agents and career military officers. (I think it's safe to say that a majority of the members of Association of Computing Machinery would have a hard time making it through this invisible Guard-All shield.) It certainly assures that it will be run by people who have roughly the same values, perceptions, view of the world...the same culture...which our fathers had. (Note that I do not say "mothers.")
Thanks to this engine of cultural self-propagation, the official culture of American government is straight from the Fifties. In the view of most of those now gathered around the misty summits of power, the Sixties were a period in which you either didn't participate or only did so by some mistake of which you are now soundly repentant. They were an experiment that failed. There was nothing to be learned from them. No consciousness was altered for the better.
Indeed, consciousness is not a word they use there much, and certainly not in reference to anything more than the difference between waking and sleeping. In short, not much has changed in a very long time. Nor is it likely to in a environment in which the prevailing sentiment is that all change is for the worse.
Elsewhere, of course, things have changed, rather fundamentally and in many ways that arise directly from the lessons, insights, technologies, and paradigm shifts cut loose by the Sixties.
Elsewhere, the Cold War is over and America has other jobs besides preserving its borders against hostile attack. Indeed, all the political, cultural, and geographical boundaries over which humans glowered at one another from World War II until a few years ago seem barely functional constructs in the instantaneous reality most of us now inhabit.
The very idea which is so central to those who can get security clearances...the primacy of national security...bases itself on the premise that there is a clearly defined Nation to secure, that national borders are still meaningful, that there is something like an American consensus.
Exactly what is the United States of America these days? I recently asked a couple of Clinton/Gore staffers this question. What, I wanted to know, did they regard it their duty to protect?
Whatever pays taxes to Washington? Whatever lies within our traditional geographical boundaries? Whomever speaks English with an American accent, believes in Jesus and free markets, and beams his global reality from CNN above?
They looked at me funny, of course. "That's not the kind of question we ask around the White House," one of them said, dismissing me for some kind of precious Post-Modernist ninny. They didn't ask questions like that because, as my father (or old Leonard) would have said, it just isn't practical.
However similar these fellows were to me in their age, education, intelligence, and general commitment to the human commonweal, they were on the other side of that cultural barricade, our fathers' side. They had security clearances. They had passed through a filter which vouchsafed their adherence to a paradigm which hasn't been mine since that fine day back in 1967 when I dropped acid for the first time, eliminating my shot of ever simultaneously being both an honest man and a high government official
I also eliminated on that day my sense that reality was a fact and not an opinion. But for these fellows, there were no new realities to accommodate because, as our fathers knew before us, reality is not something which might be mutable. Reality just is. As it always has been. World without end. That it might now be impractical not to ask such questions, or that failure to do so might be a form of institutionalized denial, has not apparently occurred to many in this or any other government in my lifetime.
The purpose of the foregoing rant is not quite as self-serving as it might appear. I'm not simply another old hippie belly-aching about his shattered dreams, though I'm certainly vulnerable to the charge. Nor am I whining over being excluded from government, nor even bragging that my mind is too expanded to fit through the artificially narrowed portals of power. It's also expanded enough to know that power is itself a largely delusory condition from which I am well enough pleased to be excluded.
Rather, I'm trying to give you a context in which to understand a number of government actions and policies which baffled me until I understood who was promulgating them, how their directors looked at the world, and why that particular world view, quaint though it is, still seems to be in the promulgative driver's seat.
Readers of this column will hardly be surprised at the policies which snap most readily to my mind. They're things like:
* Export embargoes on encryption products and indeed, on knowledge about encryption despite the incredible porosity of the environment where such things exist.
* Digital Telephony and its underlying assumption that the ability to conduct surveillance on American citizens is more important than progress in our most economically promising technology: telecommunications.
* The Clipper Chip. Of course.
* Information infrastructure policies which seem to assume that there is a national Net which is somehow sublimely abstracted from the international Net.
* The belief that that this spreading digital neurology really is like the Interstate Highway System with all the imposed Fifties-style centralization of design, funding, and, most of all, susceptibility to control inherent in such an architecture.
* And, of course, continuing astronomical expenditures on "national security" at a time when when the greatest collective threat we face is the deficit that these outlays are ramming deeper into the red.
What these policies have in common is an underlying assumption that we still live on the crisply divided planet of our father's experience, a world where the Us/Them dichotomy is not open to conjecture and where They are so depraved and well-armed that few measures are too extreme to ensure our safety from them.
Those of who live in the world as it has become, and particularly those of us who live on the Net, may find it hard to believe that there enough Old Paradigm types left to staff the power end of the Executive Branch. But, as I say, the security clearance filter has managed to catch the few that are available.
In addition, the more evolved people who did somehow make the cut (usually by some lawyerly gavotte around certain questions) are soon subsumed into the mind-field on the other side of the security membrane. In a fairly short time, they drink that Kool-Aid and the result is straight out of Invasion of the Body Snatchers.
I got a close-up look at this phenomenon recently while trying, with pitiful futility, to convince various White House officials of the folly of their freshly hardened positions on crypto. Though I knew that some of these folks had once been rather like me...indeed, I had known them when they were...they now seemed, well, different.
They were transfixed by the vision of the nuclear-armed terrorist, and they were ready to do just about anything, no matter how ridiculous, if it could seen as an honest effort to stop this heretofore unexperienced disaster. Within the strait confines of the national security logic, they were prepared dedicate the same level of wartime energy (and expediency regarding civil liberties) to protecting against nuclear horror that our fathers had when the other side had missiles rather than Ryder trucks to deliver its warheads.
Every time I thought I had them logically backed into some particularly goofy aspect of the Clipper "solution" to this threat, they would zip down the tautological rabbit hole of: "If you knew what we know and can't tell you, you'd feel the same way we do."
Where had I heard that phrase before? It was all-purpose "reason" behind which my father's generation pursued everything from the massive manufacture of nuclear weapons to the War in Vietnam.
It said that no matter how apparently senseless a governmental policy seemed to the unbriefed, there was certain knowledge, forbidden to all but our self-selecting guardians, in which lay the necessary components of reason. That argument didn't work for me then. It doesn't work for me now.
And it wouldn't have worked for Thomas Jefferson, who said: ""I know of no safe depository of the ultimate powers of the society but the people themselves, and if we think them not enlightened enough to exercise that control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion."
It's time for the paternalism to end. And it's time we restored government by the people, such as we are, and not such as our fathers always wanted us to be.
Death From Above
For the March, 1995
Electronic Frontier column in Communications of the ACM
by John Perry Barlow
Over the last 30 years, the American CEO Corps has included an astonishingly large percentage of men who piloted bombers during World War II. For some reason not so difficult to guess, dropping explosives on people from commanding heights served as a great place to develop a world view compatible with the management of a large post-war corporation.
It was an experience particularly suited to the style of broadcast media. Aerial bombardment is clearly a one-to-many, half-duplex medium, offering the bomber a commanding position over his "market" and terrific economies of scale.
Now, most of these jut-jawed former flyboys are out to pasture on various golf courses, but just as they left their legacy in the still thriving Cold War machinery of the National Security State, so their cultural perspective remains deeply, perhaps permanently, embedded in the corporate institutions they led for so long, whether in media or manufacturing. America remains a place where companies produce and consumers consume in an economic relationship which is still as asymmetrical as that of bomber to bombee.
The lop-sided character of this world view has been much on my mind lately with regard to various corporate projects on what they are all too pleased to call the "Information Superhighway" (evoking as it does the familiar comforts of Big Construction by Big Government in cooperation with Big Business). The cable companies and Baby Bells have a model for developing the next phase of telecom infrastructure which, were it applied to the design of physical superhighways, would have us building them with about five thousand lanes in one direction and one lane in the other.
The only more manipulative consumer architecture I've seen is the quarter mile of one way conveyor belt which sucks the unsuspecting off the Strip in Vegas and drops them into the digestive maze of Caesar's Palace Casino without any return route at all.
Nursing such gloomy metaphors as these, I was encouraged to receive an e-mail message recently from Gordon Bell, one of the Titans of computing, with the cumbersome but evocative subject: line, "Building Cyberspace with One-way Streets - Bad idea? Conspiracy? Short-sightedness? Incompetence?'"
In it, he exhorted me and a number of better qualified digerati (including The Media Lab's Nicholas Negroponte and Bellcore Vice President and telecom god Bob Lucky) to put our "bodies in front of the backhoes that are installing asymmetric networks that simply mimic cable TV."
There followed a passionate argument against what appears to be the default asymmetry and the following vision of a better future: "The distinction and needs between homes and offices will disappear. Also, there needn't be places like information warehouses that are the sole video providers into the network to form new franchises and monopolies. Every home should, in principle, be capable of being a producer or consumer. This needs to be the goal of the information highway."
Unfortunately, as things stand, it isn't. At least it is in no way the goal of the institutions that currently building the more overtly commercial aspects of it. Whether cable companies or telcos, they see the NII as pay-per-view on steroids. They seem to envision their economic future in creating for the Generican consumer the ability to watch any movie or re-run without risking such human interaction as a trip to the video store might produce.
The strangest aspect of this vision (or trance) is that pay-per-view has been available for nearly twenty years and has never, to my knowledge, managed to penetrate more than 18% of its possible target market of cable subscribers. The idea that this unpopular service will power our economic future would seem preposterous on its face were not some many billions headed that way.
Institutions from John Malone's TCI to Oracle are building titanic video servers, the mothers of all mainframes, in order that they might blast down at you "My Mother, the Car" or "Motel Hell" at any moment you might hunger for that sort of thing. From these great repositories of digitized dreck will dangle a thatch of fiber/coax tentacles, one of which will presumably extend its coaxial tip into your living room.
One design model popular with the RBOC's and at least one cable company would initially offer a gigabit comin' at ya and about 200 kbps of back channel, presumably to support the "buy" button on the remote controller of your set-top box and other such boons of "Interactive" Television.
In this model, the telco runs a fiber into a neighborhood of about 500 homes, connecting subscribers to that point with coax and modems. Downstream from the distribution point there would be about 200 MHz available, from which the modems can derive about 5 bits per Hz., giving one gigabit for video services of whatever sort.
Upstream is a different story altogether. There you've only about 30 MHz. available in the whole neighborhood router, and the modems only derive about 2 bits per Hz., leaving a pool of 60 Mbps to be shared by the 300 customers, or, as I say, about 200 kbps. Not much more than AppleTalk.
To be honest, that's a little misleading. The back-channel 60 Mbps pool can be switched dynamically between users. Thus the average available might be as much as 1 Mpbs, given that not everybody in a neighborhood will be sending bits upstream all the time.
While this wouldn't be all the bandwidth a byte-pig like me might want, it would be a hell of a start. But there is also the question of whether it will even be available to the customer. Most of the models I've seen, cable or telco, seem to reserve it for their own purposes. I believe if they were willing to open it up to the users, they would, as Mitch Kapor speculates, "quickly find there was far more demand for the service than they imagined." Mitch goes on: "This would be agood thing as it would speed up their accepting the inevitable."
What about the economics? A full fiber installation might cost as much as $1500 per home. At 100 million homes, that's quite a bottom line. No one is seriously going to ask the telcos and cable companies to pop for an up front investment of 150 billion in a market even they can't seriously believe in, but one wonders why they are designing such hard asymmetry into their local distribution systems.
For one thing, this $1500 is only five hundred more than the $1000 which is the rough average cost of installing a new copper pair. Given that there are many new hookups, both cable and telco, installed daily and many equipment upgrades as well, it's probably more accurate to say that the incremental cost of nearly universal fiber-to-the-home would be something on the order of 20 to 25 billion. That's still real money, but a price one can imagine the market bearing.
Furthermore, it would seem a good bet on a highly imaginable future to lay dark fiber in these trenches while they're open, a relatively cheap thing to do, and to install the expensive parts - the lasers at each end - when the market is ready.
But very few of the new connections and upgrades being installed at the moment are taking advantage of the opportunity. When the trenches close they are, in most cases, closing on coax alone. Laying the fiber will require their being reopened.
There are other non-recoverable costs associated with the asymmetic approach the Big Boys seem stuck on. When the folks at the edges start clamoring for upstream capacity, it will be necessary to replace all those ADSL modems and other neighborhood routers of fixed asymmetry at a time when they will be, in my projections, fairly new. We can argue about the time frame, but it seems wasteful to be installing new equipment that will be junk sooner than not.
What are the economic or technical disadvantages of designing the fiber drop-to-home architecture so that it would provide flexible bandwidth allocation now, even allowing upstream asymmetry if called for? I mean, I thought one of the beauties of ATM was it ability to rapidly re-deploy routing and bandwidth on demand.
The answer I get back is that there is no serious demand for upstream services while the cable business has at least demonstrated a market for downstream services. If you take this answer seriously, which I don't, this is a little like a petroleum company stating in 1900 that since there wasn't much of a market for gasoline it was going to stick resolutely to medicinal oils, based on proven market demand. Fortunately, it wasn't too difficult to retool refineries to produce gas when the automobile hit big, but one wonders how much it's going to cost to replace all those fixed asymmetrical modems and .
Actually, I think it would take a market demonstration of retina-searing obviousness to veer the cable-tel dinosaurs lumbering in the direction of symmetry. In the meantime, there is a good chance such emerging mammals of local bit provision as Broad Band Technologies, Inc., WilTel, maybe even your local electric utility, will have done such a good job of addressing the upstream digital market that remaining entry share will be too limited to feed the thunder lizards.
It already seems obvious to me, and to anybody who's launched Mosaic lately, that the market for upstream bandwidth is about to explode. Bandwidth is one of those things like money, sex, and power. The more you've got, the shorter it feels. And there are now a critical number of Americans who know what bandwidth is and why is feels good.
Look at what's happened on the World Wide Web, where traffic grew 1,713% in 1994. (Which, though down from the previous year's 443,931%, is still pretty rapid growth.) These figures reflect a burgeoning generation of Web-sters under 25 who have already started to give up television in droves. Not even the instantaneous availability of every Brady Bunch episode is going to lure them back. They want to interact with other people, not "content," and they are using computers to do it.
Indeed, this generation's "what's your sign" pick-up question is already "where's your home page." And what's the point of having a home page you can't illuminate with QuickTime videos of yourself being morphed into a Klingon or an audio clip of the latest cut by your band? Kids like these are going to want their home pages at home and not on some distant server where security considerations are going to prohibit rapid, interactive updates. Furthermore, these are kids who went all the way through college at the end of a T1. They're as likely to patiently await images to form in the developing bath of modem transfer speeds as they are to take up a life of prayer and contemplation.
Businesses are rushing to put up Web sites which will contain their catalogues and from which people will be able to order all manner of goods, hard and soft. If you're selling anything made of bits, whether it's Photoshop filters or interactive pornographic films, you're not going to require your customers to receive their orders at 200 kbp. Nor will it make business sense to rent space in the virtual mall of one of Larry Ellison's monster nCube servers.
Then there are the increasingly fuzzy boundaries of the American work place. People are commuting less and traveling more. They want to be able to jack in, either at home or in the Marriot which all too often serves as home, and get the same access to information they have on the ethernet in their official office. Nobody wants to be on a LAN which runs at 14,400 baud, whether their office is traditional or virtual.
I could go on at great length but it wouldn't matter. I would convince no one in thetelcos or cable companies. The problem isn't the lack of a potential market. The problem isn't cost. The problem is consciousness. And culture. What they see is what you get.
This was especially evident to me recently when I had an opportunity to debate these issues publicly with John Malone at a conference at the University of Colorado. Now John Malone is a very smart man. Up close, he has, like Bill Gates, the kind of leaping intellectual force which is likely to make anyone feel like the lazy brown dog.
John Malone knows the media transport business. But when all you've got is a hammer, everything looks like a nail. He knows broadcast. He knows one-to-many. He knows strategic bombing. He is no more likely to recognize the potency of such guerrilla markets as are growing on the Web as General Curtis LeMay was to regard the Viet Cong as credible opposition.
I kept trying to convince him that there would be an enormous and growing upstream surge as more and more individuals and small businesses put up Web sites, rattling off a long list of all the things which are already appearing on them.
Finally he conceded the possibility with some exasperation, but said that even if he could see a way of making money there, providing upstream bandwidth was not necessarily a business he particularly wanted to be in. For almost theological reasons, he wanted TCI to remain in the center even if all the action moved to the edges.
In fairness, George Gilder thinks Malone may have been putting me on. When I mentioned this episode to Gilder, he said, "Faced with 150 channels of DBS competition, with better resolution and audio than the studio NTSC at the headend, cable has to serve computers with bandwidth or it will go out of business. All the cable people I talk to--including many who work for John Malone--know this very well." They may know it in their minds, but can they have the religious conversion necessary to know it in their hearts.
And indeed we are talking about religion here. On one side you've got the monotheism of Control, the one-to-many system which has dominated the West at least since the Industrial Revolution, possibly since Gutenberg; possibly since Moses. And done a damned fine job of creating civilization, I might add. A necessary thing in its day.
Surging toward these battlements of God Above All are the galloping, barbarous hoards of pantheism, guerrillas all, from the Cypherpunks to Newt Gingrich. I sometimes wonder which of these I really want to win, but I'm pretty sure which one is going to. It's B-52's vs. punji sticks. It's machine against nature. Sooner or later, nature takes the game.
No matter how much death they rained from above, the bombers lost Viet Nam. They're going to lose Cyberspace too. For exactly the same reasons.