From: Tim May <tcmay@got.net>
Date: Mon, 12 Jan 1998 09:16:06 +0800
To: cypherpunks@Algebra.COM
Subject: BlackNet
Message-ID: <v03102804b0df1be302d4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




Someone just asked me for an explanation of "BlackNet," as he hadn't heard
of it before. There are several places to look:

--a Web search on the term, along with "cypherpunks" or "cryptography" or
my name so as to narrow down the search somewhat (apparently some persons
of color decided to use BlackNet as their group's name, thus leading to
some collisions_

--archives of the list, partially available at
http://infinity.nus.sg/cypherpunks/

--my Cyphernomicon, available at
http://www.oberlin.edu/~brchkind/cyphernomicon/

--another article, available at
http://www.powergrid.com/1.01/cryptoanarchy.html

--or, the item below, part of a chapter called "True Nyms and Crypto
Anarchy," which may or may not appear in the forthcoming edition of Vernor
Vinge's "True Names." This section discusses data havens, and the BlackNet
experiment in 1993:


DATA HAVENS AND INFORMATION MARKETS

Another science fiction writer, Bruce Sterling, popularized "data havens"
in his 1988 novel, "Islands in the Net." He focussed on _physical_ data
havens, but cyberspace data havens are more interesting, and to likely to
be more important. That they are distributed in many legal jurisdictions,
and may not even be traceable to any particular jurisdiction, is crucial.

A data haven is a place, physical or virtual, where information may be
stored or accessed. The usual connotation is that the data are illegal in
some jurisdictions, but not in the haven.

Data havens and information markets are already springing up, using the
methods described to make information retrievable anonymously and
untraceably. Using networks of remailers and, of course, encryption,
messages may be posted in public forums like the Usenet, and read by anyone
in the world with access, sort of like a cyberspatial "Democracy Wall"
where controversial messages may be posted. These "message pools" are the
main way cyberspatial data havens are implemented. Offers may be in
plaintext, so as to be readable to humans, with instructions on how to
reply (and with a public key to be used). This allows fully-untraceable
markets to develop.

It is likely that services will soon arise which archive articles for fees,
to ensure that a URL (Uniform Resource Locator) is "persistent" over a
period of many years. Ross Anderson's "Eternity Service" provides a means
of distributing the publication of something so that even later attempts to
withdraw all copies are thwarted...this has obvious value in fighting
censorship, but will also have implications when other types of publication
occur (for example, a pirated work would not be withdrawable from the
system, leaving it permanently liberated)

Examples of likely data haven markets are: credit data bases, doctor and
lawyer data bases, and other heavily-regulated (or even unallowed) data
bases. Information on explosives, drug cultivation and processing, methods
for suicide, and other such contraband info. Data havens may also carry
copyrighted material, sans payment to holders, and various national and
trade secrets.

As one example, the "Fair Credit Reporting Act" in the U.S. limits the
length of time credit records may be kept (to 7 or 8 years) and places
various restrictions on what may be collected or reported. What if Alice
"remembers" that Bob, applying for credit from her, declared bankruptcy ten
years earlier, and ran out on various debts? Should she be banned from
taking this into account? What if she accesses a data base which is _not_
bound by the FCRA, perhaps one in a data haven accessible over the Net? Can
Alice "sell" her remembrances to others? (Apparently not, unless she agrees
to the various terms of the FCRA. So much for her First Amendment rights.)
This is the kind of data haven application I expect will develop over the
next several years. It could be in a jurisdiction which ignores such things
as the FCRA, such as a Caribbean island nation, or it could be in
cyberspace,  using various cryptographic protocols, Web proxies, and
remailers for access.

Imagine the market for access to data bases on "bad doctors" and "rip-off
lawyers." There are many interesting issues involved in such data bases:
inaccurate information, responses by those charges, the basis for making
judgements, etc. Some will make malicious, false charges. (This is
ostensibly why such data bases are banned, or heavily regulated.
Governments reserve the rights to make such data available. Of course,
these are the same governments which falsify credit records for government
agents, which give the professional guilds like the American Medical
Association and the American Bar Association the power to stop competitors
from entering their markets, so what else can be expected?)

Information markets match potential buyers and sellers of information. One
experimental "information market" is BlackNet, a system I devised in 1993
as an example of what could be done, as an exercise in guerilla ontology.
It allowed fully-anonymous, two-way exchanges of information of all sorts.
The basic idea was to use a "message pool," a publicly readable place for
messages. By using chains of remailers, messages could be untraceably and
anonymously deposited in such pools, and then read anonymously by others
(because the message pool was broadcast widely, a la Usenet). By including
public keys for later communications, two-way unreadable (to others)
communication could be established, all within the message pool. Such an
information market also acts as a distributed data haven.

As Paul Leyland succinctly described the experiment:

"Tim May showed how mutually anonymous secure information trading could be
implemented with a public forum such as Usenet and with public key
cryptography.  Each information purchaser wishing to take part posts a
sales pitch and a public key to Usenet.  Information to be traded would
then have a public key appended so that a reply can be posted and the whole
encrypted in the public key of the other party.  For anonymity, the keys
should contain no information that links it to an identifiable person.  May
posted a 1024-bit PGP key supposedly belonging to "Blacknet".  As May's
purpose was only educational, he soon admitted authorship."

An example of an item offered for sale early on, in plaintext, was proof
that African diplomats were being blackmailed by the CIA in Washington and
New York. A public key for later communications was included. This is just
one example. There are reports that U.S. authorities have investigated this
market because of its presence on networks at Defense Department research
labs. Not much they can do about it, of course, and more such entities are
expected. The implications for espionage are profound, and largely
unstoppable. Anyone with a home computer and access to the Net or Web, in
various forms, can use these methods to communicate securely, anonymously
or pseudonymously, and with little fear of detection. "Digital dead drops"
can be used to post information obtained, far more securely than the old
physical dead drops...no more messages left in Coke cans at the bases of
trees on remote roads. Payments can also be made untraceably; this of
course opens up the possibility that anyone in any government agency may
act as a part-time spy.

Matching buyers and sellers of organs is another example of such a market,
although one that clearly involves some real-world transfers (and so it
cannot be as untraceable as purely cyberspatial transactions can be). A
huge demand (life and death), but there are various laws tightly
controlling such markets, thus forcing them into Third World nations.
Fortunately, strong cryptography allows market needs to be met without
interference by governments. (Those who are repelled by such markets are of
course free not to patronize them.)

Whistleblowing is another growing use of anonymous remailers, with those
fearing retaliation using remailers to publicly post  their incriminating
information. The Usenet newsgroups "alt.whistleblowing" and
"alt.anonymous.messages" are places where anonymously remailed messages
blowing the whistle have appeared. Of course, there's a fine line between
whistleblowing, revenge, and espionage. Ditto for "leaks" from
highly-placed sources. "Digital Deep Throats" will multiply, and anyone in
Washington, or Paris, or wherever, can make his case safely and anonymously
by digitally leaking material to the press. Gibson foresaw a similar
situation in "Count Zero," where employees of high tech corporations agree
to be ensconced in remote labs, disconnected from the Nets and other
leakage paths. We may see a time when those with security clearances are
explicitly forbidden from using the Net except through firewalled machines,
with monitoring programs running.

Information selling by employees may even take whimsical forms, such as the
selling of topless images of women who flashed for the video cameras on
"Splash Mountain" at Disneyland (now called "Flash Mountain" by some).
Employees of the ride swiped copies of the digital images and uploaded them
anonymously to various Web sites. Ditto for medical records of famous
persons.  DMV records have also been stolen by state employees with access,
and sold to information broker, private investigators, and even curious
fans (the DMV records of notoriously reclusive author Thomas Pynchon showed
up on the Net). Rumors are that information brokers are prepared to pay
handsomely for a CD-ROM containing the U.S. government's "key escrow" data
base.

The larger issue is that mere laws are not adequate to deal with these
kinds of sales of personal information, corporate information, etc. The
bottom line is this: if one wants something kept secret, it must be kept
secret. In a free society, few personal secrets are compelled.
Unfortunately, we have for too long been in a situation where governments
insist that people give out their true names, their various government
identification numbers, their medical situations, and so on. 
"And who
shall guard the guardians?" The technology of privacy protection can change
this balance of power. Cryptography provides for "personal empowerment," to
use the current phrasing.