Coming from the growing nonacademic side of the Net, the notion that one professorial user would try to declare the rules for online identity deeply riled Helsingius. As part of the Swedish-speaking minority group in Finland, Helsingius had a special concern for protecting the rights of marginalized groups and the vulnerable, and felt that anonymity was an important safeguard for those groups. So he set out to prove that technology, not pretensions, would define the nature of identity on the Internet.
The result was Penet, an anonymous remailer server that ran off a humble PC with a 386 processor in a back room of Julf’s home. Users could send Penet an e-mail along with a designated final destination—in his explanation posted to the Cypherpunk Mailing List, he cites Usenet groups devoted to erotic needlework and masturbation as examples—and the message would be relayed on to those endpoints with a newly generated pseudonym. Penet would keep a database of those pseudonyms and the e-mail addresses linked to them, so that if anyone wanted to reply to that handle, it would route back through the server and find the original sender.
Penet used none of David Chaum’s crypto innovations, and Helsingius listed so many possible security vulnerabilities in his introduction to the service that it’s a wonder anyone used it at all. He warned that users would have to trust him as the server’s administrator, that he might be subpoenaed to give up someone’s identity, and even that hackers could break in and steal the data. “It wasn’t the best, the safest, or the most secure, but it was easy,” says Helsingius. “That’s how I pitched it, and it seems that’s what people wanted.”
Soon thousands of users—and eventually hundreds of thousands—were routing their secrets through Penet, enough traffic that Helsingius was paying more than ten thousand dollars a month in bandwidth. “I could have bought some expensive golf clubs instead, I suppose. But no hobbies are free, and this was something I believed in,” Helsingius says.
For much of the early nineties, Penet became the best-known anonymity service in the world, channeling discussions ranging from sexual abuse to homosexuality to religious freedom to whistleblowing, along with a load of spam, insults, and flame wars. And Helsingius became a cypherpunk regular, the Nordic king of the remailers.
And then in 1995, Helsingius received an e-mail very much like the one that was sent to Assange at Suburbia. It was from the Scientologists.
The lawyer of the Religious Technology Center, which held the copyright on Scientology founder L. Ron Hubbard’s work, was requesting that Helsingius block all messages from Penet to the Usenet group on Scientology, which contained equal parts followers and critics of the movement, on the grounds that Penet users were posting copyrighted Scientology materials to the forum. Helsingius refused, of course.
A month later, he got a call. It was the Scientologists again, and this time they told him they had reported a burglary to the L.A. police and the FBI. Their copyrighted material, they argued, had been stolen via Helsingius’s data laundering service by one user with the Penet pseudonym “an144108.” Six days later, the Finnish police arrived with a warrant.
Helsingius fought the legal battle for more than a year. But Finnish law wasn’t ready for the Internet. A postman was legally protected from having to reveal the secrets of the letters he delivered. But a virtual carrier like Helsingius still had no shield from legal orders that require he snitch on his clients. And when it became clear that he could either do just that or go to jail, Helsingius caved. He told the Helsinki court that an144108 was linked to an alumni account at Caltech. And as the Scientologists moved on to harassing Caltech’s administrators for the user’s name, Helsingius decided to shut down the service. Penet had gone from a symbol of freedom of speech to a honey trap for exposing exactly the people he had hoped to protect. “When the Church of Scientology won, I knew that would have opened the floodgates for anyone to try the same attack,” he says. “So I pulled the plug.”
Penet had stuck a toe in the water of the Anonymous Internet, and it had come back a bloody stump. Did Assange, who no doubt followed the issue on the Cypherpunk Mailing List, learn something from the saga of Julf? “I’m sure he got a few ideas,” Helsingius says cheerfully, “About exactly how not to do things.”
At the Village Pizza shop, as they were sitting down to consume a pepperoni, Dorothy asked Jim, “So what other inventions are you working on?” Jim replied, “I’ve got a new idea . . . Literally REVOLUTIONARY.” “Okay, Jim, which government are you planning to overthrow?,” she asked, playing along.
“All of them,” answered Jim.
So begins a passage in an essay by James Dalton Bell, a ten-part, sixteen-thousand-word screed that hit the Cypherpunk Mailing List in 1997 like a provocateur’s glove slap across the face. It was called “Assassination Politics.” And like Tim May’s BlackNet, it would mix cypherpunk raw materials into an elaborate, imaginary engine that would agitate the list’s conversation for years.
Unlike May, however, Bell wasn’t just rehearsing a thought experiment. He hoped—and in fact, still believes—that his system would someday be implemented. Nor was “Assassination Politics” an idea that confined its intended effects to mere bits. As its name implied, it was a kind of cypherpunk political institution. And it was engineered for murder.
Assassination Politics’ active ingredient was anonymity. And the cypherpunk drive for untraceable digital pseudonyms had hardly ended with Julf Helsingius and the demise of Penet. In fact, long before the Finnish server’s shutdown, remailers had been evolving well beyond the simple name-for-nym swapping system that Helsingius had implemented. Instead, they had started to look more and more like the Mix Network idea outlined by David Chaum more than a decade earlier, and emulated on the floor of Eric Hughes’s house with slips of paper and envelopes at the first cypherpunks meeting: multiple remailers sending messages inside nested layers of encryption to prevent anyone from knowing the identities of the sender and recipient, not even the remailers themselves.
After Eric Hughes’s first stab at a cypherpunk remailer, others had soon improved on his weekend’s worth of Perl coding. Hal Finney, a former video game developer who had worked on pieces of PGP, designed a version of the remailer that would integrate Zimmermann’s encryption software. Now a message’s destination could be encrypted with a remailer’s public key. That was the first step toward Chaum’s ideal: No one snooping on the sender’s network could see the message’s final destination. And Finney’s system allowed remailers to be chained together, so that a message could be encrypted with many layers of public keys and slowly unpeeled by one remailer after another until it reached its destination. With a long enough chain of remailers, none of them would be able to connect the endpoint to the source.
Cypherpunks, as Eric Hughes had declared, wrote code: Creating was always more admired within the group than theorizing. But it was Lance Cottrell, a Ph.D. student in astrophysics at the University of California, San Diego, who actually took the time to go back to David Chaum’s papers and read how a Mix Network was supposed to work. Chaum had imagined facing off against an adversary no less resourceful than the cunning NSA, so he had thought many moves ahead: If a spy could see enough of the network, for instance, Chaum realized that the spook could watch both ends of a correspondence and recognize a message going in one end and then coming out the other a few moments later. Based on the timing, those messages could be spotted as one and the same.
Worse yet, using multiple layers of encryption to route the message through multiple remailers could make a clever snoop’s job easier by revealing clues about how many hops remained until the message reached its destination. If a message was wrapped in multiple layers of encryption, it would get substantially larger. And every remailer that stripped away a layer of encryption and sent the message on to its next destination would shrink it down again, providing more accidental hints to anyone trying to trace the source and destination.
So C
ottrell finally built in the solutions that Chaum’s genius had long ago prescribed. His remailer program, which he called Mixmaster, delayed the transmission of messages until it had a certain number in reserve, and then sent them out in batches to fool any timing-based attacks. If a remailer didn’t receive enough messages to mix them up and disguise their timing, it would even generate fake ones to surround and disguise the real one.
To prevent the trick of counting messages’ apparent layers of encryption to predict how many hops until their destination, Mixmaster also relayed messages in packets of exactly the same size. If a message ended up too small after some layers of encryption were removed by the first remailers in the chain, the program padded it with junk data; too big, and it split the message up into equal chunks.
The cypherpunks appreciated the rigor of Cottrell’s work, and Mixmaster was a hit. Soon it was running on around two thousand Unix machines around the world, pumping a flow of tens of thousands of anonymous e-mails a day, as close an approximation to Chaum’s ideal Mix Network as ever existed.
Meanwhile, anonymous financial transactions were starting to feel like a reality too. Chaum’s own company, called DigiCash, had implemented many of the ideas he outlined in his Communications of the ACM article. The result was eCash, a crypto-currency that would allow buyers to wire money untraceably to a seller. In the mid-nineties, DigiCash botched a series of deals and replaced Chaum with a new CEO before going bankrupt in 1998. But despite its lack of business success, no one doubted that Chaum’s anonymous transactions technology worked—it had even been integrated into a Dutch toll road system that could reliably charge drivers without recording any trace of their identities.
Jim Bell, an engineer and chemist with a round face and large glasses, understood the power of Chaum’s tools. He had once worked alongside Tim May at Intel, building early solid-state hard drives long before either of them had developed their interest in cryptography. Like May, he was a libertarian to his core. And for both men, in their own ways, the advent of anonymous messaging and anonymous payments represented not just the possibility, but the inevitability of crypto-anarchy. Bell’s path to that end was just a bit bloodier.
Assassination Politics’ plan was simple enough: Anyone could place a “bet” with a central organization that some specific person would die at a certain time, date, and place. Gamblers would submit their encrypted guesses by e-mail, scrubbed of identifying information by anonymous remailers and linked with a payment of untraceable digital cash. When a person died, anyone could send in the key to decrypt his or her prediction, and if it turned out that the bet had nailed the exact snuff-time of a certain person, the sender collected all the digital cash on the deceased person’s head via another untraceable transfer. It would be an encrypted, anonymous, digital dead pool.
Of course, Bell implied with a wink and a nudge, no one could possibly know the date, time, and place of a certain well-known person’s death better than the one who caused it. And with a large enough pile of untraceable money riding on someone’s head, there would be little doubt that professional killers would get in on the game.
Suddenly, Bell imagined, the minority of Americans with strong antigovernment leanings would gain incredible power. “If only 0.1% of the population, or one person in a thousand, was willing to pay $1 to see some government slimeball dead, that would be, in effect, a $250,000 bounty on his head,” Bell wrote.
Further, imagine that anyone considering collecting that bounty could do so with the mathematical certainty that he could not be identified, and could collect the reward without meeting, or even talking to, anybody who could later identify him. Perfect anonymity, perfect secrecy, and perfect security. And that, combined with the ease and security with which these contributions could be collected, would make being an abusive government employee an extremely risky proposition. Chances are good that nobody above the level of county commissioner would even risk staying in office.
Just how would this change politics in America? It would take far less time to answer, “What would remain the same?” No longer would we be electing people who will turn around and tax us to death, regulate us to death, or for that matter sent hired thugs to kill us when we oppose their wishes.
No military?
Bell described global crypto-anarchy in rosy terms: Sure, there would be no government to protect American borders or punish crime. But the military would be unnecessary in a world where no foreign government would be able to form a military, either, and all aggressive dictators would be immediately eliminated by crypto-funded assassins. “Consider how history might have changed if we’d been able to ‘bump off’ Lenin, Stalin, Hitler, Mussolini, Tojo, Kim Il Sung, Ho Chi Minh, Ayatollah Khomeini, Saddam Hussein, Moammar Khadafi and various others,” Bell wrote. As for fighting crime, he explained, citizens could pool together money to put out anonymous hits on criminals just as easily as politicians.
“Assassination Politics” inflamed the Cypherpunk Mailing List almost as much as the defunct Clipper Chip had. “You gleefully propose to let us all in on the immoral game of murdering those who annoy us sufficiently,” wrote one user through an anonymous remailer. “I’ll pass.”
“Others won’t,” Bell responded simply.
When one cypherpunk implied that Bell was a loony extremist who thought the government was out to get him, Bell corrected him: “I . . . am out to ‘get’ the government.”
Another scolded Bell that “by resorting to violence you are no better than the ones you purport to protect us against.” Bell answered that “Assassination Politics” was only responding in kind to a violation of his own rights. And he shot back the most withering possible question in a mail list populated by libertarians: “Are you a statist?”
As for cypherpunk founding father Tim May, he never criticized Bell’s morals, only his methods. May, after all, was the one who had called for a “thermonuclear cauterization” of Washington, D.C., in one essay. But why bother with the silly cover story of “predictions,” May thought, when anonymity tools could allow the whole assassination market to function in the open? He had predicted online “liquidation markets” (“You slay, we pay”) in the e-mail that followed his BlackNet experiment more than three years earlier.
More important, May felt, Bell lacked discretion. Even attaching his own name to “Assassination Politics” made Bell and everyone associated with him a target for the feds. “He wasn’t paranoid enough in distancing himself from the project,” says May. “I just stayed away from it. If I got an e-mail from Bell, I dropped it, unanswered. I didn’t think he was an original thinker, and I didn’t want to get involved with his lame-ass idea.”
Phil Zimmermann, who had always considered the cypherpunks too radical and provocative, felt perhaps the strongest aversion of all to Bell’s murderous blueprint. “He was so full of violence and anger,” Zimmermann says with disgust. At one point Bell wrote to Zimmermann to ask what the inventor of PGP thought of his ideas. “I wrote him back and said that he had managed to do what no one in the U.S. government could ever do: He had made me wonder whether I never should have worked on encryption in the first place.”
John Young’s eyes almost seem to mist at the thought of the cypherpunks’ heyday. “My beloved cypherpunks,” he says with a faraway look. “They were disputatious. Endlessly disputatious. You make a point and someone immediately attacks you unfairly, cruelly, mercilessly.
“Weakling, phony, bullshitter! Everywhere they saw authority, they attacked it.”
Young and his wife, Deborah Natsios, had discovered the Internet in 1993 and marveled at the massive river of information it represented. They signed up for practically every mail list and Usenet group they could find. “We felt that we had been living in the doldrums, and suddenly we were on the cutting edge,” he says.
In June 1994, he discovered the cypherpunks when Tim May, John Gilmore, Eric Hughes, and P
hil Zimmermann were featured in a New York Times magazine story that quoted chunks of both May’s “Crypto-Anarchist Manifesto” and Hughes’s “Cypherpunk’s Manifesto.” For Young, their cause sounded like a struggle for freedom and power as idealistic and critical as the occupation of Avery Hall had been two and a half decades before.
A fifty-seven-year-old architect among graduate students and young neorich Silicon Valley types, he didn’t try to insert himself into the mail list’s fierce technical debates. Instead, Young became a kind of obsessive cypherpunks news service, transcribing, scanning, summarizing, and posting articles to the list daily.
And there was plenty of news: Phil Zimmermann’s battle to stay out of prison, the encroaching Clipper Chip, not to mention the rise of the World Wide Web and the security issues it introduced. Two years into his cypherpunk tenure, Young created Cryptome.org, a Web-based version of the service with prolific news updates and postings. Today it might be called a blog, though the term Weblog wouldn’t be coined for another year.
Cryptome, as its name implied, was meant to be a repository for crypto-focused materials from any source where Young could grab them. One of its first posts was a publicly available 1985 paper by the Dutch researcher Wim van Eck introducing a method of reading the electromagnetic fields around computing equipment to surreptitiously pick up the data it displayed from a distance, even through walls. With the right equipment, van Eck wrote, it would be possible to snoop on someone’s computer screen in a seemingly private location from a distance of more than a kilometer. Every PC with a monitor, in other words, constantly leaked data in all directions.
This Machine Kills Secrets Page 14
