home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
texts
/
txtfiles_misc
/
crunch.txt
< prev
next >
Wrap
Text File
|
1993-08-10
|
17KB
|
327 lines
Mondo 2000 - Issue #10
======================
Interview with the legendary John Draper, aka Captain Crunch.
MONDO 2000: What are you up to right now?
CAPTAIN CRUNCH: I'm with the Cypherpunks. We're the people that use
cryptography or cryptotechnology to protect and preserve our privacy.
The Cypherpunks are the élitist of the élite. I just came back from the
Computers, Freedom, and Privacy '93 conference where we all met.
M2: What was the most important thing that happened there?
CC: The thing I really feel good about is the tremendous opposition to
the FBI's Digital Telephony proposal and the tremendous interest in data
encryption. Dorothy Denning, who's at Georgetown University, seems to
think that data encryption should not be in the hands of the private
citizen, that the private citizen should not have the _right_ to use
data encryption.
M2: But surely she's not opposed to data encryption per se?
CC: Well, I meant encryption that can't be unscrambled by the NSA.
That's understood. See, there are different levels of encryption. But
the key idea was that if private citizens use encryption, they should
have to register their private keys with the government.
M2: Amazing! And how did people react to that?
CC: There was so much opposition to her outrageous ideas that it was
shot down. She is still out there, though, and there is upcoming
legislation proposed. But if it ever does get that far, the EFF, CPSR,
and ACLU will be right there to keep it in check.
M2: What other issues came up?
CC: Well, one problem the New York State Police have is with "call sell"
operations--people getting credit card numbers from companies or using
the company's PBX system to make free calls to the Dominican Republic or
something like that. And it's mushroomed to the point--this is
according to Senior Investigator Donald P. Delaney of the New York State
Police--that toll fraud has jumped 1000% in New York City and in some
place in L.A. because of "call sell" operations. So there's a major
concern there. People are able to take cellular phones now and make
them use the system in ways they've not figured out before.
M2: Such as?
CC: Well, they're able to change the ESN (electronic serial number) of
the phones and they have this scheme they call "tumbling" which means
that every time you make a call you switch to another ESN number.
M2: So you can't be traced?
CC: Exactly. The authorities are countering that by nailing down the
location of the phones by triangulation. So when people use these
things they can usually pinpoint them within a block.
M2: So what else came out of it that was really exciting?
CC: A lot of pretty dazzling talks. Bruce Sterling and Clifford Stoll
also talked. Is was a continuation of the first two confrences, in the
sense that other issues that needed to be resolved were brought out in
the open. For the very first time, the Justice Department has gotten to
hear the computer professionals talk about their concerns over data
privacy. The hottest debate was over the FBI's Digital Telephony
proposal.
M2: What exactly is the Digital Telephony proposal?
CC: The telephone company vendors have agreed that the FBI should be
able to do their jobs, but they don't want to do a lot of extra work.
They're cheap. They don't want to have to spend the money to develop
the software that would provide a "back door" in telephone switch
software. The new digital phone system is very difficult to tap,
because there is no way for tappers to pick out a single conversation
from the digital streams on fiber optic lines--digital transmissions are
all mixed up with other calls and are hard to seperate without expensive
software changes to the switch. This forces them to be back on the
telephone poles with alligator clips like the good old days. Normally,
the line going into your house is still analog, unless you are lucky
enough to have fiber optic cables. Your analog voice doesn't turn into
digital until it gets to the central office or to some entry point.
Anywhere along there they can tap that line, so why write legislation to
force the phone companies, on-line services, or any other common carrier
to make it easier for FBI wiretaps?
M2: OK, so where is everything going in the Cypherpunk area?
CC: The biggest thing the Cypherpunks are doing is to promote widespread
use of public-key data encryption for e-mail and voice phone calls.
There's a group on Usenet called alt.security.pgp with a flame war
instigated by Dave Sternlight. It seems bent on discouraging the use of
PGP and is putting pressure on site administrators to remove uploaded
copies because they allegedly violate the RSA patent. He continually
rambles on about how everyone using it is a criminal. He makes tons of
postings daily to the alt.security.pgp newsgroup worldwide.
M2: So who holds the patent on the public-key encryption algorithm?
CC: PK Partners holds the patent but RSA issues most of the licenses.
There's been lots of confusion over RSA licensing. You can use RSA for
free non-commercial purposes. The biggest problem is RSA's public
communication has not resulted in a climate that people know how to
proceed in. Because of this, independant software companies have not
produced products using RSA. Mr. Zimmermann, the author of the PGP
code, certainly has more balls than I do.
M2: What else is hot in this arena?
CC: I think what's really hot are the anonymous remailers. There's a
lot of dispute about that.
M2: Yeah, I hear they're worried about so-called accountability. We
_need_ a public forum without "accountability." Accountability is
important in our elected officials, but for the average person, it means
they could be hauled into court for libel.
CC: Exactly! I can see some great uses for remailers, like
whistle-blowing. You discover, for instance, that a company is doing
something really weird, and you want to let the world know but you don't
want them to know that it came from you. So you can write an exposé on
this company from an insider's point of view--you can send all the gory
details and anonymously post it--and your anonymity would be preserved.
The bad side of it is that it could be used for disinformation.
M2: Kind of a cognitive Badlands for criminals and psychopaths?!?
CC: Yeah, and the regulatory groups want to "protect" us. They also
claim the child porn people can mail their files anonymously to anybody
they want.
M2: The Controllers want to stigmatize anonymous remailers by
associating them with the child pornography industry calculated to
inflame middle America! So how do anonymous remailers work?
CC: You mail a central address and you put something on the subject line
as to where the mail goes. The remailer automatically looks at the
subject line and does this through a thing called a "perl script" which
is like a program. It takes your header, strips it out, then puts its
own header in. And then it hooks into the mailer, so the remailer can
handle it. With your mail header stripped out, your anonymity is
preserved.
M2: But the remailer has your e-mail ID when it comes in, right? So...
CC: Yeah, there's a lot of controversy and discussion about the
integrity of the person running a remailer. For instance, a law
enforcement type can set one up and record who anonymously mails. So
the legit anonymous remailers go out of their way to ensure that when a
mailer comes into their machine, the header's stripped properly and that
no previous identity of the original poster of the message is intact.
But the problem is that as soon as these remailers are being set up
they are being taken down by the system administrators of Internet
hosts. This is largely because of a small group of people who think
they can be abused. On the Internet, people are pretty well-behaved.
But like anywhere, there are always dickheads that are bent on screwing
things up, like with mail bombs.
M2: What's a mail bomb?
CC: It's somebody sending an obnoxiously long message into your mail box
that's extremely annoying.
M2: Like junk mail. The ultimate abuser's data would expand to fill the
available Internet bandwidth and disk space and paralyze the net, like
the Morris virus. It's related to the caller ID question, isin't it?
CC: Actually, the Internet is currently set up so that _everyone_ has
caller ID and _no blocking_, so ironically, the Internet and phone
company positions were originally the opposite of what they are now.
Before Caller ID, when you received a phone call, you didn't know the
number of the phone that called you. Now you can find out in some
states. Postings on the Internet on the other hand have maintained your
original e-mail address, but it is evolving into supporting _some_
anonymity now, but with great debate among a few right-wing types.
M2: Are there any other major developments in the Cypherpunk area?
CC: I'm working with some other folks on a new version of Mac PGP. My
main goal is to put encryption in the hands of everybody as cheaply as
possible. I'm doing the user-interface, working very closely with
someone on the East Coast. I don't know where he is located, but I
don't care. After all, this is just one global village with no
distances, borders, or other real-world obstacles. This is why I like
the Internet.
M2: I found Mac PGP user-hostile. It wrote over the original file of
this interview when I created an encrypted version!
CC: It's a litle bit difficult to use right now for the uninitiated,
because it was originally written to work under UNIX. It's not very
user-friendly. Because UNIX people don't usually care about that kind
of stuff. The new graphic user interface will make it easier for people
to use PGP. We're going to be adding a very rich selection of features
to PGP that the original will not allow you to do. For instance, it's
nice to be able to decipher text directly to the display without having
to actually save it as a file. When you save your plain text as a file
inside your computer, there is the possibility that you may forget to
remove it. The original PGP solves that by letting you spool the plain
text temporarily to the screen, but there's no effective way of
scrolling once it starts displaying. So one of the features we're
adding in this version is being able to pipe the text directly to an
editable text window. We're also adding copy and paste and some
enhanced key-management features. These are being done by the other PGP
team members. There's a whole PGP development team of the most élite
programmers working on this project and I'm honored to be a part of it.
But I'm sticking with the user interface. I don't think I could be put
in jail for designing a dialog box!
My handiwork will be up for display, which is why I'm doing a very
careful job. If I have my name on my code, man, it's going to be
perfect! It will be readable and well commented and easily
maintainable.
I also recommended that the PGP core code be rewritten in such a way
that it can be re-entrant. What that means is that it will be more
modular, easier to break up into organized procedures and to be
interfaced with other graphics platforms. Like you'll be able to use it
in an X command in HyperCard.
M2: When will this new version of Mac PGP be available?
CC: We're shooting for May, but I was hoping that no real deadline be
set, so it will be available all over the Internet, provided that david
Sternlight is kept on a short leash.
M2: What will this do for the average Mac user?
CC: They'll be able to communicate in complete privacy with other Mac
users either through the on-line services such as the WELL and
CompuServe, or just by mailing diskettes. If you have a really
important program or product and you want to protect that product, then
you would encrypt it--put it on a diskette, mail the diskette over the
regular mail. If it ever gets intercepted, the interceptor would not be
able to make heads or tails of the contents of the disks--only the
intended party can decrypt it. And that means you can send beta copies
of software to your publisher and your publisher could then decrypt your
software and convert it back to the original through the use of PGP or
any other encryption program out there. Also, it would be impossible
for someone to intercept the disk and inject a virus in the program.
M2: What do you think of the Clinton administration's proposed Clipper
chip for encrypting phone calls? And registering everyone's encryption
keys to provide tappability in criminal investigations?
CC: I believe they're trying to push this idea through without giving
much thought to the ramifications. This overwhelming urge to tap into
our private conversations is simply going to promote private encryption
and voice scrambling. It is not going to make law enforcement's job any
easier to catch criminals. It reminds me of that popular bumper sticker
"If guns are outlawed, then only outlaws will have guns."
If i were a criminal, do you think I would be dumb enough to
register my phone with the government? Of course not! I would probably
get mine on the black market, or through some other illicit means. If I
were a law-abiding citizen, would I trust some government agency with my
encryption key? Would you?
M2: No. So what's the reaction so far?
CC: Very negative. I'm getting about 150 messages a day on this. This
is not only going to get a bad reception in the industry, but it will
cost the government more money by piling on huge administration costs.
Let's see: You need two agencies (hopefully ones that people can trust).
Gee! I can't even think of just ONE agency that I can trust!!! Can
you? Then, these agencies have to keep track of one half of an 80 bit
key. I guess there is one key for each Clipper chip, so there has to be
the capability of millions of keys. Each one has to perfectly match the
other half. Then there will be people needed to "register" these
"tapper" phones. And then what if you decide to sell it? The mind
boggles!
Then there is this classified algorithm used in the Clipper chip
itself. I'm sure it's probably hard to attack and crack. But can you
really be absolutely sure that there isn't some sort of back door in it?
It's clear that the industry hasn't been consulted, or ideas were
not put forth in some public forum. So, where is this democratic
process?!? We ARE still a democracy, aren't we? How was this company
that sells the Clipper chip selected? Were RSA data security people
contacted? A lot of questions will have to be answered before something
like this can be accepted.
M2: What else is going on?
CC: There's something I'm working on with a student at the University of
Houston. What we want to do is a virtual cyberspace. Where you have a
machine on the Internet called a "virtual world server." If you enter
the server, you select which of the virtual worlds you want to go into.
After selecting one, you enter that virtual world and you have other
people or entities in there you can play around with. Your digital
identity could be a knight in shining armour--you render that with an
artist. It has a certain size and weight, certain characteristics.
M2: Sounds like True Names!
CC: Cool. And as you're moving around in this virtual world, and other
people are moving around, your positions are being send to the server,
and the server broadcasts those positions out to the other people in the
virtual world.
M2: How can people reach _you_ in Cyberspace or Cypherspace?
CC: Well, the best way to reach me is via e-mail. I already receive
TONS of e-mail, but I have an efficient screening system, and it is not
uncommon for me to receive about 150 messages a day. That may seem a
lot, but most is due to the mailing lists I belong to and I can download
them fairly fast.
I am also an Internet guide. In this role, I guide the beginner or
wannabe through the complex maze of the Internet, which has over 1.5
million computers hooked up to it. I charge a fee for this, but it is
very low and affordable by more then 90% of the cybernauts or beginners.
I have some pretty famous clients.
My e-mail addresses are:
crunch@well.sf.ca.us (my home system)
crunch@netcom.com (I visit this one first)
crunch@hacktic.nl (my European e-mail box)
If you e-mail to request my Internet guide service, please put "Internet
guide" in your subject line and I'll e-mail back a contract form to fill
out.
By the way, if you want my PGP public key, I can e-mail it to you.
So if anyone wants to send something encrypted to me, they can use this
key. Only I can decrypt your message. If you expect me to send
anything back, please send me you public key, which can be encrypted
along with your text message. See ya all in Cypherspace. Rave on
d00dz!!