From: Seth Morris <Seth.Morris@lambada.oit.unc.edu>
Date: Wed, 23 Feb 94 18:13:23 PST
To: cypherpunks@toad.com
Subject: My assumptions and game ideas for education door
Message-ID: <9402240212.AA02540@lambada.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text


/*****************************************************************************
 Concepts, abstracts, and storyboards for possible cypherpunk-friendly
educational game. By Seth Morris, Feb, 1994.
                                                                                                   --Part 2
 
 This begins with a quick comment on the direction I'm heading at this idea
from. It is possible that some of my basic assumptions are invalid. I'm
stating them up front so y'all can criticize.
 
 
** Comments on my paradigm and assumptions
 
 One of the things I have noticed about my assumptions and the model under
which I am developing my thoughts is that I assume a threat stimulus to
encourage crypto. I assume that both the education and the usage of crypto
related systems is based on a perceived threat to privacy/security/anonymity/
safety/liberty/etc.
 Consequently, my focus in game design is to provide a threat to which only
crypto related systems can respond.
 I also assume a need to understand the threat in detail. If I didn't know
about an active man-in-the-middle attack (one of my favorite illustrations
for this argument), then I would have posted an unsigned key to the servers
long ago. As it is, I will not until I can get a relatively tusted signator.
I perceive a need to allow players of the game to understand and perhaps
orchestrate and use the attack so they will be aware of the relative futility
of unsigned keys and loose trust.
 This is what makes me seem like I'm advocating the net.book of spoofing and
skulduggery. I'm not. But if a player doesn't understand what facilitates
traffic analysis in detail, he or she won't avoid open, direct, and traceable
channels of communication for his or her sensitive information in real life.
 It's considered a relative truism in crypto that you shouldn't trust a
crypto system designed by someone who isn't a "real cryptologist" ie, who
hasn't "earned his or her bones" cracking weaker ciphers.
 If this is true, should we expect the next generation of crypto users
(presumed to be a large scale widespread and diverse group consisting of
a perhaps less technical cross section of net users who haven't had the
benefit of a year and a half of following and participating in cypherpunks
review of systems) to design relatively secure systems and protocols to meet
their real world needs without giving them a chance to experiment with and
understand the issues they will need to face?
 This doesn't mean having them actually write password sniffers and trace
through mail logs on a backbone site to find messages from a particular
entity. But it does mean understanding that some backbone sites could
do such a thing to them, and that their own sysadmin (or a less scrupulous
person ill-advisedly trusted by their sysadmin) could read or track their
own messages with relative impunity. The way to understand that is not faith,
but to know how it could be done, at least in relatively concrete theory.
(No need to post scripts to do it, just describe the types of logging and
filtering that are common and that are possible, and allow players of a
game to see what they could do with even relatively unspecific logs/filters.)
 
 Now... on to the ideas.
 
 There are several basic ideas... let me discuss the less attractive, more
derivative ideas first.
 
** Wargame/Trading game idea
 
 Imagine a wargame/trading game where communication between units involved
varying degrees of crypto/anonymity/signatures.
 I send a message to my generals in the field with their current orders,
encrypted. I send digital money to them to pay troops, outfit and repair
equipment, etc. I sign orders for authentication, and I use anonymous
methods for dealings with spies/mercs/black market. Perhaps a space trading/
espionage game loosely similar to Stephen R Donaldson's current five part
"Gap" series.
 Players would assume roles of initially rival masterminds, and would use
crypto techniques to control units, meet with spies, pay costs, SIGINT
track, perform traffic analysis on opponents operations, make alliances
(perhaps even anonymously: why would I want Alice knowing I'm helping her
against Bob... this might lead her to _support_ Bob against me to get him
off her back! But if money and info arrived anonymously, signed by an
anonymous name carrying a positive reputation... you get the idea), etc.
 
 This seems workable, if a little like every other BBS door on the market
(although perhaps that's because they're doing something right!). It doesn't
go too deeply into the issues of key management, denial-of-service, active
man-in-the-middle (someone said a while back that you can tell there's a
lot of people out there who don't understand crypto issues by counting the
number of unsigned keys on the servers... after playing a game where an
active man-in-the-middle attack is possible, either by players or a computer
controlled entity, I don't think a player would be as likely to make that
mistake!), DC nets (a favorite topic of mine), etc.
 Does do a good job of handling digital cash (with several currencies in
competing circulation, I'd assume... this happens in any war, and should in
any wargame... same with multiple market trading), reputations (especially if
the "human assets" part of wargaming/trading is emphasised).
 One particular problem I have is that this doesn't transfer as readily to
real life as I'd like. There's no obvious way to include key escrow as an
option (generally a BAD option, of course!), there's no obvious way to
indicate political and bureuacratic problems crypto currently entails to
excourage players to generalize their understanding.
 
 
 In general, it's very abstract. A marked contrast to my other thought.
 
** Cyberpunk game idea
 
 This is more of a Gibsonesque Cyberpunk game. This may be easier to follow
if you've played the "Neuromancer" computer game. (It may also be more
derivative of Pat Cadigan's _Synners_ than Gibson.)
 You take the part of a netrunner. Most players would probably be pet hackers
of megacorps. The net is less like the Matrix than like a large scale WAN
or the Internet. (No graphics on a door except color ASCII, remember!) Players
have access to various systems which are connected to other systems (if you've
played the Steve Jackson Games game "Hacker" you'll have a good image of what
I'm thinking), so there is a trace route of message traffic or remote login/
file transfer.
 Some systems offer public access and will become Neuromancer style meeting
places, others will offer mailing list type services. Other services might
be reputation brokers, "fixers" (trusted introducers between anonymous
entities based on interest... commonly used in cyberpunk literature to
introduce buyers and sellers of information and goods with low risk), storage
servers, remailers, etc.
 Players must manage their clients' needs for information brokerage,
information transport without interference, digital money management (perhaps
some of the players work for Revenue or somesuch?), etc, while still keeping
their own desires in mind. Players caught at some activities might be coerced
into working for a corporate entity to avoid persection/prosecution/exposure
(a common theme in cyberpunk literature) and might desire ultimately to
free themselves (or perhaps they're simply forced to reveal information about
ongoing activities for their primary employer, putting them in a doubly
difficult position).
 This all leads readily to use of crypto, anonymity, pseudoanonymity,
eputations, DC-nets, digital money, signatiures, web-of-trust vs heiarchial
trust systems, traffic analysis (people don't accuse me of writing a manual
on net.warfare when I say "traffic analysis", but when I say "reading
a sendmail log" they blanch... hmmm...), etc.
 Note that, like in Neuromancer, there will still be a great deal of
abstraction, and that the net in question will not be THE Net we all know
and love(?). I don't picture keeping accurate sendmail-style logs for all
systems simulated and having players pour over them. I do see the possibility
that they might want to trace a message an anonymous but reputable entity
sent through their mailserver which they suspect of smuggling company
funds out of their corporate pockets. Or tracking the source of anonymous
information as far back as possible to see if they are receiving spoofed
disinformation from a competitor.
 Of primary interest as propoganda/education is that the players realise the
attacks to which they can now be subjected. Understanding how much information
is plaintext should concern them. Knowing about an active man-in-the-middle
should encourage their use of trusted certifiers of some sort. Realizing
that corporate/government certifying authorities have their own goals and
needs in mind first and foremost would lead most people to prefer a PGP-style
web of trust.
 Optionally, some players could take the part of Law Enforcement personnel.
This would lead to a discussion of the needs/interests of LE vs the needs/
intyerests of citizens. This could allay some fears that the game is
"stacked" by having the players only experience the issues through the
viewpoint of an "underworld" figure. Some "legitimate" legal business
must be in the game. Also, it would be interesting to see how far the
players can go as LE personnel without giving in to the temptation to
break their own rules. Most people on cypherpunks think that the Key
Escrow Initiative will quickly lead to laziness and corruption on the
part of LE and government personnel that will violate the privacy and
security of average citizens and companies, and I agree. If that is the
case, it is quite likely that in the game, even people chosen for their
integrity and honesty would eventually commit some criminal act as LE
personnel.
 Really, of course, the game, as almost all good games do, walks close to
the line between "game" and "simulation." But in this case it would be
easier to create and play because the simulated system is largely theoretical
and the actual parts are quite similar to the game already. I don't see this
as too difficult a project to undertake. (And yes, I have written games
before, although never doors.)
 
 Ideally, the game should be as acceptable to Dorothy Denning as to T. C. May
(to pick two widely (wildly?) differing political viewpoints). Both would
accept the desire for crypto education, and I think both would agree that an
interactive online game reaches a large section of the current and future
computer community.
 
 
 Storyboards and screens as I see them are not yet written. (I only had
this idea last night!) I'll send them to anyone who cares, as I assume
the list at large won't. But I thought that some of the ideas here would
lead to useful discussion.
 
 Seth Morris (Seth.Morris@launchpad.unc.edu)
 
*****************************************************************************/