R.I.P. Cypherpunks List

http://www.securityfocus.com/news/294

R.I.P. Cypherpunks

Once the online haunt of top cryptographers, the Cypherpunks list was
characterized by its mix of revolutionary politics and advanced
mathematics. This week, a founder pronounced it dead and buried

By Will Rodger
Nov 29 2001 10:15AM PT

The Cypherpunks list, an online forum that in many ways defined Internet
activism, was booted unceremoniously from its original home, toad.com,
earlier this week.

In an open posting to several mailing lists, Cypherpunks veteran John
Gilmore all but dismissed the computer-security and privacy forum he
co-founded in the early 1990s. It had, he wrote, "degenerated a long time
ago to the point where I have no idea why more than 500 people are still
receiving it every day."

Yet, for all the irrelevant comments, vicious infighting and radical
libertarian politics that flourish on the list, Cypherpunks has chronicled
every important event in the short history of modern cryptography, as well
as the cyber-rights movement that grew out of it.

The mailing list spawned not just commerce but an entire philosophy.
Members vanquished U.S. controls on cryptography exports, and opened up a
wider dialogue about the use and misuse of technology.

"Cypherpunks has really advanced the state of the art," said Peter Wayner,
a cryptographer who vetted every one of his eight books on programming and
technology on the list. "One of the greatest advantages is so many people
are not constrained by non-disclosure agreements or the need to keep their
jobs."

Seemingly every major figure in cryptography and computer security has
passed through the list from time to time. Past participants include noted
cryptographers such as Matt Blaze and Adam Shostack, computer firewall
inventor Steven Bellovin, and the first developer of a commercial
firewall, Marcus Ranum.

Some say it was the Clipper Chip that made it all possible.

In 1992 the Clinton Administration revived an earlier Bush Administration
proposal to, in effect, regulate all data-scrambling technology used in
the U.S. The so-called Clipper Chip would have "escrowed" encryption keys
that ordinary citizens used. If police ever encountered encrypted email or
other data they could not decipher, they could monitor those
communications under "legal authority."

A storm of controversy followed. Businesses said the proposal undermined
U.S. products in a world market that required no such "key escrow." Civil
libertarians predicted massive email snooping once the Internet took hold.

Hundreds of smart but worried programmers flocked to Cypherpunks. They
learned about not just encryption, but digital cash, anonymous remailers
capable of sending messages without a discernible return address, even
"black nets" that would use all three together to form a perfect black
market with worldwide reach.

Some reveled in the idea of "crypto-anarchy." Others went to work.

Lance Cottrell, then a graduate student at the University of California at
San Diego, joined the list because he wanted to fight the Clipper Chip.
Energized and excited by a field that was new to him, he soon went to work
on what became the Mixmaster remailer, which solved many security
vulnerabilities in traditional remailers.

"It earned me a reputation," Cottrell says today. "I was one of the people
who had gone out and done something about it, instead of just talking
about it."

Publicists now hawk his Anonymizer.com as one of the rare Internet-only
companies that actually turns a profit.

Adam Shostack, a top cryptographers at Zero-Knowledge Systems in Montreal,
earned his chops at Cypherpunks, too.

"Smart People with Cool Ideas"

Back in 1992, Shostack was a lowly systems
administrator at Boston's Brigham and Women's Hospital just beginning to
learn about computer security. His interest in firewalls led him to the
list, and from there to contacts throughout the computer-security
community. Soon he had learned enough to publish an early critique of
secure log-in technology sold by Security Dynamics. Along the way,
Shostack met Matt Blaze an early debunker of the Clipper Chip's flawed
security, as well as Adam Back and Ian Goldberg, each of whom had
discovered serious problems with credit-card security in early versions of
the Netscape browser.

The work helped Shostack land the job at ZKS.

"It was involving," he says today. "There were lots of really smart people
playing with these really cool ideas. As a young guy who was just getting
into this stuff, it was a great way to really jump in. I'm not saying it
was polite or easy we all did our share of roasting one another, but the
ideas really overcame that."

Architect John Young found a new outlet for his political leanings through
Cypherpunks, and in the process started one of the most closely followed
archives on the Net.

Young was fascinated by the interplay of the civil and governmental on the
list. The dynamic of intellectuals pitted against federal watchmen
reminded him of his days as a 60s radical at Columbia University.
Cypherpunks and the Internet gave him a new chance to follow in the
footsteps of the time. Soon, he was publishing classified and formerly
classified documents about encryption and surveillance at
www.cryptome.org.

Over the years, documents from the FBI, NSA, CIA, British intelligence and
a multitude of other sources have landed at his Web site. Major newspapers
and television networks have picked up and run with the documents.

His archives also feature a long list of legal documents revolving around
the fight to unseat copyright laws, like the Digital Millennium Copyright
Act, that limit what consumers can do with materials they buy. Research
itself, Young says, is threatened in fights over copying technologies like
Napster, and tools designed to crack copy-protection schemes.

Like John Gilmore, Young concedes the Cypherpunks list has lost something
it once had. But unlike Gilmore, he thinks it is still valuable.

Other, moderated fora like the popular Cryptography mailing list cannot
equal the spontaneity of thought found on Cypherpunks, even today, he
says. "These lists have more or less withered under moderation, but things
continue to happen under Cypherpunks. These other ones get so serious and
important sounding people walk away. They forget the Net is supposed to be
entertaining as well as educational."

The Cypherpunks list will continue to be hosted on other sites, but many
participants agree that the ejection from its birthplace is a moribund
milestone.

Wayner, for his part, says many, more conventional lists sprang from
Cypherpunks because one list simply could not do it all. That, he said, is
a tribute in itself.

"The main reason the list doesn't seem to have the center of gravity
anymore is the topic has gotten so big and gone in so many directions,"
Wayner says. "It used to be you could read maybe (the newsgroup)
comp.risks and Cypherpunks and you had read all there was. Now there are
so many things going on it can't be the center of gravity, it can't be the
center of all things."