Is Osama Bin Laden Using Encryption?

A few years ago I read an interview with a professor of journalism who argued that reporters needed to become advocates for particular views rather than simply reporters of facts. I have always thought this was a very bad idea, and USA Today demonstrated why today.

USA Today’s Jack Kelly filed a fluff piece basically repeating spook nonsense that strong encryption is helping out terrorists. After going through a long bit of nonsense claiming that Bin Laden has even moved into steganography, Kelly laments,

It’s no wonder the FBI wants all encryption programs to file what amounts to a “master key” with a federal authority that would allow them, with a judge’s permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it.

Give me a break. This is just like gun control — the criminal elements aren’t going to use systems that require master keys. It comes across almost as if the spooks themselves don’t have any idea what they’re talking about.

The story, and others based on the same material, is surprisingly lacking in any sort of evidence other than the fact that terrorists use e-mail and in the pasth ave used relatively weak encryption schemes to hide some data. I’d like to see some proof that Bin Laden and his group are putting coded messages into pornography and placing it on the Internet (as folks on Slashdot noted, that might explain why porn takes so long to download!) or that they’re using Internet chat rooms to plan terrorist acts.

Remember this is the same group that claimed they had absolute incontrovertible proof that a Sudanese pharmaceutical plant was being used to manufacture chemical weapons. Bill Clinton bombed the plant based on that claim which turned out to be a complete lie.

This is just the last gasp of the intelligence agency to try to retain their monopoly on secrecy. Tune in next week when USA Today will discuss how child pornographers are using very big prime numbers to get away with their crimes.

When prime numbers are criminalized, only criminals will have prime numbers.


Terror groups hide behind Web encryption. Jack Kelley, USA Today, February 6, 2001.

IRS Fears Strong Encryption

    The U.S. Internal Revenue Service is starting to get scared that it’s not going to be able to tax the Internet economy. Specifically it is worried that Americans using strong encryption software will start engaging in financial transactions in countries that don’t share financial data with the United States (or in fact, Americans who do business using strong encryption to hide the fact that assets and income actually belong to Americans).

    At a recent meeting of tax collection officials from around the world, U.S. Treasury Secretary Lawrence Summers pleaded for foreign governments to start taxing Americans citizens more.

Problems could arise from the increasing sophistication of Internet encryption codes that are established for valid reasons of commercial secrecy but can also be used to conceal relevant tax details from tax administration. In such a world, it will be easier for companies to avoid tax collectors by operating worldwide through websites based in jurisdictions that are unwilling to share taxpayer information.

    The best solution to solve this “problem,” said Summers, is for foreign governments to create rules to ensure that American citizens are taxed to death regardless of where in the world they do business.

    To further its ability to monitor Americans’ international financial transactions, the Clinton administration is pushing the International Counter-Money Laundry Act which allows the Justice Department to require banks to report suspicious financial transactions involving other countries. This is basically a re-hash of the “Know Your Customer” regulations that were proposed and then quashed by a public outcry. The Know Your Customer proposal would have required banks to report all suspicious transactions, while the current version limits that to international transactions.

    The government’s fears are probably well founded. Already millions of Americans either underreport their income to avoid taxes or simply don’t file tax returns altogether, not to mention the many people who work in the underground economy trading services for difficult-to-track cash. There can be little doubt that if there were a relatively easy, secure system to hide income and assets from the IRS, Americans would likely flock to such systems by the millions.


Financial privacy under attack? Declan McCullagh, Wired News, July 14, 2000.

Is encryption tax-protective? Declan McCullag, Wired News, July 15, 2000.

Does Technology Make Libertopia Inevitable?

    Some libertarians and capitalist anarchists claim that technology is inevitably winnowing away the power of the state. Dale Fitzgerald II wrote a piece for LewRockwell.Com the other day (Encryption, Finance, Freedom, and You) arguing that pervasive encryption would allow people to conduct financial transactions that would be impossible to trace (and hence tax). Jeremey Lott responded in a piece in WorldNet Daily (Against Libertopia) that, in fact, there are many ways for the state to interfere with this libertarian utopia. As Lott notes, we live in a country where the state can seize your property without trial on the mere suspicion that the property has been used in an illegal activity. How long before the state starts confiscating computer equipment of those it believes are violating the law (hint, the federal government has already done this on numerous occasions without a trial).

    Of course Lott and Fitzgerald are half right. On the one hand, it is relatively trivial for a committed state to prevent its citizens from using technology to circumvent government control. Contrast, for example, the former Soviet Union with North Korea. The Soviet Union had onerous regulations on everything from photocopiers to VCRs; North Korea has even more stringent regulations (radios sold in North Korea are supposedly hardwired to tune in only certain bandwidths, for example, to prevent North Koreans from easily listening to non-government approved broadcasts).

    Both countries faced a choice — relent to some extent on the regulation of technology to try to promote economic growth or clamp down and accept the attendant poverty. The Soviet Union chose the former course and disappeared. North Korea, China, Vietnam and Cuba have so far largely chosen the course, willing to accept significantly slower economic growth in order to preserve state control.

    Fortunately for those of us living in Western democracies — as Bill Clinton famously observed, it’s the economy, stupid. Those behind the scenes at the CIA, NSA, FBI, etc. would love to simply ban strong encryption, for example, but would have a revolt on their hands from businesses, and eventually voters, who need it for economic transactions. The problem for Western states wanting to extend control is that technology is a double edged sword, growing the economy which enhances the popularity of sitting governments while simultaneously increasing the power of those who want to escape the reach of the state.

    Of course we’re nowhere near the sort of system Fitzgerald imagines. How many people even bother to routinely encrypt sensitive personal or business correspondence? I’d be shocked if the number was higher than 1 percent. The sort of system required to place financial transactions beyond the purview of the U.S. government is probably 10 to 15 years or more away.

    On the other hand, if it ever arrives the modern state is going to be in a world of hurt. After all, millions of Americans already try to hide from the IRS cheating on their income tax forms or simply not filing them. The underground economy, where people trade exclusively in cash and don’t keep records, is also huge (I’m always impressed by the number of people I know who do part or full time work at a slight discount in order to be paid in cash and thereby avoid the reach of the IRS).

    There will always be ways for the committed state to try to tax citizens even in this libertopia, but the problem will be whether or not they are efficient or whether in its attempt to crack down on the technolibertarians will also entail unacceptable risks to legitimate commerce that would be political suicide. If this technotopia is constructed in a way that it is impossible to shut down without also shutting down large parts of the economy, then Fitzgerald is right — we’ve already won and don’t know it. If, on the other hand, the state rigs the system to make it easier to go after “rogue” citizens, then Lott is correct — the state will crush Fitzgerald’s libertopia like a bug.

What If Censorship Were Impossible?

Today the debate over censorship centers around when, if ever, a state can
censor publications. Does the First Amendment protect even child pornography?
Should people who write and publish books that are little more than how-to guides
for murder be held liable by civil juries when real people follow those instructions
and commit real murders? These are interesting questions which test the limits
of even the most libertarian of individuals, but what if censorship were impossible?
Would this be a good thing?

The world is about to find out. Sometime in the next month or two a group of
hackers with a strongly anarchist bent are going to unleash a new computer network
that, assuming it doesn’t get shut down right away by private lawsuits or government
decree, will make it practically impossible to censor information. The system,
appropriately enough, is called Freenet.

Freenet is, in many ways, not all that different from the Internet. To reach
this web page, the reader needs to enter a universal resource locator (URL),
which the network of computers that make up the Internet then use to retrieve
the web page or other information. The major difference is that the Internet
uses a centralized model whereas the Freenet uses a distributed file model.

The centralized model is relatively easy to understand – the essay you are
reading exists on a server. Anytime someone wants to read it, he or she gives
a URL that includes the address of the server, the directory and finally the
file. In this system it’s generally relatively easy to track both readers and
publishers. If a court ruled this file obscene, to remove it all a government
would have to do would be to find out who owns this server and then seize it.

The distributed file system used by Freenet is a bit more complicated. There
are still URLs, but the URLs don’t include the address for a specific server.
Rather the URL is a unique name for the file. This file’s Freenet URL, for example,
might be called http://brian.carnell/censorship_impossible.html. Rather than
rent a server in a physical location, I simply submit the file to any number
of Freenet nodes (essentially each node is a separate computer). Then the Freenet
protocol decides which of the many nodes available to it, it will store the
file on. The Freenet has a number of technical advantages – if lots of people
in Europe request this essay, the Freenet notices this and can make sure the
essay appears on one or more European servers (thereby cutting down transmission
time and costs). If lots of people request the article the Freenet can put the
file on many servers, whereas if very few people request it, it can put the
article on just a handful of servers or delete it from the system altogether.

When a reader types in a request for this file, the Freenet starts a process
of finding the nearest server to the reader that has the file and delivers it.
So how does this make censorship impossible? Because its developers have built
strong encryption into the inner workings of the Freenet. The short version
is this: neither I nor anybody else knows exactly on which computer(s) my essay
is stored. Even the folks who run a particular Freenet node don’t know what’s
on their server (and this also means if I choose too, I could have total anonymity
– I could write something and no one would have any practical way to trace it
back to me).

Moreover, the Freenet is designed to put into practice the common, but incorrect,
aphorism that the Internet interprets censorship as damage and routes around
it. In fact, the traditional Internet is highly susceptible to censorship. The
Freenet is specifically designed, however, so that if a government does manage
to find a copy of this essay on a server and remove it, the Freenet will then
propagate my essay even further on the Internet. Like a hydra, every time you
delete a copy of a file, two or three other copies pop up.

Of course, this does not mean that censorship is literally impossible. But
once hundreds and thousands of nodes get running around the world, censoring
any file would be extraordinarily difficult.

But is a world where censorship is impossible a good thing? Certainly it has
its upsides. Numerous governments around the world – even liberal democracies
– try to keep their citizens from having access to certain information. That
job would be incredibly more difficult – once it gets onto the Freenet, getting
information off it will be impossible. The obvious workaround that states will
try is to limit citizen access to the Freenet, but since it will be possible
to offer Internet gateways to the Freenet, this is not likely to be a viable
option. Like strong cryptography, which makes it much harder for states to monitor
their citizens communications, once the Freenet is out there and in widespread
use, the jig will be up.

The Freenet is not, however, necessarily an unmitigated good and the problems
– along with the Freenet designers’ failures to grasp the issues involved –
presents the biggest obstacle to the Freenet. If public opinion against Freenet
is strong enough in Western industrial countries, the whole system could die
before it gets off the ground.

Why should anyone hate a system that makes censorship impossible? Because
sometimes, believe it or not, even hard core free market libertarians have a
good reason to want information removed from the marketplace. Most free market
types, for example, still see value in laws which punish libel. Freenet allows
anyone to make libelous statements that are not only completely anonymous but
are impossible to remove from the system.

Even worse is the situation with child pornography. Ian Clarke, the primary
creator of the Freenet system, anticipates the argument about child pornography
but misses the extent of the problem. Clarke defends his system’s ability to
spread child pornography by claiming “it is impossible to state categorically
that any given piece of information is “safe” to censor,” including child pornography,
and moreover that “child abuse is already illegal (and pictorial evidence of
it can obviously be used in court to obtain convictions), so censorship is not
really required to prevent distribution of material depicting actual abuse.”

This, of course, is nonsense. Child pornographers don’t take pictures to document
their crimes for evidentiary purposes, but rather for current and future sexual
(and possibly financial) purposes. While such pictures might aid in a prosecution,
once on the Freenet the pictures are available essentially forever if the system
works as Clarke envisions it. Of course what Clarke leaves out is that the pictures
themselves are an ongoing violation of the child depicted. In Clarke’s world,
a criminal could videotape his rape, digitize it and post it on the Freenet,
and Clarke’s major response is there’s no proof such a videotape will cause
any other men to go out and rape women. Fair enough, but what about the real
live woman depicted in that video completely against her will. Or take these
scenarios a step further – suppose someone decided to commit a murder specifically
to film it and distribute it on the Freenet.

Similar, though not quite so extreme, cases have already been a problem on
the Internet – in a high profile case, for example, illicitly recorded videos
of athletes in locker rooms were distributed over the Internet. In a world without
Freenet-style protections, the state uses its monopoly on violence to arrest
anyone who tried to widely distribute such materials, but would find it impossible
to suppress such information on the Freenet, nor establish who uploaded or downloaded
the material.

Which is not to say that Clarke’s suggestion to “abolish all forms of censorship” is not a good idea. I happen to think it is, but the case against it is a lot
stronger than Clarke even begins to imagine. There is another reason aside from
all of the high-minded one’s Clarke offers, however, to go along with the good
and evils a system like Freenet will create – it is inevitable.

No, it is not inevitable in the sense that death is, but it is inevitable in
the sense that the only way to suppress it would be to resort to methods that
would produce far more evil than Freenet ever will. Maybe if the United States
and Europe decided tomorrow to start regulating and restricting Internet access
much like China and Vietnam do, Freenet could be stopped. Maybe if liberal democracies
were to require computers to be hardwired to only a small band, much as radios
in North Korea are hardwired to only receive state approved stations, Freenet
would never make it off the ground. But today the same freedom that makes the
Internet work almost guarantees that the Freenet will soon spread like wildfire
across the world with thousands of nodes.