True Names and the Opening of the Cyberspace Frontier (16 page)

Below is Mr. Stallman's statement explaining his decision to withhold his article from this e-book edition.

*   *   *

The original edition of this book contained my 1997 article, “The Right to Read,” which forecast a future in which computers were designed to control their users including the reading of books. This is the future that Apple, Microsoft, Amazon, and to some extent Google, are trying to push people into. One of the injustices I mentioned was e-books that don't respect the freedoms that printed books give us.

Typical commercial e-books today deny readers' traditional freedoms in three ways: Digital Restrictions *Mechanisms* (code to restrict use or copying of the e-book), End-User License Agreements (saying you don't own what you thought was “your” book), and tracking (no way to buy anonymously). Any one of these means that the e-book denies some of the freedoms of printed books.

I reject freedom-denying e-books and I urge everyone else to reject them too. See
http://stallman.org/ebooks.pdf
.

Tor avoids two of the three wrongs of other commercial e-book distributors: it does not use DRM, and it does not impose EULAs. However, it offers no way to buy an e-book anonymously, which is just as important. Tor e-books are one step down from printed books, not three steps, but *any step down in freedom is too much*.

Knowing this book won't be sold in a way I consider ethical, and that I would therefore urge people not to buy it, I concluded that including my article in it would be hypocrisy. The only thing I can contribute to this e-book is this brief statement of what's wrong with this e-book.

I hope that Tor will arrange a way we can buy its e-books anonymously with cash. In the meantime, my article can be found in
http://www.gnu.org/philosophy/right-to-read.html
and in the paperback edition of this anthology.

—Richard Stallman, April 2014

Cryptography and the Politics of One's True Name

Leonard N. Foner

Internet commerce is really what has the whole world—the glitzy, high-profile world of money and politics—interested in the Internet. The stock markets are awash in hot Internet stocks, because the people who control most of the money in the world have come to realize that they can use this hitherto cloistered and obscure “scientific chatline” as a means for making money.

But central to the process of making money is having secure exchanges of information—and funds. Leonard Foner, who is a researcher at the MIT Media Lab, presents some of the problems inherent in exchanges of information that are not just supposed to be private, but that absolutely must be safe from the meddling of outside parties. These are issues that are similar to but different from those elsewhere in this book. His points are well taken and extremely important for all of us if we want to avoid massive theft or fraud over the Information Superhighway. This article was written in 1995.

 

 

 

“In the once-upon-a-time days of the First Age of Magic, the prudent sorcerer regarded his own true name as his most valued possession but also the greatest threat to his continued good health, for—the stories go—once an enemy, even a weak unskilled enemy, learned the sorcerer's true name, then routine and widely known spells could destroy or enslave even the most powerful. As times passed, and we graduated to the Age of Reason and thence to the first and second industrial revolutions, such notions were discredited. Now it seems that the Wheel has turned full circle (even if there never really was a First Age) and we are back to worrying about true names again…”

*   *   *

So starts
True Names.
And what is it that determines whether someone else knows one's True Name, or knows the secrets of an individual, a company, or a country?

Cryptography, or the lack of it.

With strong, unbreakable cryptography, individuals and organizations have the freedom to keep secrets and to be anonymous. Without it, such freedoms simply do not exist. Technology currently supports unbreakable cryptography (with proper care, and with certain caveats about the future). But there are many political efforts afoot worldwide which, for a variety of reasons, are attempting to stuff the pretty mushroom cloud back into the shiny metal case, and to turn back the clock on people's abilities to keep secrets.

This essay examines the technology and the politics of strong (e.g., essentially unbreakable) cryptography. Its coverage of the technology is only sufficient to demonstrate what is possible today, how it must be handled, and what might be possible in the near future. Its coverage of politics includes many events that have happened recently both on the Internet and in related communications media; it also speculates on the political future. It runs the risk of being rapidly outdated as politics rumbles on, but so does anything committed to paper.

This whole subject is vast. This is not an academic paper, though; I'm providing citations for some, but not all, of the things I say. (Further, I'm simplifying both the technology and the politics enormously. Those who are knowledgeable in either area are welcome to foam at the mouth.) Instead, I provide some hints that allow those whose interest has been piqued to look further. I concentrate here mostly on individual (as opposed to corporate or national) use of cryptography, and take a strong civil-liberties bent. Names of the technologies and the names of the government agencies that get stirred into the pot yield a rich soup of acronyms—make yourself a bowl of Campbell's alphabet soup and let's begin.

The Technology of Strong Cryptography

Cryptography exists to keep secrets. Modern cryptography can also be used to verify who someone is—and it uses secrets to do it.

Below, I take a look at some common ways that people keep secrets on networks and in computers these days. The take-home lesson from all of this is “Practically any problem you can think about has an already-known solution.” And more are constantly being invented. The problems with cryptography and keeping secrets are really not technological in a large sense—they are political and economic. How badly does someone want your information, how much is it worth to them, and how much is it worth to you to keep it secret?

There is always an arms race in making cryptographic systems and in breaking them (the job of cryptanalysts). Almost any new system someone comes up with is usually broken quickly; it is only the rare, exceptional systems that survive such attack by cryptanalysts. But those that survive often last decades or longer.

Modern cryptographic systems (with certain exceptions, to be discussed later) treat the
algorithm
used as public. Everyone can find out the algorithm, attempt to break it, implement it themselves, and so forth. It is the
keys,
which customize the algorithm to a particular user, that are sensitive information.

This approach has a number of advantages. Everyone can implement their own cryptographic system if they wish (to take advantage of a new computer or to put in a new product, for example). Also, it means that experts from around the world can attempt to break the system—a cryptographic system is not usually trusted until experts have had a few years to chew it over and have failed to uncover any big holes.

A common convention, when talking about cryptographic systems, is to talk about Alice and Bob communicating, possibly overheard by an eavesdropper Eve or actively interfered with by a malicious user Mallory. (We often haul other names into the mix in complicated systems.) We also talk about the
plaintext
of a message—what Alice sends and what Bob reads—and the
ciphertext,
which is what passes over the wire, or is stored in a file, or whatever. We assume that Alice and Bob don't have someone reading over their shoulder—this is sometimes too much of an assumption, but we'll make it for the moment.

There are two major types of cryptographic systems used today. The simplest, but the hardest to use, are called
symmetric
or
private-key
systems. To use such a system, Alice and Bob must
share a secret
—they must arrange a private meeting beforehand and generate a key to be used for their communications. They cannot just send this key from one to the other—if they could do
that
without the key being eavesdropped, they could just as well do so with their messages and dispense with cryptography entirely.

A classic example of such a symmetric system is a
one-time pad.
Alice and Bob privately agree on a large,
random
stream of bits—their
pad.
Later, Alice can send one bit to Bob by taking the next unused bit from the pad and the next bit in her original message, and combining them: if her original bit and the pad's bit are either both zero or both one, she sends Bob a zero, otherwise she sends a one. (This method of combining bits is called an
exclusive-or
or
XOR
and resembles what people mean when they say “either/or.” XOR is one of the most common operations in cryptographic systems, so remember this for later.) Bob XORs the stream of bits from Alice with his own copy of the one-time pad to recover the original message. As long as neither Alice nor Bob ever
reuse
a bit from the pad, this is perfectly secure and cannot be broken by
any
amount of computer power—if the bits on the pad really are random, if no part of the pad is
ever
used more than once, and if Bob and Alice can stay synchronized about which bits they're using when.

This is a clumsy approach. Alice and Bob have to meet in private first. They must generate as many bits of pad as they expect to use in their communications, and they must do so in advance.

A better way is to use one of a large variety of symmetric,
keyed
ciphers, such as the Data Encryption Standard (DES), which is commonly used to encrypt wire transfers between banks (among other things). In this scheme, Alice and Bob only have to secretly agree on a 56-bit key; once they have, they can send any number of bits between each other. The pattern of zeroes and ones in the key determines how bits get shuffled around when encrypting a message, which can be of any length, and the same key both encrypts and decrypts.

DES used to be a pretty secure algorithm. Nowadays, though, one can build a special-purpose computer (full details have been published) which can crack it if you know 64 bits of the message (this is
known-plaintext
attack—one step down from a
chosen-plaintext
attack, in which Mallory gets to choose some bits to be encrypted by Alice). The DES-cracking machine is a parallel computer; if you spend more money and build a bigger machine, it'll crack faster. At 1996 prices, a $1M machine will take about five hours (on average) to crack a key; a $100K machine will take a day. It can be built by three knowledgeable graduate students in a semester. (Why three? Merely because a reasonable division of labor has one to do the VLSI design, one to do the board-level design, and one to do the control software.) And, once built, the machine can crack any number of keys—so you'd build this machine either if you had one key worth a million dollars, or if you wanted to sell keybreaking services to all comers for $100 a key. (Being able to forge just
one
wire transfer can more than pay for this machine!)

DES is an example of a system that has outlived its usefulness. It was a great scheme—until the 1990's or so. Nowadays, people who still use it are advised to use a scheme called triple-DES, in which two or three keys (it doesn't matter) are fed into three encryptors, in series, which cause the plaintext to be enciphered three times (in three different ways) before transmission. Bob's machine does the reverse. This is still pretty secure.

There are lots of other symmetric encryption schemes that are at least as secure as DES, and are easier to use in software—DES is much easier to do in hardware than in a general-purpose computer. One such is a Swiss cipher called IDEA, but there are many to choose from.

But all of these suffer from the problems that the parties who wish to communicate must first privately exchange keys. This is fine if you're a bank and can use a trusted courier service, but it's very inconvenient if you just want to call someone on the phone or send them an email message without being eavesdropped upon.

In the 1970's, however,
public-key
cryptosystems were invented. Diffie and Hellman made one; Rivest, Shamir, and Adleman made another which was called RSA (from their names). A public-key system is a different kind of beast, based on mathematical operations on large primes. In general, their security is based on the difficulty of factoring a large enough number into the primes that make it up—a task which has attracted thousands of person-years of research, appears to be intractable (for conventional computers!), but which is not proven impossible. Public-key systems therefore rest on solid ground, but not the concrete of a one-time pad.

In a public-key system, Alice and Bob each generate their own set of keys. Each key is split into two halves—the public half and the private half. Alice and Bob both
publish
the public half, anywhere they like—in the
New York Times,
for example, or on their Web page. They keep the private halves as private as they can, and never reveal them to anyone.

To send a message to Bob, Alice first looks up his public key. She then encrypts her message with that key and sends it to him. Once she does this, she can no longer decrypt the ciphertext—not with his public key, nor with her private or public keys. Bob can then use his @i(private) key to decrypt the message.

This scheme is
asymmetric
—both parties don't have the same keys. The major advantage is that they don't have to meet to exchange keys, either; Alice only needs the public part of Bob's key, and vice versa.