Monday, April 21, 2008

The Cypherpunk Dream

I'd like to describe briefly a concept I'll refer to as "the cypherpunk dream". People should be able to create persistent online identities (by which I mean it should be possible to prove that the same entity is using a specific identifier). It should be impossible to connect an online identity with a "meatspace" (physical) identity without the person's consent, nor to connect two online identities with each other if a person chooses to have more than one. These online entities should be able to communicate securely with each other, and by "securely" I mean not only can no third party intercept or interfere with their communication, but they should be unable to even discover that communication is taking place. Entities should be able to advertise, establish reputations, contract for and pay for goods and services, all without being linked to a physical entity.

It seems obvious that this dream in its purest form cannot and should not be practically realized. For example, having goods delivered to one's house gives a strong clue as to one's identity. The lack of any overseeing authority may make disputes likely and satisfactory resolution difficult. There are also nonconsensual services that could conceivably be offered, but ideally would not be.

Technology knows no morality. Either people can communicate privately, or there exists some entity which can eavesdrop on any conversation. There is no way to guarantee privacy for the "good guys" while allowing "government" to eavesdrop on "bad guys". Similarly, either goods and services can be exchanged discreetly and confidentially, or there exists some entity with the ability to arbitrarily forbid or tax transactions. Designers must accept that tools will be used in ways that they did not intend. My own opinion is that the danger from arbitrary authority is worse than that from excessive freedom.

Certain elements of the cypherpunk dream are already available. I think modern cryptography algorithms are sufficiently strong that properly implemented systems using them are in practice unbreakable. Using mixmaster remailers it is possible for people to communicate without outsiders being able to know who is communicating with whom, but so few people use mixmaster that using it says something about one in and of itself.

Reputation systems are by nature problematic in a pseudonymous world. People may create identities specifically for the purpose of inflating their own reputations or trashing those of their competitors. There is little incentive to participate in rating, and there can even be a disincentive as it could provoke unwanted attention. And rating is largely subjective in any case. But I don't think any of these hurdles are insurmountable. I'm disappointed in the progress made in this area, although I must admit I don't have any particularly innovative ideas.

There have been several software implementations of Chaum's ideas for anonymous payments, but I think their use has mostly been limited to toy systems. This I think is due to there being an almost all-or-nothing aspect to the concept. If a real practical system were implemented its operators would likely be subject to hostile action from the state almost immediately.

No comments: