1993-04-27 - How to protect your electronic privacy – consumer pamphlet

Header Data

From: szabo@techbook.com (Nick Szabo)
To: cypherpunks@toad.com
Message Hash: 1eb3d430209cbb64bc404806ff15c06efa1a26df932aa3db54c25972005e30a0
Message ID: <m0nnmmA-000hqDC@techbook.techbook.com>
Reply To: N/A
UTC Datetime: 1993-04-27 10:17:43 UTC
Raw Date: Tue, 27 Apr 93 03:17:43 PDT

Raw message

From: szabo@techbook.com (Nick Szabo)
Date: Tue, 27 Apr 93 03:17:43 PDT
To: cypherpunks@toad.com
Subject: How to protect your electronic privacy -- consumer pamphlet
Message-ID: <m0nnmmA-000hqDC@techbook.techbook.com>
MIME-Version: 1.0
Content-Type: text/plain

Here is a handout I've written for our next Portland-area libertarian
meeting.   Comments welcome.  Feel free to distribute freely (you
can edit out Portland-specific stuff) with attributions.


How to Protect Your Electronic Privacy
Nick Szabo, April 30 1993
Distribute Freely

We conduct more and more of our legal, political, and private business
over the wires.  Every decade, the number of phone calls that the
government can record for later playback increases by a factor of ten.
Commercial organizations gather and sell our transactions; marketers
and governments cross-reference them, forming our vast electronic
reputation.  The number of e-mail messages doubles every year, and many 
political organizations are coming to rely on networks like Internet and 
LiberNet.  Most e-mail users are unaware that it is the most public 
medium ever invented, and use it to write love letters, letters to their 
lawyer, discussion of illegal activities, etc.  Vast volumes of e-mail 
can be stored on small magnetic tapes and searched in bulk for keywords, 
eg "mari[jh]uana".  The good news is, the computer brings an even greater 
weapon to fight these threats to our privacy and political freedoms: widely 
available, automatic cryptography.

Instead of developing phones allowing truly private conversations, which
are now feasible, AT&T recently put a phone on the market that contains 
the NSA-designed "Clipper" wiretap chip.  All users' encryption keys are 
registered with the U.S. government, giving it exclusive access to 
wiretapping this system's phones.  The use of an unpublished algorithm 
and other features also make the system insecure.  "Clipper" would also
make traffic analysis (finding out who is calling whom, when, etc.)
much easier.  The goal of this government/Ma Bell collusion is to
subsidize the creation of a standard that forces truly private phone
systems off the market.

By purposefully allowing a government backdoor in its "secure" phones,
AT&T has demonstrated its contempt for its customers' privacy.  Here are 
some other long-distance providers that may have more respect.  All U.S. 
line providers are required to surrender to telephone taps under 
government "authorization", but some require more "authorization" than 
others, or otherwise make a greater fuss about it.  Local wiretaps are 
beyond the control of long-distance companies, but long-distance 
eavesdropping is much more difficult if the company uses fiber optic
instead of microwave links.  Ask company representatives for details.

Allnet Long Distance Services	1-800-783-2020
MCI, commercial			1-800-888-0800
MCI, residential		1-800-950-5555
Metromedia Communications Corp.	1-800-275-2273
One-2-One Communications	1-800-293-4121
Sprint, residential		1-800-877-7746
Sprint, business		1-800-733-5566

Real phone privacy can be obtained with a veil of encryption, by using
pairs of phones containing privacy chips, which scramble the
signals *and* keep the keys private.  Contact your local business 
telephone dealers for privacy phones from Ericson, Cylink and other
companies.  Keep your eye out for portable-computer-based
software with voice input that can be used to encrypt voice mail
and send it over the networks like e-mail; these may be appearing
on the market or as freeware within six months.

Data privacy can be obtained with public-key encryption
features which have been added to some of the newer e-mail packages
from Microsoft, Apple, Novell, etc.  Beware: most software encryption
has been restricted by the U.S. government to very weak algorithms.
"Cypherpunks" enjoy writing programs to crack the weakened file
encryption in Word Perfect, Lotus, etc.  Be sure the software contains
the new "RSA" public-key algorithm, which probably cannot be cracked
by anybody, even the NSA with their buildings full of supercomputers.
A strong freeware RSA package is also available called Pretty Good 
Privacy (PGP); this is the international standard on the Internet.  
PGP can also be used for protecting the files on your PC.  On an Internet 
machine type "archie pgp" to find out where PGP is available for 
download.  Several BBS systems also have PGP available.

In public key encryption, there are two keys, one used to lock 
(really scramble) the data, the other to unlock (unscramble) the data. 
To join the fun, publish or send your freinds your public key, and
they can then send you messages only you can unlock with your private
key.  You collect other's public keys and do the same.  PGP key 
distribution is based on an informal, voluntary web of trust instead 
of the government's rigid heirarchy which is vulnerable to failure 
at the top.  Just as today's businessmen trade business cards,
tommorrow's businessmen will trade public keys -- if the government
doesn't ban them first.

For more detailed information on electronic privacy, see:

* Your local phone dealer.  If he does not know about privacy
issues and phone privacy products, ask him to find out!
* The May/June issue of "Wired" magazine featuring "crypto-rebels"
on the cover.  A history computer cryptography and the "cypherpunk"
movement, whose goal is to break the government monopoly on cryptography
and to restore our right to privacy in the electronic age.
* "Mondo 2000" #9 (most recent) features two good articles on PGP, and
a third article on protecting our financial privacy from governments.
* The Winter/Spring issue of "Extropy" features and article on digital
cash.  Unlike current electronic funds transfer, digital cash increases
financial privacy.
* On the Internet, the cypherpunks mailing list 
(cypherpunks-request@toad.com) and the newsgroups sci.crypt.  In the
Portland area two Internet providers are agora (293-1772 data) and
techbook (220-0636 data).  
* Organizations helping lobby for electronic privacy: Electronic Frontier
Foundation (eff.org), Computer Professionals for Social Responsibility 
(cpsr.org), Privacy International.  These are not entirely libertarian
(eg EFF tends to support Gore's socialist "Data Highway".)
* James Bamford, _The Puzzle Palace_, 1983: A classic expose of the
National Security Agency.

Nick Szabo					szabo@techbook.com