The epiphany came to May, he says, like a slow motion version of his alpha particle discovery. Fundamentally, anything that could be done digitally could be done without oversight. For those who understood cryptography, Big Brother could be rendered a toothless nanny. May’s imaginary force shield of cryptography could be extended beyond personal messages to entire communities.
The libertarian’s dream of an anarchic hideaway in the mountains or on a remote island was obsolete. Galt’s Gulch was on the Internet.
The partnership that would result in the revolutionary, populist chunk of crypto-code known by the three letters PGP began with a cold sales call. In 1983, Charlie Merritt, an Arkansas programmer and entrepreneur, was desperately searching for any computer maker who might be interested in reselling what seemed at the time like an obscure invention: his implementation of MIT’s public key crypto-system that could run on a desktop computer. When he dialed up Metamorphic Systems, a tiny Boulder, Colorado, start-up specializing in porting Apple software to Intel chips, the man on the other end of the line responded with so much excitement that Merritt thought he might have been planted by a friend as a prank. As he later told an encryption historian, his first impression of Metamorphic’s founder, one Phil Zimmermann, was “the most gee-whiz-whoopie enthusiastic character I had run into.”
Since his college days, Zimmermann had gotten married, moved from Florida to Colorado to escape his native land’s mosquitoes, and founded a less-than-stellar business porting Apple programs to run on Intel chips. But he had never lost his obsession with cryptography. Since reading Gardner’s article, he had begun to imagine crypto as an increasingly necessary tool for grassroots organizing and international freedom-fighting. Like many of his fellow hackers, Zimmermann shared David Chaum’s pessimistic vision that the rise of digital technologies threatened to render personal privacy extinct. The new medium of e-mail was essentially a digital letter without an envelope, readable by any snoop who laid eyes on it. Governments would be able to spy on their citizens like never before.
But strong, universally available encryption could flip that trend to the opposite extreme. Zimmermann envisioned Chinese democracy protesters, South American rebel groups, and radical American antinuclear activists e-mailing one another with impunity, free from the watchful eye of snooping Big Brother. In the early eighties, the FBI had raided the Committee in Solidarity with the People of El Salvador, sweeping up as much private information as the agents could grab or copy. Imagine, as Zimmermann did, if instead of walking out with armfuls of useful intelligence on those activists, the bureau had found only encrypted files, uncrackable by any known computer in the world. To a rebellious mongrel-disciple of Herbert Zim and Daniel Ellsberg, it was an exhilarating thought.
But as elegantly simple as the MIT researchers’ public key encryption scheme seemed, Zimmermann still couldn’t manage to implement it on his home computer. The PC’s processor, a Z80, simply wasn’t powerful enough. At one point Zimmermann even called Ron Rivest, one of the three professors who had invented MIT’s public key scheme, to ask his advice, only to find that MIT was running the program on a mainframe using LISP, an artificial intelligence language beyond Zimmermann’s means.
Merritt, on the other hand, could perform the sorcery of public key encryption on a mundane microcomputer, the equivalent of assembling a three-mast model ship inside a perfume bottle. After their first conversation, Zimmermann began to call Merritt weekly to interrogate him for more details of how to pull off the miniaturized functions of the MIT cryptographers’ system. While Merritt had a long head start over Zimmermann, Zimmermann could program in C, a language that worked on everything from IBM computers to Ataris. Eventually Merritt gave up on explaining mathematical operations over the phone and flew to Boulder, and the two men spent a week at his whiteboard hashing out crypto-programming.
Merritt quickly gave up on making any substantial money from his partnership with Zimmermann. But he appreciated Zimmermann’s antiauthoritarian bent. For the last several years, Merritt had been repeatedly dogged and threatened by the National Security Agency. The secretive organization would pay visits to his office, pairs of serious-faced spooks in suits, and politely warn Merritt about a certain legal issue that might affect his company: the International Traffic in Arms Regulations, or ITAR.
To the U.S. government’s mind, cryptography was the realm of soldiers and spies, not common entrepreneurs like Merritt. Ever since the British encryption genius Alan Turing had broken the Nazis’ Enigma encryption engine at Bletchley Park, it had been clear to the military that code-breaking and code-making were as important for winning wars as missile guidance systems, bomber blueprints, and nuclear warheads. And when it came to deciding who could legally access which tools, ITAR painted military hardware and software with the same broad brush. Exporting encryption was just as illegal as hawking uranium to the Libyans.
That meant Merritt could only sell his pint-size crypto-system in the United States and Canada. And because his customers were mostly concerned about maintaining their privacy from regimes less friendly than the U.S. government, ITAR was choking his business. Zimmermann, on the other hand, wasn’t concerned about export controls. After all, he only planned to give away any tools he created as grassroots political tools, not sell them. Why would customs agents bother him over his insignificant, do-gooder hobby?
By 1987, Zimmermann had pulled together much of his newfound crypto-programming know-how into an article published in the well-regarded technology journal IEEE Computer. The prestige the paper won for Zimmermann allowed him to start calling other cryptographers around the world for advice and coding contributions without coming off as just another paranoid cipher-nut. Thanks in part to those volunteers, Zimmermann’s encryption mini-engine was making steady progress. He decided to give it a name, one as folksy and humble as Zimmermann himself: Pretty Good Privacy. (The reference was to Ralph’s Pretty Good Grocery, a fictional store on the Garrison Keillor National Public Radio show A Prairie Home Companion.)
Soon, Zimmermann also had a new deadline, supplied by the U.S. government. The omnibus crime bill of 1991, known as S.266, contained an inconspicuous paragraph inserted by none other than Delaware senator Joe Biden.
It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.
Congress, like the NSA, could see that the U.S. government was losing its monopoly on uncrackable encryption. It needed a trump card against the Phil Zimmermanns and Tim Mays of the world who might try to subvert the government’s authority through the power of perfectly private information. That trump card, Biden’s addition to the bill made clear, would be the ability to decrypt any communication traveling across a telecom firm’s network.
The U.S. government, after all, saw encryption very much as Tim May saw it: a mathematically rigorous method of castrating law enforcement and intelligence agencies. In a Senate hearing in 1997, FBI director Louis Freeh would put it this way: “Uncrackable encryption will allow drug lords, spies, terrorists, and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.”
With encryption running rampant, who knows what evil would lurk within the scrambled messages racing across the Internet? Biden’s S.266 was designed as a preemptive strike in the struggle for control of secrecy, the first shot fired in the Crypto Wars that would shake the worlds of privacy and national security for the next decade and beyond.
Zimmermann read about the surreptitious addition to Congress’s crime bill on a Usenet bullet
in board, and alarms went off in the antiauthoritarian lobes of his brain. A former consultant to the NSA added a bit of prophetic commentary to the Usenet discussion: “I suggest you begin to stock up on crypto gear while you can still get it.”
Zimmermann felt he had to finish PGP before that bill became law. So he dropped everything and worked day and night to develop his crypto embryo and deliver it into the world. He neglected his day job and consulting gigs so thoroughly that he missed five mortgage payments. “I really honed my negotiation skills with banks,” Zimmermann says.
Within hours of posting it to Usenet, PGP began spreading like a prairie fire, fueled in part by fears of a government crypto crackdown on the way. It was passed among encryption enthusiasts around the world with the message that every copy distributed was another point scored against the government’s efforts to smother the populist privacy movement. One encryption activist became PGP’s paranoid Paul Revere, riding around California’s Bay Area in his car with a laptop and an acoustic coupler and using pay phones to log on and upload copies of the program to message boards without revealing the program’s source. Within hours of its creation, PGP had jumped over U.S. borders and multiplied itself around the globe, directly violating ITAR’s ban on cryptographic exports.
PGP fulfilled Zimmermann’s dream as a political weapon almost immediately. Activists in Myanmar used the encryption program to hide communications from a brutal military junta that would kill its citizens for even owning a fax machine. A Bosnian user sent Zimmermann a message to say that during the siege of Sarajevo, his father had used PGP to encrypt e-mails to his family during the hour or two of occasional electricity in the war-torn city. Finally he received a PGP-encrypted message that would make all of Zimmermann’s missed mortgage payments worthwhile. It came from a user in Latvia, where fear still ran high that the newly independent nations and former satellite states of the crumbled USSR would be swept under a new repressive regime.
Phil, I wish you to know: let it never be, but if dictatorship takes over Russia your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks.
Shortly after the release of his second version of PGP in 1993, Zimmermann received a call from a U.S. customs agent in San Jose. She asked him for more information on his humble invention, and Zimmermann cheerfully answered her questions, thinking that she had perhaps encountered PGP on a computer the agency was investigating and was merely curious about it. But when the agent told Zimmermann she planned to fly all the way to Boulder to pay him a visit, Zimmermann began to get nervous.
Zimmermann was aware of Charlie Merritt’s export warnings, and he had always known that distributing cryptography across foreign borders was illegal—he had simply never thought the government would take notice of his modest hobby. A few months later, a formal notice arrived in the mail. Zimmermann was the subject of a grand jury investigation. His potential crime: sharing his beloved PGP with the world.
The news put Zimmermann into a state of shock. Spending an afternoon or even a night in a Nevada jail swapping activist war stories with his fellow pacifists was one thing. The thought of years in federal prison for simply writing software and putting it on the Internet was more than a pudgy computer programmer could handle.
He called a criminal lawyer, Phil Dubois, a former public defender known in Boulder for being scrappy and cheap—Zimmermann was still catching up with his mortgage payments, and could hardly afford a crack defense team.
On his first visit to Dubois’s office, he spotted some files in a box on the floor marked “Michael Bell discovery documents.” Bell was a notorious Colorado murderer who had killed four people and then hidden in the mountains before being tracked down by the largest manhunt in Boulder history. This, Zimmermann thought, was how the government saw him. He had become America’s first crypto-criminal.
Tim May had finally figured out what he wanted to do with his post-Intel life. He would write a science fiction novel that expressed the full power of David Chaum’s inventions, how they could subvert institutions and empower individuals. It would be a techno-libertarian call to arms, Ayn Rand on public-key encrypted steroids.
May began wading into academic cryptography papers and even came up with a title for his science fiction brainchild: Degrees of Freedom, a play on a thermodynamic physics term that also referred to the new political flexibilities that would be opened on the anonymous digital frontier.
In 1988, May took his first crack at putting his ideas on paper, though in nonfiction form: “The Crypto-Anarchist Manifesto.” It was a short document, but its Marxist-parodying language carried all the weight of a history-shaping treatise:
A specter is haunting the modern world, the specter of cryptoanarchy.
Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. . . .
The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be traded freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy.
Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions. Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. And just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property.
Arise, you have nothing to lose but your barbed wire fences!
May photocopied a few hundred copies and drove down to the crypto-conference in Santa Barbara, convened by none other than his newfound guru, David Chaum. He passed out the flyers at the conference, though the academics largely ignored him. “They weren’t thinking about the political implications yet,” he says.
But Thomas Paine–style pamphleteering aside, May was struggling as a writer: He couldn’t translate his overactive imagination into characters and stories that captured his technical ideas. Meanwhile, he began to get the panicky sense that the concepts he had thought were prescient and futuristic were appearing in the real world faster than he could put them into fiction. He read press reports about an airline bugging its business class seats to acquire corporate intel, the NSA wiretapping Wall Street firms, and New York mafiosi busted after cops figured out the gangsters were using their wives’ AOL accounts as dead drops for incriminating communications. It was all happening much too fast.
After nearly three full years of writer’s block, May came to a realization: Instead of telling the story of how encryption and anonymity were changing society, he would simply be the protagonist. “I didn’t want to work on this stupid novel,” he says. “I wanted to actually build this elaborate world that I was imagining.”
Around that time, a mathematician and programmer friend named Eric Hughes h
ad come to Berkeley to look for a place to live in the Bay Area while he applied to graduate school. A wayward Mormon who grew up near Washington, D.C., and in Salt Lake City, Hughes shared May’s frontier style of cowboy hats and leather, though instead of a beard he wore a blazing red goatee. He also shared May’s libertarian ideals, and the sense that cryptography would help to keep the government’s tendrils safely hogtied. The pair had met at a party thrown by their libertarian hacker friend John Gilmore, a ponytailed and balding software developer whose sad eyes hid a fiercely independent streak. As the fifth employee of Sun Microsystems, Gilmore had struck it rich in software just as May had in hardware, and retired from the world of Silicon Valley to pursue his digital whims and libertarian ideals.
Since Gilmore’s party, Hughes had gone off to work as a coder for none other than the grandmaster of anonymity, David Chaum, at the anonymous transactions start-up he had created in Amsterdam. The gig hadn’t worked out. “I’ll never work for him in any context ever again,” Hughes says flatly when I ask about his time with Chaum in the Netherlands. “At this point I should say that if you can’t say anything nice about someone, you shouldn’t say anything at all.”
Hughes may not have jibed with Chaum’s personality, but he was almost as obsessed with Chaum’s ideas as May was. So when May suggested Hughes use his home as a base for a few days while looking for a place to live, the pair hit it off like Marx and Engels. Hughes neglected his real estate search to wander with May through Santa Cruz’s redwood forests and beaches while the older ex-scientist unloaded several years’ worth of bottled-up ideas. “We spent three intense days talking about math, protocols, domain specific languages, secure anonymous systems,” says May. “Man, it was fun.”
This Machine Kills Secrets Page 9
