1994-02-20 - Re: Blacknet worries

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: e6a43588522aa402985d90327d9c5f277b55752676f702030c4920b87f635a1b
Message ID: <199402202033.MAA25767@mail.netcom.com>
Reply To: <199402201725.JAA24552@alumni.cco.caltech.edu>
UTC Datetime: 1994-02-20 20:36:59 UTC
Raw Date: Sun, 20 Feb 94 12:36:59 PST

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 20 Feb 94 12:36:59 PST
To: cypherpunks@toad.com
Subject: Re: Blacknet worries
In-Reply-To: <199402201725.JAA24552@alumni.cco.caltech.edu>
Message-ID: <199402202033.MAA25767@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Hal Finney makes some comments about the dangers (I call them
benefits) of systems like "BlackNet," the hypothetical-but-inevitable
entity I described last fall. These dangers/benefits have been
apparent to me since around 1988 or so and are the main motivator of
my interest in "crypto-anarchy," the set of ideas that I espouse.

(I don't often dwell on them on this list, partly because I already
have in the past, and in the "Crypto-Anarchist Manifesto" and other
rants at the soda.berkeley.edu archive site, and partly because the
Cypherpunks list is somewhat apolitical...apolitical in the sense that
we have libertarians, anarcho-syndicalists, anarcho-capitalists,
Neo-Pagans, Christian Fundamentalists, and maybe even a few
unreconstructed Communists on the List, and espousing some particular
set of beliefs is discouraged by common agreement.)

However, since Hal has raised some issues, and the general issues of
data havens, anonymous information markets, espionage, and other
"illegal" markets have been raised, I'll comment. Besides, volume on
the List has been awfully light the past few days. Maybe it's my mail
delivery system slowing down, maybe it's the Olymics (I say put Tonya
up on the gold medalist's platform, put the gold medal around her neck,
then the noose, then kick the platform out from under her), or maybe
it's the natural exhaustion of the last set of hot topics.

First, a legal caveat. I openly acknowledge having written the
BlackNet piece--proof is obvious. But I did *not* post it to
Cypherpunks, nor to any other mailing lists and certainly not to
Usenet. Rather, I dashed it off one night prior to a nanotechnology
discussion in Palo Alto, as a concrete example of the coming future
and how difficult it will be to "bottle up" new technologies (a point
Hal alludes to). I sent this note off to several of my associates, via
anonymous remailers, so as to make the point in a more tangible way. I
also printed out copies and passed them out at the nanotech meeting,
which was around last September or so.

Someone decided to post this (through a remailer) to the Cypherpunks
list. Kevin Kelly and John Markoff told me they've seen it on numerous
other lists and boards, and of course Detweiler has recently posted it
to dozens of newsgroups (though it got cancelled and only the "echoes"
remain in most places...a few folks forwarded copies to ohter sites,
with comments, so they were not affected by the cancellation message).

My legal protection, my point here, is that I did not post the
BlackNet piece, it does not exist as an actual espionage or data haven
entity, and my point was rhetorical and is clearly protected by the
First Amendment (to the Constitution of the country in which I
nominally reside).

On to Hal Finney's points:
> Tim's Blacknet story has gotten a lot of reaction after Detweiler's
> random posting escapade last week.  I think it is a good essay, but there
> is one point I don't think was stressed enough.
> > BlackNet is currently building its information inventory. We are interested
> > in information in the following areas, though any other juicy stuff is
> > always welcome. "If you think it's valuable, offer it to us first."
> > 
> > - trade secrets, processes, production methods (esp. in semiconductors)
> > - nanotechnology and related techniques (esp. the Merkle sleeve bearing)
> The glaring omision, mentioned only in passing, is military intelligence.

Yes, military intelligence will become much more "fungible" in the
future I envision. It already is, of course, a la the Walkers, but
computer-mediated markets and secure encryption will make it so much
more efficient and liquid. Buyers will be able to advertise their
wants and their prices. Ditto for sellers. Of course, decoys,
disinformation, and the like come to the fore.

To pick a trivial example, someone sits above a busy port and watches
ship movements from the privacy of his apartment. He summarizes these,
then sells them for a paltry-but-comfortable $3000 a month to some
other nation. (The ease of doing this means others will get into the
market. Prices will likely drop. Hard to predict the final
prices...the beauty of free markets.)

> A friend at work tells me that in the Manhattan project, presumably one
> of the most secret projects ever attempted, the Soviet Union had no

Yes, Hal's point is valid. William Gibson, so reviled in some
cyberpunk quarters (it's tres chic to bash him) anticipated this some
years back in "Count Zero," in which the scientists of a company are
held isolated on a mesa in New Mexico--recall the rescue/escape by
ultralight aircraft off the mesa?

The motivation for thinking about BlackNet, which is what I dubbed
this capability in late 1987, was a discussion with the late Phil
Salin that year about his as-yet-unfunded company, "AMIX," the
American Information Exchange. I played the Devil's Advocate and
explained why I thought corporate America--his main target for
customers--would shun such a system. My thinking?

- corporations would not allow employees to have corporate accounts,
as it would make leakage of corporate information too easy

(Example: "We will pay $100,000 for anyone who knows how to solve the
charge buildup problem during ion implant of n-type wafers." Many
corporations spend millions to solve this, others never did. A
"market" for such simple-to-answer items would revolutionize the
semiconductor industry--but would also destroy the competitive
advantage obtained by those who first solved the problems. Another
example, from earlier on, is the alpha particle problem plaguing
memory chips. I figured out the problem and the solution in 1977, at
Intel, and then Intel kept it a deep secret for the next year,
allowing its competitors to wallow in their soft error problems for
that entire year. When I was eventually allowed to publish--a decision
made for various reasons--the competitors raced for the telephones
even before I'd finished presenting my paper! Imagine how much I
could've sold my "expertise" for in the preceding year--or even after.
Of course, Intel could have deduced who was selling what, by various
intelligence-copunterintelligence ploys familiar to most of you
(canary traps, barium, tagged info). But the point is still clear: an
information market system like AMIX means "digital moonlighting," a
system corporations will not lightly put up with.

If information markets spread, even "legit" ones like AMIX (not
featuring anonymity), I expect many corporations to make
non-participation in such markets a basis for continuing employment.
(The details of this, the legal issues, I'll leave for later

> Keeping business secrets and manufacturing techniques secret is one thing.
> But, from the point of view of the government, the world of Blacknet could
> be an utter disaster for the protection of military secrets.  Despite its
> consumption of a large fraction of our society's resources, government jobs
> tend not to be high paying, especially compared to jobs with comparable
> degrees of responsibility in civilian life.  The temptation to sell secrets
> for cash has got to be present for almost everyone.  But it is balanced against
> the immense practical problems involved: making contacts, arranging
> deliveries, being caught in a "sting" operation.

Yes, which is why I always used to use "B-2 Stealth Bomber blueprints
for sale" as my canonical example of a BlackNet ad. Hundreds of folks
at Northrup had access to various levels of B-2 secrets. The "problem"
for them was that military intelligence (Defense Intelligence Agency,
Office of Naval Intelligence, CIA, NDA, etc.) was watching them (and
they knew this) and monitoring the local bars and after-work hangouts.
Read "The Falcon and the Snowman," or rent the movie, for some details
on this.

Anonymous markets completely change the equation!

(By the way, many other "tradecraft" aspects of espionage are
similarly changed forever....and probably already have been changed.
Gone will be the messages left in Coke cans by the side of the road,
the so-called "dead drops" so favored by spies for communicating
microfilm, microdots, and coded messages. What I call "digital dead
drops" already allow nearly untraceable, unrestricted communication.
After all, if I can use a remailer to reach St. Petersburg.... Or if I
can place message bits in the LSB of a image and then place this on
Usenet for world-wide distribution..... (I described this in my first
message on using LSBs of audio and picture files in 1988, in
sci.crypt). The world has already changed for the spy. And Mafia guys
on the run are using CompuServe to communicate with their wives...the
Feds can't tap these ever-changing systems....a likely motivation for
current Clipper/Capstone/Tessera/Digital Telephony schemes.)

> Blacknet could remove most of this risk.  With near-perfect anonymity
> and digital cash, a tidy side income could be created for anyone with access
> to classified information.  There would be no need for risky physical meetings.
> The money could be spent on a few nice extras to make life more comfortable,
> without fear of it being traced.

Yep! That's the beauty of it all. "Classified classifieds," so to
speak. "No More Secrets." At least, no more secrets that you don't
keep yourself! (A subtle point: crypto-anarchy doesn't mean a "no
secrets" society; it means a society in which individuals must protect
their own secrets and not count on governments or corporations to do
it for them. It also means "public secrets," like troop movements and
Stealth production plans, or the tricks of implaniting wafers, will
not remain secret for long.)

> How many people would succumb to such temptation?  People do undergo security
> checks, and presumably those who pass are mostly honest.  But they are human,
> and money is a powerful motivator.  Especially if the person figures that if
> he doesn't sell the info someone else will, the temptation will be all the
> stronger.

Yes. All of this is true.

> There are possible countermeasures: frequent lie-detector tests (as in Snow
> Crash); "fingerprinting" documents so everybody has a slightly different
> copy, allowing sting operations to identify the culprits; perhaps even
> swamping the legitimate offers of cash with bogus ones (a denial-of-service
> attack, in effect).  But none of these are really likely to solve the
> problem.

We went around several times on the Extropians list (which I am no
longer on, by the way--for unrelated reasons), especially with regard
to what most folks consider an even more disturbing use of
BlackNet-type services: liquid markets for killings and extortion. Pun
intended. Buyers and sellers of "hits" can get in contact anonymously,
place money (digicash) in escrow with "reputable escrow services"
("Ace's Anonymous Escrow--You slay 'em, we pay 'em"), and the usual
methods of stopping such hits fail.

(The Mob rarely is stopped, as they use their own hitters, usually
brought if from distant cities for just the one job. And reputations
are paramount. Amateurs usually are caught because they get in contact
with potential hitters by "asking around" in bars and the
like...and somebody calls the cops and the FBI then stings 'em.
Anonymous markets, digital cash, escrow services, and reputation
services all change the equation dramatically. If the hit is made, the
money get transferred. If the hit is not made, no money is
transferred. In any case, the purchaser of the hit is fairly safe.
Implication of the purchaser can still happen, but by means other than
the usual approach of setting up a sting.)

> This is probably the issue which has the government really scared, the
> issue which turned Barlow's government friends against free encryption, as
> he describes in his Wired article ("if you knew what I know, you'd oppose
> it too").  The NSA in particular has for a long time been wildly paranoid

Yes, if I could think all this stuff up in 1987-8, so can a lot of
others. It was clear to me, at the Crypo Conference in 1988, that
David Chaum had thought of these uses and was deliberately navigating
around them in his scenarios for digicash. He just raised his eyebrows
and nodded when I discussed a few of the less fearsome applications.

> its own secrets than discovering others'.  I could see any technology which
> would facilitate sellouts by their people to be considered a mortal threat,
> something to be fought by any means.  And I imagine that the rest of the
> military intelligence community would feel the same way.

To the governments of the world, facing these and other threats to
their continued ways of doing business (notice that I didn't say "to
their continued existence"), the existence of strong encryption in the
hands of the population is indeed a mortal threat.

They'll cite the "unpopular" uses: kiddie porn nets, espionage,
selling of trade secrets (especially to "foreigners"), the bootlegging
of copyrighted material, "digital fences" for stolen information,
liquid markets in liquidations, and on and on. They won't mention a
basic principle of western civilization: that just because _some_
people mis-use a technology that is no reason to bar others.

Just because some people mis-use camcorders to film naked children is
no reason to ban cameras, camcorders, and VCRs. Just because some
folks mis-use free speech is no reason to ban free speech. And just
because some will mis-use encryption--in the eyes of government--is
not a good reason to ban encryption.

In any case, it's too late. The genie's nearly completely out of the
bottle. National borders are just speed bumps on the information

The things I've had in my .sig for the past couple of years are coming.

--Tim May

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."