The Digital Domain

"On the Internet, nobody knows you're a dog...."[1]


Anonymity/Privacy

The topics of online anonymity and privacy are simply so large that I cannot begin to do justice to them. Therefore, after covering a few technical basics, I shall tend to concentrate on just one small area of the discussion, that of the interaction of online commerce and privacy.

Why is it important?

This question can only be answered by the individual. The United States has a long tradition of valuing the privacy and the sanctity of its citizen's personal lives. In fact, privacy seems to be one of the core values of Americans. As people spend a greater portion of their lives in online interactions however, it becomes ever easier for institutions to build databases on their behaviors, attitudes, etc. Orwell's "Big Brother" scenarios become not only feasible, but technically, governmentally, and commercially expedient.

How are privacy and anonymity achieved?

Of course, there are many ways to retain one's privacy in the physical world. For example, by using cash rather than credit cards, you reduce the amount of data compiled by merchants and banks and linked to your "identity." On a larger scale, legislation is an crucial element in preserving privacy, and headlines show battles being waged on this front almost constantly. Between these two extremes lies a large realm of actions that one may employ to maintain privacy or anonymity online.

Encryption

The most obvious avenue to preserve privacy in cyberspace is to use encryption to safeguard the security of your communications. There are several different "flavors" that may be used now, but the situation is somewhat confused, by virtue of strong cryptography's status as a munition under U.S. law. Under ITAR, U.S. cryptographic companies must register as arms manufacturers and be regulated as such. Similarly, strong cryptography is often illegal to export from the U.S., and its use is banned in several countries. Currently, Phil Zimmerman remains embroiled in an investigation for his release of a very strong form of cryptography known as PGP (Pretty Good Privacy). Currently there is a campaign on the Net to provide him a legal defense fund, and they provide a good summary of the controversy, as well as an opportunity to donate funds (using First Virtual).

Remailers.

Another popular form of identity protection is to use what are known as "anonymous remailers," or simply "remailers." When an e-mail message is sent, it contains a good deal of information about its origins and paths of travel. What these remailers do is to strip this information out as the messages pass through them. The software is rather simple, and readily available on the Net. Recently, the largest and most user-friendly anonymous remailer in the world, anon.penet.fi, run by Johan "Julf" Helsingius in Finland, was compromised when the Church of Scientology was able to secure a court order to reveal the database used to process the transactions. [2] Nevertheless, Mr. Helsingius noted that it was not difficult to be registered in the database pseudonymously. For those very concerned with the anonymity of their messages, it is possible to encrypt their messages and then route them through several remailers in order to launder the trail to the greatest extent possible.

Digital Cash.

Finally, in an online commercial world, it will be important to use online "cash" rather than credit to preserve anonymity. Through an impressive bit of mathematical legerdemain, David Chaum's DigiCash system does precisely this, relying on blind digital signatures to authenticate the validity of the electronic tender without revealing the identity of the parties. If you are interested in the underlying concepts of how this is accomplished, I commend Dr. Chaum's 1992 Scientific American article to you, as well as a more recent article from Wired magazine discussing the privacy ramifications of various electronic payment schemes. Dr. Chaum, one of the leaders in his field, is highly committed to keeping "Big Brother" out of the loop, and has published several articles on the topic.

Will privacy survive into the new digital era?

At least in some form, it is nearly assured that it will. Essentially, there are two countervailing forces. One the one side are the governmental and commercial forces that want to know everything about you: Big Brother can easily keep an eye on its citizens in a digital era and Microsoft and merchants always want to know who their customers are. In large part, I believe that privacy will erode in the face of technology, as information about people becomes important to large organizations, and individuals value convenience over autonomy.

However there is a strong balancing force. The online world is alive with a very strong libertarian perspective. This is the kind of furor that derailed the Clipper Chip. Even as the Senate currently debates giving increased wiretap authority to the government, grassroots opposition is releasing technology that would defeat such measures. Three software developers are currently giving away a piece of software called Nautilus that will allow PC's to become untappable secure telephones. [3]. The cypherpunks, a "crypto-anarchist [dis]organization" remain a vital force not to be ignored. [Whole Earth Review June 22, 1993 sprawling article on the cypherpunks, encryption, digital money, and the future]. Cases like the PGP release and David Chaum's efforts on behalf of untraceable e-cash reveal that the last word on digital privacy has not yet been written.


Encryption - the key issue.

Why is it necessary?

The Internet was not designed to be a secure communications medium. Because of the way in which packets of information are passed around the system, it is almost trivially easy to intercept and read the data stream. When an e-mail message travels from Palo Alto to Washington DC, it may pass through as many as 20 different computer systems. Thus e-mail should always be thought of as sending postcards: it is encryption that puts the envelope around your messages. Similarly, Web messages (using HTTP) are entirely insecure, and this was thought to limit the proliferation of Internet commerce.

Private vs. Public Key Encryption

Private key encryption is typically what we think of when we watch spy movies: the courier with the codebook in a briefcase handcuffed to his wrist. The same key is used to both encrypt and decrypt messages, and while many private key encryption algorithms are very efficient, the key transfer mechanism is vulnerable. The question often arises: if there is a secure channel to transmit the key, why isn't it used to transmit the information? Public key encryption solves this and other limitations of private key encryption.

The Significance of Public Key Encryption

Allan Schiffman, Chief Technical Officer of Terisa, a major cryptographic company, called the invention/discovery of public key encryption by Whitfield Diffie and Martin Hellman at Stanford in 1976, "the most important work in applied mathematics in the twentieth century." [4] Using public key encryption, it is possible to conduct secure transfers of information, without the need for prior exchange of secret keys. This revolution opened up an entirely new field of study, changing the way secure communications systems operate.

I spoke (e-mailed) with a principal examiner in cryptography at the PTO, and he explained that the cryptography "field is exploding." He personally "issued at least one patent to David Chaum on double-blind signature systems, which is the type of encryption necessary to implement an untraceable but secure transaction," and noted that there are currently "six examiners working full time in cryptography, with dockets of over a hundred applications each currently pending."[5]

How does Public Key Encryption work?

I refrain from delving too deeply into the technical mechanics of public key cryptography, but if you are interested, there are several resources available that provide much greater detail, both from commercial as well as private parties. I apologize in advance to cryptography aficionados for the liberties I will take in simplifying the process.

Essentially, a unique key is generated, and then this is split into two components: the private key and the public key. These two keys are two parts of one large key, but cannot be computed from one another. The user (for clarity's sake, let's call her Lara) then publishes her public key to the world (usually with digital "certifications" from other people that the public key is indeed Lara's). When I want to send Lara a secure message, I can go to a keyserver and retrieve her public key. Then I use her public key to encrypt the message and send it to her. The only key that will then decrypt this message is Lara's private key, thus insuring security so long as Lara protects her private key.

In actual public key messaging systems, there are additional compression, hashing, and signing steps that provide additional security services but the underlying concept remains the same. If you are interested in a deeper explanation, I provide a link to an excellent article on how one public key system (PGP) works.

What are Digital Signatures?

Digital signatures are simply the reverse of the above process. If I send Lara a message that I have encrypted using my private key, then she can decrypt it using my publicly available public key and know that I sent it. Of course, so can anyone else, since that is the nature of public keys. But importantly, assuming that I am the only person in control of my private key, nobody else could have created this message . This mechanism is essentially how a virtual bank can mint new money: it "signs" digital notes, saying that it vouches for them.

The Acronyms - PKP, RSA, EIT, and PGP

It seems that in order to be a serious force in cryptography, you have to be well-equipped with acronyms. Once that's happened, it's hard to tell the players without a program, so I provide a thumbnail sketch of the major players.

Return of the Acronyms: SSL and SHTTP - Securing the Web

Once it became clear how powerful an economic force the Web could be in unleashing the commercial potential of the Internet, the race was on to develop a paradigm to conduct secure transactions online. Currently, the two major web encryption "standards" are SSL (Secure Sockets Layer) from Netscape and SHTTP (Secure Hypertext Transport Protocol), from Terisa, formerly EIT. SSL works to secure the network link between client and server, whereas SHTTP operates by securing the documents thought a negotiation process. The two paradigms are currently incompatible, but with Netscape's recent investment and partnering with Terisa, a common standard is supposed to be released in the second quarter of 1995. There are currently very few "secure" servers around now, but RSA provides an example of how one would work.


Digital Coinage and Gambling

With advances in communications and security technology, it soon becomes entirely feasible for invisible economies to spring up. Already, in an area of the Internet known as IRC (Internet Relay Chat), poker and other forms of gambling "float" 24 hours a day, though it is unclear if these winnings are ever convertible into other forms of currency. While IRC is still mainly an area for "geeks" to hang out, the user-friendly interface of the Web and the emergence of digital money make it highly likely that similar regimes could exist: creating large arenas of virtual economy unreachable by regulatory authorities. More than one lawyer has expressed serious misgivings at the prospects for such a future. As the cypherpunks note, there is a huge potential for a black market to arise, even in the face of David Chaum's reliance on banks as gatekeepers.

Currently there is a choke since most people still demand that their winnings be convertible into specie at some link in the transaction. However, if commerce migrates to a more exclusively online medium, it is easily conceivable that such "money" need never appear to the IRS or any other agency. For example, advertisers could pay users in untraceable DigiDollars to read their advertisement, this money could be gambled, or ultimately spent to anonymously receive digital pornography without any greenbacks ever being involved.

Money is but two things: a store of value and a medium of exchange. When enough parties can agree to trust one entity to "mint" digital money (using digital signatures) without the need for convertibility or the backing of gold, etc., then the monetary system tilts. While it seems unbelievable at this time, one need only to look at the "economy" springing up in frequent flier miles to find a parallel for currency creation. "Microsoft Money" seems a small trip from there, but once the step is made, "Benn Bucks" are not a ridiculous concept.

While the area of Virtual Gaming on the Web is still in its infancy, I provide links to some of the emerging locales:

Digital Vegas -This site is still largely under construction, but shows the power that the "little guy" can have in setting up a virtual casino with very little physical investment.

The Caribbean Casino This is a very glitzy site, with all the feel of offshore betting, but as they say, it's still in beta, so we'll see how they do.

CWBH A more informal place over in Germany, currently using DigiCash.


And now on to...

the next "linear" topic,

or the table of contents?


© 1995 Alex H. Benn