Secret, Anonymous Communications

In cyberspace, communications' privacy has two parts:

1. Secret message: no undesired person can read your message.
2. Anonymity of address: no one knows who or where you are.

Encryption provides the first; organizational or physical cutouts provide the second.

Given anonymous, secret communications, betrayal become the issue.

Secret Messages

Governments may ban messages that they cannot read. This law can be enforced by imprisoning people, not for the content of what they say, but for how they say it--for the mere possession or transmission of a message the government is unable to read.

As with any government ban, the success of the ban depends on the likelihood of being caught and severity of punishment. If a government is required to obtain a warrant for due cause, the government will check the communications only of those who catch its attention. If no warrant is necessary, a government could automate the message checking process. In this case, secret communicators must use time consuming ciphers that appear innocent. As far as I know, you can use these ciphers only with people with whom you have made prior arrangements. There is no public key; you cannot communicate this way with strangers.

If governments do not ban messages they cannot read, there are three other potential problems to encryption, all having to do with `breaks':

• A breakthrough in mathematics that enables current machines to decipher encoded communications with newly written software. No one knows whether or how likely this kind of breakthrough will occur, but few think soon.

• A breakthrough in hardware that enables new types of machine to decipher encoded communications. `Quantum computers' are the oft mentioned possibility. These devices are theoretical and have yet to be built. Few if any expect a sufficiently fast machine soon--most expect to wait at least a generation.

• A break in: old fashioned burglary. If an encrypted message cannot be read, steal the code or steal the unencrypted version of the message. This technology does not require any breakthroughs.

However, just as envelopes ensure sufficient privacy for most private mail, encryption can ensure sufficient privacy for most private email.

The main issue is whether you will be the target of a well funded operation; if so, you have to deal with espionage as others have for ages. If not, then ordinary prudence suffices.

Address Anonymity

An anonymous address requires a cutout--a stage in the transmission of a message from one person to another in which the first person (or an interested third party) loses track of where the message is going and where it came from. There are two ways this can be done, through an organizational cutout, and through a physical cut out:

• The anonymous remailers in Finland are organizational cutouts. These organizations promise to hold your identity secret. You send a message, they substitute an alias. Your correspondent answers to your alias; the organization forwards the message to you.

  A while back, the Church of Scientology obtained the records of one such remailer; the anonymity was broken.

  An organization can promise to destroy (or encrypt) its tables of identity before an outsider seizes them. Its success depends both on the degree to which people in the organization fear penalties for destroying or hiding evidence, and on how the information is obtained (if obtained in secret, the organization will not know to act.)

• A physical cut out is simply to broadcast the message. No one knows who receives it. Of course, anyone can monitor such a broadcast, but if it is encrypted using public key encryption, only the intended recipient can read it.

  Depending on the hardware, it will be more or less hard for a third party to locate transmissions. It is expensive, for example, to locate a transmission to a satellite; you need a second satellite. As far as I know only the US and Russian governments do this routinely, as part of their electronic intelligence operations. I don't know how successful they are.

  `Physical cutout', broadcast-type anonymity requires an organization to provide the appropriate hardware. And the operation must be sufficiently large and complex that an interloper cannot simply examine every potential transmitter or receiver.

  As far as I know, some of the current communications nets provide physical cutouts, as a side effect of how they operate. Messages are made up of `packets' of information; the packets contain the intended address and other information in them, so it is not necessary to know where they came from, and not worth the expense of installing source-locator hardware. Not all networks are like this--hence the older stories about tracing telephone calls, and the newer ones about tracing people who `break into' computers.

This latter method--broadcast messages with public key encryption--provides anonymous, secret communications.

A government can sharply reduce the number of anonymous, secret communications by enforcing regulations of the type recently imposed in China; but if a government does not go to such lengths, and if an organization provides a cut out, anonymous, secret, anarchic communications are possible.

Betrayal

Anonymous, secret communications mean that you have no recourse if you are betrayed by the person with whom you are communicating. You cannot help yourself, because you do not know where to go; a court of law cannot help you, because it does not know either.

Suppose, for example, Bill hires Alice to design a widget. Alice sends the design to Bill; bad Bill does not pay. If Alice cannot trace Bill, Alice has no recourse, but to accept the loss.

There are three traditional ways of dealing with this problem, all of which require giving up anonymity:

1. Work only with relatives, so family honor enforces contracts. Clans and extended families are common throughout the world. In south east Asia, for example, emigre Chinese families work with relatives. In Europe, the Rothschild bank grew out of the cooperation of brothers who each went to live in a different city.

   Both you and your correspondent must be part of the same clan or extended family, or members of closely associated clans. However, you are not anonymous, but known.

2. Find a mutually acceptable third party to enforce contracts. In years past in Sicily the Mafia undertook this task. For this solution to succeed, the third party must know you both and be willing and able to coerce you. Again, you are not anonymous.

3. Accept the role of government. The advantage of a government of law is that it can enforce contracts between strangers. Society need not be based on clans or extended families, or on the benevolence of thugs. Yet again, you are not anonymous.

There is one traditional mechanism that preserves anonymity, yet reduces betrayal; but the method does not work well.

The solution is to establish an ongoing relationship, so present day betrayal is more expensive than the discounted future costs of continuity.

Continuity requires that the two people in communication are able to know that they are continuing to communicate with the person with whom they want to communicate--that a third party does not step in and pretend to be the second party. Fortunately, public key authentication can be used to ensure that messages are from the person you expect them to be from (even when you cannot learn the actual identity of the person).

Suppose that one person defrauds the other. Suppose, for example, that Bill cheats Alice. Alice knows to avoid Bill thereafter. But what if Charlie now hires Alice; how is Alice to know that Charlie is not Bill? She cannot.

The problem is inescapable.

The usual answer is to respond as European townsmen traditionally do with gypsies: to restrict the size of each transaction to such that little is lost if the gypsy cheats and disappears.

Hence, I expect that anonymous, secret communications, if permitted, will constitute a marginal part of an economy. However, non-economic communications are different; religious, political, and social discussions are not hindered by the occasional apostasy of a participant; and safety opposes timidity. Anonymous, secret communications could lead to a revolution in people's thoughts, or to several revolutions, as different people join different groups.

Or return to: Rattlesnake Home Page

webmaster@rattlesnake.com