Cryptography for the Rest of Us

Shanghai’s leading code slinger, David Veksler, who is also a good friend and long-time collaborator on all things digital, has come up with something wonderfully subversive. It is an encrypted messaging service that takes a giant step toward making cryptography available to the rest of us.

It is called It is the first, easy-to-use, web-based service to provide absolutely uncrackable security in communications and file sharing. It’s a free product for now, and will probably remain so, but I have hopes that he can eventually commercialize it, if only to insure its viability over time.

This new technology is a brilliant example of a theme I’ve been turning over in my mind, namely, how technology is blazing new trails to give us freer lives even in times of rising state despotism the world over. It is becoming clearer by the day that it is not the politicians or even the intellectuals who are going to save civilization but the entrepreneurs and the digital cowboys who are liberating humanity in practical ways, every day.

As I often do with these events, I was last night musing over the historic significance of his invention. Communications in general received a gigantic boost with the telegraph in 1837. It was the first tool to provide a means for people to communicate over geographically noncontiguous spaces. The radio, telephone, and television continued the revolution, and the coming of age of the Internet provided the biggest boost ever to the driving force of social cooperation.

But there has always been a problem here, namely that there has been no assurance of keeping government’s mitts off our communications. To be sure, the spectacular rise of digital technology has made it impossible for government to monitor everything. But each day the threat becomes more real that government can find a way. Even now, governments have successfully intimidated many internet service providers into forking over data that is none of their business. The public side of the web is ever more being controlled by state authorities.

To some extent we are all vulnerable. Most of us are happy to get and send email, chat on FB, text things through our smart phones, tweet, and all the rest, with virtually no thought given to the privacy implications. And that’s fine for most things, and mostly for now. But in the future and maybe in the present, there are times when we will all need more guarantees.

The hyper-geek contingent is different. They’ve long known that the government wants nothing more than to monitor all communications, and to gain access to all email you send and receive if and when they demand it. This was obvious as early as 1993 with the so-called Clipper Chip. This was device developed by the National Security Agency that the government tried to get all telecommunications companies to install.

The Clipper Chip would have given the government instantaneous access to all communications archives whenever it wanted them. In effect, it would have enabled the creation of a mass surveillance state, which is the dream of every state. The government thought it was a no brainer: of course they need access to all things whenever they want them!

One might think that the bureaucratic class would wake one day and think: hey, are we like the bad guys in an Orwell novel, and, if so, shouldn’t we cut this stuff out? But there is something about working for government that apparently dulls one’s sense of irony. They develop a kind of caste consciousness (h/t Ludwig von Mises) that pursues a course that advances the caste interest to the exclusion of other concerns.

Regardless, the push back from industry and from consumers toward the Clipper Chip was extreme. It was widely rejected. By 1996, the Clipper Chip was completely dead.

Contributing mightily to the death of the Clipper Chip was an inauspicious little program called “Pretty Good Privacy,” now known widely as PGP. It was developed by Phil Zimmerman, one of the great heros of the digital age who is not given nearly the attention he deserves. He developed a method for transmitting communications that were and are completely uncrackable by any outside source other than those party to the communication.

Zimmerman sent his PGP program around the Internet (this was before the web) and it was used by people all over the world who were resisting governments in various ways. This is what triggered the trouble. Zimmerman was brought up on charges by the U.S. government. Because cryptography was regarded as a munition by the government, he was charged with violating the Arms Export Control Act (!).

Rather than cave to the pressure, Zimmerman fought back by releasing the entire code of PGP to the world. It was shared in thousands and millions of groups, and became commonly available after the development of the world wide web. Just to insure its permanent availability and as if to underscore the powerlessness of government, MIT Press even published the entire code in a book!

By 1996, the government was forced to drop its case against Zimmerman. PGP has survived the onslaught. And today, it remains the most important single means for people who fight for freedom to be able to outwit the despots trying to control them.

But even after all these years, PGP still isn’t entirely accessible to the rest of us. There are some services such as hushmail that rely on it and that people who are not code monkeys can use. But there are some remaining problems with hushmail, such as that it requires registration, it maintains an archive of communications, and its security is, to some degree, dependent on the integrity of the company that runs the service.

What Veksler has done with is provide a simple web interface to provide all the benefits of PGP-level privacy but without registration. The use is entire anonymous. It is also more convenient than PGP has ever before been. It works through a one-click operation. And the public key is stored not in a long string of digits but in the URL of the website itself, one that can be easily copied and pasted and then opened with a chosen passphrase.

Let me back up just a moment to explain how this works. A public key is something that is attached to you personally. It is like an email address. It works as a kind of destination where people know they can send your communications. A private key or passphrase is then required to unlock the messages, and this is something that only you know and you never have to write down.

Neither the sender nor the server administration can know the private key. The message itself is completely scrambled as it is sent and then unscrambled when it arrives.

Veksler’s tool embeds all of these operations on a single page and makes it all happen with one click only, and all through a clean URL. And the passphrase you use is stored on the program for only 120 seconds after the message is delivered — which sort of reminds me of the “self destructing” meme made famous by Mission Impossible.

But it gets more brilliant. How can you know that you can really trust the service, or that Veksler himself works for the FBI or the like? Well, you don’t have to trust him. Veksler is making the entire apparatus completely open source so that anyone can inspect the code. He does nothing on the site that is not wholly open to the world, so that way anyone can know everything that is going on in the engine room but no one, not even the service owner, can know what is being communicated.

The service is in the early stages, but his next step will be to develop a desktop client that will work even when you are not on the world wide web. It seems obvious that the next stages will be smartphone apps, ever clear interfaces, and ever quicker operation. You can see where this is going. It creates an infrastructure that the whole world can use to communicate that is impenetrable to any nation state.

To me, this qualifies as absolutely revolutionary. It is only one example of a larger point. The path to freedom in our times is being blazed by brilliant minds like this. We can’t make the state go away but we can do our darndest to achieve a good life and protect ourselves through advances in technology, among many other ways. In the end, it is up to us to take the necessary steps to reclaim the freedom that is ours as a human right.


Note: In an interview in the Libertarian Standard, David explained some basics of the code he uses:

CryptAByte uses public-key encryption just like HTTPS/SSL and OpenPGP/PGP. The algorithms used are RSA for key pairs, AES 256 to encrypt messages and files, and SHA 256 for hashing. The servers hosting this application support can encrypt 2.1 GB of data per second using the latest Intel CPU’s with AES support built into the chipset. The service is built with ASP.Net MVC and Sql Server for the backend and jQuery UI for the front end. A RESTfull API is available for third party web and desktop apps to build on the platform. The full source code will be released when the platform is stable.

You can also view his powerpoint presentation on security fundamentals.

Leave A Reply

Your email address will not be published.