| ||||||||
 |
 |
 |
 |
 |
 |
 |
 |
|
Issue 1 Winter 2000/01
Complete transcript of interview with Eben Moglen: The Encryption Wars
In just the past few months, online secrecy and security have gone through several upheavals. After ten years of trying to use arms export laws to regulate the spread of Pretty Good Privacy (PGP), the most commonly available form of personal, high-grade encryption, at the end of 1999 the U.S. government abandoned its efforts. At the same time, the DVD Copy Control Association, an organization representing Hollywood’s major studios, filed a lawsuit against Internet providers offering links to DeCSS, a freeware program which allows viewers to break the encryption on DVDs and copy them on their home computers. One of the lawyers representing the web sites in the DVD case, Eben Moglen, has been thinking and writing about these issues for many years. General counsel to the Free Software Foundation (developer and distributor of GNU, the core of the Linux operating system) and a professor at Columbia Law School, he has written numerous articles about the Internet (many are available at http://old.law.columbia.edu ), and he is at work on a book, The Invisible Barbecue, analyzing the political and legal forces at play in the evolution of information technologies. Jay Worthington met him at Columbia University in May 2000 for a conversation on the deep implications of these technologies for the cultural and social fabric of today’s world.
JAY WORTHINGTON: There`s a tone of exhortation that seems to run through your writing on encryption- do you see a civic obligation to encrypt on the part of people making use of the internet, e-mail, digital communications generally?
EBEN MOGLEN: I guess. This was particularly true during the state of affairs in the fall of 1998, when I gave a talk at NYU called "So Much For Savages." There was then a feeling that the United States government might actually continue export controls, and that it was in that sense people`s civic responsibility to take advantage of the fact that the controls no longer rested on any technical basis at all and that the attempt of the American secret world and other secret police around the world to slow down the end-to-end encryption of the net was no longer a process over which they had actual control. The hypothesis of "So Much For Savages" was essentially that the determination of whether to make an end-to-end encrypted internet now belonged to the members of the internet community. If they used the publicly available tools, like SSH, they would in effect up the total level of encrypted traffic in the net to the point at which by mere volume alone, without regard to the quality of the algorithms being used, a lot of the traditional listeners would have lost their ability to listen.
WORTHINGTON: What density of encrypted traffic is necessary before mail in an envelope doesn`t stand out from the postcards? At what point does encrypted traffic stop standing out against the background noise?
MOGLEN: It depends on whom you`re thinking of counteracting. As the Europeans have been aware, which was what this year`s Echelon controversy has been about, the U.S. has been essentially the empire in charge of who got what in the global telecommunications structure. The carefully farmed out approach to that which Echelon represented for voice traffic, in which everybody had the right to declare some keywords, but only the U.S. had control over the keyword dictionary and there were a lot of intelligence services around the world providing local collection for U.S. keywords that they couldn`t actually see. That structure no longer seems likely to survive. The Americans will continue to try and take everything, but they will be on a more realistic basis with their foreign listener competitor-cooperators. The Echelon mess will eventually develop into some European recognition that they`re not going to give all the voice traffic on the continent away to the Americans. This in mind, if the net were 30% encrypted, it would be more than sufficient to overwhelm the collection and analysis capacities of everybody except the Americans.
WORTHINGTON: That`s the sort of density where you would have to go fairly far down into the spectrum of casual users.
MOGLEN: Well, it depends. The people who are interested in transactional security now have SSL in the browsers of consumers, and they count upon it`s being there. It`s weak encryption, and they use it a lot less than they could, but just upping the total amount of encrypted data, all by itself, makes things more confusing. With respect to anything, you`ve got to decrypt to figure out what it is, and therefore this pure keyword approach to wading your way through the world`s interactions becomes unusable. You`ve actually got to do traffic analysis in a way which allows you to decide what to decrypt, in order to find out if the keywords are there, instead of purely seining all the information flow in the world looking for words which is effectively how the system has operated up until now.
WORTHINGTON: It does seem the only way today that Louis Freeh could have plausibly suggested simultaneous monitoring one percent of all the telecommunications traffic in the United States.
MOGLEN: That`s right. But it is absolutely true, as you suggested, that unless the dominant operating used by almost everybody affords them real session security through an SSH-like client that simply routinely encrypts what comes in and what goes out as they are typing keys to remote computers we`re not going to have gotten to where we need to go. "So Much For Savages" then was an advertisement, and a thought experiment, and a fundamental point about how things then stood, in the period after there was a defacto recognition that strong encryption was everywhere but while the United States government was still controlling, through export controls, some nominal extent of cryptography in this society.
WORTHINGTON: The export controls were lifted in the fall of `99?
MOGLEN: That`s right.
WORTHINGTON: Do you think that`s a battle the government has given up on?
MOGLEN: Well, I don`t think their answer is there`s nothing we`re going to be able to do about it. But the answer is we are no longer attempting to delay the adoption of strong encryption technology by United States export controls. You`ll notice that last night they took the error out the GPS.
WORTHINGTON: So Iraq is now going to be able to target its cruise missiles precisely on top of the Washington Monument and not 50 meters away.
MOGLEN: Yes. The military says they will continue to provide wrong information in just those places that are absolutely important, but I don`t think that means the White House or the Washington Monument. I think that means missile silos in Montana.
WORTHINGTON: Do you think, ten years from now, we`ll see maps published showing the version of the United States that`s being released now, with these abrupt transitions from crystal clarity to fog?
MOGLEN: Mapmaking is a very interesting subject in general, because when everybody in the country is carrying GPS equipment, one kind of mapmaking that will be absolutely possible consists of the whole structure of what we think of as free data. That is to say - people voluntarily walking around with GPS equipped cell phones donating the stream of their information to a mapping database which will be a very accurate map of everywhere all the time. Every bridge, every road, every place in the country will be repeatedly measured by people moving around with GPS equipment.
WORTHINGTON: Have you heard of any project like this today?
MOGLEN: I`m not aware of any. But you can see that it will happen, because that data stream will exist, and there will be a kind of decentralized geographic information service structure, but I don`t think anybody has yet thought about what will happen. You have lots of people thinking about it from a commercial point of view - Pizza Hut guys wondering how soon they`ll be able to advertise to you on your cell phone where the closest Pizza Hut is.
WORTHINGTON: It sounds like you were going in more of an open-source direction, though.
MOGLEN: That`s right, and indeed, lots of open-data possibilities of all sorts exist out there that we will begin to see. But like a lot of free-software activity, this organizes as people perceive the need or the possibility. It doesn`t organize ahead of that perception. We get, in our world, accustomed to the idea that what people think is neat, or needed, they`ll do. As the net makes possible various kinds of collaborations that have never been possible before they`ll do things, collaboratively, in new ways. Part of what I`m trying to do is understand what the political economy of a world full of that kind of content sharing is, and this is just one tiny little example of such a process.
But let`s return to encryption. Yes, it`s correct, the United States government effectively resigned from certain kinds of control activities over the course of the past year. That represents the end of Phase I of the crypto wars as I knew them Phase I of the crypto wars was a public law controversy about government control over cryptography. Phase II of the crypto wars begins now. It began with the DVD case at the end of last December. It constitutes a private law controversy over cryptanalysis in which what people are attempting now to control is other people`s ability to understand encryption, where previously, in round one, a public law controversy was fought over constitutional and other public law rights to encrypt things. So we have now moved quite sharply from one stage to another stage over the controversy about encryption in society. The leading forces against encryption and cryptography were policemen and spooks, and over the course of the past ten years, from the moment that PGP was distributed on the net until the government`s change in regulations late last year, we were effectively in an environment in which the question was were people going to be allowed to keep secrets or were cops and spooks going to be able to control the development of the technology.
That question has now been answered. If the NSA can develop quantum computers, if this, if that, if somebody figures out a way to factor large numbers... something might destabilize this new environment in a deep way, but as things now stand, cryptography wins over cryptanalysis in civil society for one set of applications, which is the maintenance of privacy in personal communications, and that will have a series of social consequences, some of them which we individually don`t love, or do, but it will have a series of definite effects.
WORTHINGTON: What`s your quick list of these consequences, good and bad? You seem to see a possible divide between the international and the domestic consequences of encryption.
MOGLEN: Well, at least I`ve wanted to point out to people that when you do this social accounting, you can`t treat it as though all of us live in Lake Forest, Illinois. Some of us live in Baghdad, or Beijing, or various other places, and in those other places the balance of power between civil society and government is quite different from what it is in the United States and the social accounting is different. So, yes, the Iraqi gulag, or the Russian gulag, will be more difficult to erect in the 21st century. You can still have an empire of fear, but you have to base that empire of fear more on networks of personal surveillance and informers than on the interception of communication.
WORTHINGTON: And domestically?
MOGLEN: Well, the right of anonymity, which people are beginning to see they might have some stake in, and what we now call privacy, by which this time we mean control over personal information, both depend upon encryption based solutions. If we are going to have the ability to read what we want without being surveilled in reading it, that`s because we are using agents to do our reading, which are unidentifiable and which restore content to us in an encrypted stream. That`s how we get around people who establish surveillance blockages or interception points to find out what we`re reading and whether we`re paying for it, doing something seditious because of it, or just looking at naked people, or whatever. Our ability to behave anonymously on the net, and our ability to control the flow of information about ourselves both depend on our ability to encrypt what we do.
WORTHINGTON: At the same time, encryption is at the heart of the current mechanisms for extracting revenue from copyrighted streams of information on the net.
MOGLEN: That`s precisely why we now find ourselves in disputes over whether cryptanalysis can be controlled by intellectual property law as cryptography was controlled by arms-export law. What we face in the DVD case and in lots of other conceptual or actual situations - CyberPatrol, for example - is a claim that interfering with the secrecy of other people`s content, which in itself creates the possibility of copyright infringement, is somehow sufficient basis on which to abate the cryptanalysis technology altogether. It is not proven in the DVD controversies - nor will it be proven, since it is not happening - that somebody is actually pirating movies off DVDs using DECSS. That`s not what happens. Recovering 5.7 gigabytes of raw video and audio data on a hard drive is not a first step towards commercial piracy of DVDs. The way commercial piracy of DVDs goes is bit-by-bit copying in a mass presser plant, and that`s why movies are cheap in Thailand. It`s got nothing to do with all this DECSS stuff.
What we have is an environment in which rather than thinking about government control over whether we can encrypt, we are now thinking about private power control over whether we can decrypt without permission, and that`s a different war, with a very different legal feeling to it. It has a very different public feeling. The eight largest movie studios in the United States can, paradoxically, spend a whole lot more money litigating these questions than the United States government could ever spend litigating the export control regulations. It`s a paradox of the way the U.S. government works that the secret agencies spent hundreds of millions of dollars building Echelon and all the rest of the interception gear, but when it came down to defending the export controls over encryption in the federal courts you had a couple of assistant U.S. attorneys. You had lots of FBI agents and lots of NSA guys hiding in the shadows, but no lawyers. They couldn`t do scorched earth, bury the other guy, spend him into surrender litigation against Bernstein when he challenged the export controls, but when it comes to a Norwegian fifteen year old and the eight largest movie studios in the world, you can imagine that the shape of the legal confrontation is much more difficult.
WORTHINGTON: And do you think the lines here are as clearly drawn?
MOGLEN: No. What we have here are two different structures of the distribution of cultural product. You have a set of people whose fundamental belief is that cultural products are best distributed when they are owned, and they are attempting to construct a leak proof pipe from production studio to eardrum or eyeball of the consumer. Their goal is to construct a piping system that allows them to distribute completely dephysicalized cultural entities which have zero marginal cost and which in a competitive economy would therefore be priced at zero, but they wish to distribute them at non-zero prices. In the ideal world, they would distribute them at the same prices they get for physical objects which cost a lot of money to make, move and sell, and they would become ferociously profitable. They are prepared to give on price, but at every turn, as with the VCR at the beginning of the last epoch, their principle is any ability of this content to escape their control will bring about the end of civilization.
This is an absurd claim. Nobody believes it but studio executives. My students are beginning to believe, to my shock, a communist thing - namely, it`s our music, and how dare they take it away from us - which is an enormously important and suggestive development. But, the theory of commercial distribution of proprietary culture is not a theory that one can say people have a duty to resist. I`m not at the Abby Hoffman "Steal this Book" level.
But there is, of course, an alternative economy trying to grow up. With respect to software, it`s happened already. With respect to software, it`s already been demonstrated that in the real world in which we live, zero-marginal cost products that are collaboratively developed in the net and that have measurable functional characteristics - so that one can say, in an objective way, this is better or worse — are better produced anarchistically than they are in a proprietary mode. This is what the development of GNU, Linux, and all the rest are about. You can have more people doing more work, contributing more rapidly, fixing more bugs at the point of discovery, and you have Lamarckian evolution of software so that all favorable characteristics are inherited and therefore you get very rapid development. That`s why the development curve on free software products has been so staggering to commercial producers who didn`t know how these things could have roared up out of nowhere.
This is the hypothesis of "Anarchism Triumphant" and part of what I`m writing about in "The Invisible Barbecue." We`re going to have a competition in certain sectors of the economy between property and non-property production and non-property production is going to win. But the same can`t be said when the goods are not functional and there is not an objective evaluation of betterness or worseness, and where the level of collaboration in production is less. We will see art forms in the next generation that are just as collaborative in production as software or free-data goods are, where thousands of people have collaborated on something, but many, almost all, of the traditional art forms are produced by a comparatively small number of people in direct contact with one another. In such a world, I maintain, there`s no inherent reason why non-property production drives out property production. In this world, however, non-property distribution drives out property distribution, and the reason is simply that non-property distribution propagates at the speed of personal recommendation.
WORTHINGTON: Assuming decryption.
MOGLEN: Absolutely. Non-property distribution assumes music you can copy as many times as you please and give to whoever you want, changing it however you like.
WORTHINGTON: And how are producers compensated? Through the kinds of informal systems and prestige that commentators have observed in the free software movement?
MOGLEN: They may very well be, and we have to ask how the producer gets paid, but at the moment we can understand that the distributor who wants to do the same thing in a property way will fail. The market will saturate with non-property distribution. This is what the music industry is afraid of, with respect to Napster and Gnutella and so on.
WORTHINGTON: Unless people are willing to pay for certain proprietary content that can be defended.
MOGLEN: Absolutely. The point is only that the distribution structures have an advantage when it is free. But because the free production structure has no advantage, there`s nothing to prevent Warner Brothers from making better music than a garage band that gives it away for free. Lots of people could prefer one, or lots of people could prefer the other. So, if there were no attempt to make what I would call monopolistic decisions, there`s no end in sight to the coexistence of the free cultural properties market and the non-free, proprietary cultural properties market. They would exist independently of each other for the foreseeable future. What is happening now in the lawsuits against MP3 and Napster, the content industries are saying that you`re not allowed to have a non-property distribution structure. The reason you`re not allowed to do this, they`re saying, is that even if you have non-property goods to distribute in it, the mere fact that you could also be distributing proprietary goods through such a structure means that the whole structure is contributory copyright infringement and should be suppressed.
WORTHINGTON: What do you think will be the long-term outcome of that particular struggle?
MOGLEN: You`d have to put every teenager in the world in jail, and you can`t do it. I published an op-ed piece in the Harvard Crimson last week addressed to that audience, and I said "Isn`t it interesting that here are these companies that do business all over the world selling to young people, and now they`re suing, jailing and harassing them." How can you keep on like this? You can`t alienate your customers. What is the Mattel toy company going to do when children don`t like it?
WORTHINGTON: Will customers actually make buying decisions with their social and political interests at heart?
MOGLEN: At the moment, all over university campuses, two things are going on: students are demanding that the sweatshirts sold in the bookstore not be made in sweatshops, and they`re using Napster. I think the answer to your question is pretty clear - yes, they will put their behavior behind their attitudes. How far?We don`t know. Could it really develop into a kulturkampf between Disney on the one hand and its consumers on the other? No, because Disney is not an idiot. It cannot actually forfeit the goodwill of its consumers.
WORTHINGTON: What if Disney targets, not its customers, but the programmers who make Napster possible?
MOGLEN: But, in the end, of course, that turns out to be the customers. The problem here is that the people who have made free distribution systems have not used free software to do it, and this is the difference between Napster and Gnutella. Once the free distribution structure is free throughout; the software is free; there is no centralized server anymore; there`s no point of contact between Disney and the distribution system it is attempting to suppress, except the consumers who constitute the distribution system, so that after a while you`d have to attack the consumers, because the consumers are also the distributors. We`ve disintermediated the distributors out of the story. Now that happens with respect to zero-marginal cost goods throughout the economy. In the world where music has been subjected to a free distribution structure, there are only musicians, listeners, and people who try to get in between musicians and listeners who we used to refer to as facilitators, publishers.
WORTHINGTON: And people who write the free software that makes this distributed network of relationships possible.
MOGLEN: Absolutely. All of this depends upon that.
WORTHINGTON: Are there ways for the proprietary distribution camp to make that now formless element something tangible, something that they can approach or attack?
MOGLEN: What we are going to see is a strong part on the part of the content industry to attack free software centrally. In the pipelines they`re trying to build, the switch between their pipe and your eyes and ears, your computer is the weakest link in the chain. You control the operating system kernel of that computer, and if you control that operating system, then you can say, "Hey. On the way to the sound card, drop this where I want it put." You have decrypted the content. You`re at the last stage before the noise emerges into air molecules.
WORTHINGTON: So the real civic obligation is to download Linux?
MOGLEN: The real civic obligation is to use free software. That`s correct.
WORTHINGTON: How do you proselytize that?
MOGLEN: If you`re a capitalist and you have the best goods and they`re free, you don`t have to proselytize, you just have to wait.
WORTHINGTON: How long would you say Linux has been the best good? Five years? It seems like there`s a whole world of consumers out there who don`t feel themselves capable of judging whether Linux is a better good at all.
MOGLEN: There are two possible ways of thinking about this question. One is, how long does it take the current user base to get to free software, and the other is how long does it take the current user base to be replaced by another user base. It`s a transitional issue. In 1979, when I was working at IBM, I wrote an internal memo lambasting the Apple Lisa, which was Apple`s first attempt to adapt Xerox PARC technology, the graphical user interface, into a desktop PC. I was then working on the development of APL2, a nested array, algorithmic, symbolic language, and I was committed to the idea that what we were doing with computers was making languages that were better than natural languages for procedural thought. The idea was to do for whole ranges of human thinking what mathematics has been doing for thousands of years in the quantitative arrangement of knowledge, and to help people think in more precise and clear ways. What I saw in the Xerox PARC technology was the caveman interface, you point and you grunt. A massive winding down, regressing away from language, in order to address the technological nervousness of the user. Users wanted to be infantilized, to return to a pre-linguistic condition in the using of computers, and the Xerox PARC technology`s primary advantage was that it allowed users to address computers in a pre-linguistic way. This was to my mind a terribly socially retrograde thing to do, and I have not changed my mind about that. I lost that war in the early 1980s, went to law school, got a history PHD, did other things, because the fundamental turn in the technology - which we see represented in its most technologically degenerate form, which is Windows, the really crippled version. I mean, I use Xwindows every day on my free-software PCs; I have nothing against a windowing environment, but it`s a windowing environment which is network transparent and which is based around the fact that inside every window there`s some dialogue to have with some linguistic entity.
WORTHINGTON: There`s a command prompt in every window.
MOGLEN: Exactly. And, of course, network transparency, a central idea of how to organize computers in the world so that what`s behind your window might be a process on another computer is largely gone. The whole thing represents a very downmarket view of the way people and machines ought to interact.
WORTHINGTON: Don`t you think, in today`s world, that it`s increasingly difficult to resist Windows?
MOGLEN: Well, maybe. But the two and three year olds, who`ve grown up with computers since the day they were born, and for whom the limited semantics and even more limited syntax of mouse-frame interaction are just second nature - my two and a half year old nephew, who has all of the difficulties of hand-eye coordination and language acquisition that any two and half year old has, he`s absolutely comfortable moving a mouse around and looking at a pointer on the screen, and he can do 30 or 40 interactions on the screen per minute. All of that is natural to him, and he`s two and a half. When he`s fifteen, is he going to want to use an operating system he can`t change? The idea that he can`t get under the covers after a whole decade and half of life with computers, he`s just got to accept that they`re as formlessly, seamlessly, totally incorporated, with nothing for him to do as his father`s Oldsmobile? That`s just not the way society is going to exist. The number of people who are going to demand to control their environment is going to be very large.
WORTHINGTON: You mean demanding to have access to their source code, tinker with it, and share it with others? Is that how you`re defining controlling their environment?
MOGLEN: Absolutely. In the same way, kids, boy kids particularly of course, they wanted the engines of automobiles to be malleable.
WORTHINGTON: What fraction of Americans actually knew how to tinker with the insides of their cars?
MOGLEN: The answer would be an interesting one. I don`t know, but it`s an important question in the historical sociology of the American relationship to the automobile. At that moment after the second world war, when a high school to factory attitude prevailed about where the good working class life was, what proportion of those kids - mainly boy kids - grew up messing with automobiles?
WORTHINGTON: That`s the question you`d ask in a different form today.
MOGLEN: Yes, you would. And you would say, it`s not going to quite as much a boy thing, but it`s already too much of a boy thing, and the level of sexual dimorphism in this is interesting to observe and to think about and do something about. But, look at the life histories of a bunch of the people you come across when you occupy this beat - people like Stallman and Gillmore. Stallman and I met when he was nineteen and I was sixteen and we sat at adjacent desks in Westchester county working for the same timesharing company, and with two other guys we were writing what I believe was the first networked e-mail system in the world. What I see when I look at guys in our generation, we are now in our 40`s, we were kids who grew up in an environment where we were programmers - not of video games, but of really heavy stuff - we were youngsterswho were allowed to work in ways that youngsters are not now allowed to work because the whole industry is professionalized to the point where you can`t get in without some of the same kinds of credentialing that you get into any other business with.
We grew up in a free-software world. We shared everything. We worked in an environment where the source code to our mainframe operating system was given away. It wasn`t that IBM didn`t claim to own it, but they shared it with their customers so that everybody could improve it together. The people who grew up in the culture of the programmers of the early 1970s, the late 1960s, you see them now at the edges, or even at the center, of the free software movement. You see them now trying to bring about some sense of what it is like to grow up knowing how to program and wanting to be able to make changes and do neat stuff. I think what we`re doing is showing why people will give away what they do, why they will do what`s neat, why they will engage in making stuff just because they know how to do something terrific. To respond to your question, I say that the generation of kids growing up now with computers as standard equipment in their world, they`re not going to lose that feeling, they`re going to have that feeling much more than we did. Now the question is, what are they going to be able to do with it?
WORTHINGTON: Will we have that world even if children are using Windows software from birth? I`m inclined to think that a three year old growing up with Linux, in your story, is much more likely to grow up into your idealized fifteen year old.
Continued
Complete transcript of interview with Eben Moglen: The Encryption Wars
In just the past few months, online secrecy and security have gone through several upheavals. After ten years of trying to use arms export laws to regulate the spread of Pretty Good Privacy (PGP), the most commonly available form of personal, high-grade encryption, at the end of 1999 the U.S. government abandoned its efforts. At the same time, the DVD Copy Control Association, an organization representing Hollywood’s major studios, filed a lawsuit against Internet providers offering links to DeCSS, a freeware program which allows viewers to break the encryption on DVDs and copy them on their home computers. One of the lawyers representing the web sites in the DVD case, Eben Moglen, has been thinking and writing about these issues for many years. General counsel to the Free Software Foundation (developer and distributor of GNU, the core of the Linux operating system) and a professor at Columbia Law School, he has written numerous articles about the Internet (many are available at http://old.law.columbia.edu ), and he is at work on a book, The Invisible Barbecue, analyzing the political and legal forces at play in the evolution of information technologies. Jay Worthington met him at Columbia University in May 2000 for a conversation on the deep implications of these technologies for the cultural and social fabric of today’s world.
JAY WORTHINGTON: There`s a tone of exhortation that seems to run through your writing on encryption- do you see a civic obligation to encrypt on the part of people making use of the internet, e-mail, digital communications generally?
EBEN MOGLEN: I guess. This was particularly true during the state of affairs in the fall of 1998, when I gave a talk at NYU called "So Much For Savages." There was then a feeling that the United States government might actually continue export controls, and that it was in that sense people`s civic responsibility to take advantage of the fact that the controls no longer rested on any technical basis at all and that the attempt of the American secret world and other secret police around the world to slow down the end-to-end encryption of the net was no longer a process over which they had actual control. The hypothesis of "So Much For Savages" was essentially that the determination of whether to make an end-to-end encrypted internet now belonged to the members of the internet community. If they used the publicly available tools, like SSH, they would in effect up the total level of encrypted traffic in the net to the point at which by mere volume alone, without regard to the quality of the algorithms being used, a lot of the traditional listeners would have lost their ability to listen.
WORTHINGTON: What density of encrypted traffic is necessary before mail in an envelope doesn`t stand out from the postcards? At what point does encrypted traffic stop standing out against the background noise?
MOGLEN: It depends on whom you`re thinking of counteracting. As the Europeans have been aware, which was what this year`s Echelon controversy has been about, the U.S. has been essentially the empire in charge of who got what in the global telecommunications structure. The carefully farmed out approach to that which Echelon represented for voice traffic, in which everybody had the right to declare some keywords, but only the U.S. had control over the keyword dictionary and there were a lot of intelligence services around the world providing local collection for U.S. keywords that they couldn`t actually see. That structure no longer seems likely to survive. The Americans will continue to try and take everything, but they will be on a more realistic basis with their foreign listener competitor-cooperators. The Echelon mess will eventually develop into some European recognition that they`re not going to give all the voice traffic on the continent away to the Americans. This in mind, if the net were 30% encrypted, it would be more than sufficient to overwhelm the collection and analysis capacities of everybody except the Americans.
WORTHINGTON: That`s the sort of density where you would have to go fairly far down into the spectrum of casual users.
MOGLEN: Well, it depends. The people who are interested in transactional security now have SSL in the browsers of consumers, and they count upon it`s being there. It`s weak encryption, and they use it a lot less than they could, but just upping the total amount of encrypted data, all by itself, makes things more confusing. With respect to anything, you`ve got to decrypt to figure out what it is, and therefore this pure keyword approach to wading your way through the world`s interactions becomes unusable. You`ve actually got to do traffic analysis in a way which allows you to decide what to decrypt, in order to find out if the keywords are there, instead of purely seining all the information flow in the world looking for words which is effectively how the system has operated up until now.
WORTHINGTON: It does seem the only way today that Louis Freeh could have plausibly suggested simultaneous monitoring one percent of all the telecommunications traffic in the United States.
MOGLEN: That`s right. But it is absolutely true, as you suggested, that unless the dominant operating used by almost everybody affords them real session security through an SSH-like client that simply routinely encrypts what comes in and what goes out as they are typing keys to remote computers we`re not going to have gotten to where we need to go. "So Much For Savages" then was an advertisement, and a thought experiment, and a fundamental point about how things then stood, in the period after there was a defacto recognition that strong encryption was everywhere but while the United States government was still controlling, through export controls, some nominal extent of cryptography in this society.
WORTHINGTON: The export controls were lifted in the fall of `99?
MOGLEN: That`s right.
WORTHINGTON: Do you think that`s a battle the government has given up on?
MOGLEN: Well, I don`t think their answer is there`s nothing we`re going to be able to do about it. But the answer is we are no longer attempting to delay the adoption of strong encryption technology by United States export controls. You`ll notice that last night they took the error out the GPS.
WORTHINGTON: So Iraq is now going to be able to target its cruise missiles precisely on top of the Washington Monument and not 50 meters away.
MOGLEN: Yes. The military says they will continue to provide wrong information in just those places that are absolutely important, but I don`t think that means the White House or the Washington Monument. I think that means missile silos in Montana.
WORTHINGTON: Do you think, ten years from now, we`ll see maps published showing the version of the United States that`s being released now, with these abrupt transitions from crystal clarity to fog?
MOGLEN: Mapmaking is a very interesting subject in general, because when everybody in the country is carrying GPS equipment, one kind of mapmaking that will be absolutely possible consists of the whole structure of what we think of as free data. That is to say - people voluntarily walking around with GPS equipped cell phones donating the stream of their information to a mapping database which will be a very accurate map of everywhere all the time. Every bridge, every road, every place in the country will be repeatedly measured by people moving around with GPS equipment.
WORTHINGTON: Have you heard of any project like this today?
MOGLEN: I`m not aware of any. But you can see that it will happen, because that data stream will exist, and there will be a kind of decentralized geographic information service structure, but I don`t think anybody has yet thought about what will happen. You have lots of people thinking about it from a commercial point of view - Pizza Hut guys wondering how soon they`ll be able to advertise to you on your cell phone where the closest Pizza Hut is.
WORTHINGTON: It sounds like you were going in more of an open-source direction, though.
MOGLEN: That`s right, and indeed, lots of open-data possibilities of all sorts exist out there that we will begin to see. But like a lot of free-software activity, this organizes as people perceive the need or the possibility. It doesn`t organize ahead of that perception. We get, in our world, accustomed to the idea that what people think is neat, or needed, they`ll do. As the net makes possible various kinds of collaborations that have never been possible before they`ll do things, collaboratively, in new ways. Part of what I`m trying to do is understand what the political economy of a world full of that kind of content sharing is, and this is just one tiny little example of such a process.
But let`s return to encryption. Yes, it`s correct, the United States government effectively resigned from certain kinds of control activities over the course of the past year. That represents the end of Phase I of the crypto wars as I knew them Phase I of the crypto wars was a public law controversy about government control over cryptography. Phase II of the crypto wars begins now. It began with the DVD case at the end of last December. It constitutes a private law controversy over cryptanalysis in which what people are attempting now to control is other people`s ability to understand encryption, where previously, in round one, a public law controversy was fought over constitutional and other public law rights to encrypt things. So we have now moved quite sharply from one stage to another stage over the controversy about encryption in society. The leading forces against encryption and cryptography were policemen and spooks, and over the course of the past ten years, from the moment that PGP was distributed on the net until the government`s change in regulations late last year, we were effectively in an environment in which the question was were people going to be allowed to keep secrets or were cops and spooks going to be able to control the development of the technology.
That question has now been answered. If the NSA can develop quantum computers, if this, if that, if somebody figures out a way to factor large numbers... something might destabilize this new environment in a deep way, but as things now stand, cryptography wins over cryptanalysis in civil society for one set of applications, which is the maintenance of privacy in personal communications, and that will have a series of social consequences, some of them which we individually don`t love, or do, but it will have a series of definite effects.
WORTHINGTON: What`s your quick list of these consequences, good and bad? You seem to see a possible divide between the international and the domestic consequences of encryption.
MOGLEN: Well, at least I`ve wanted to point out to people that when you do this social accounting, you can`t treat it as though all of us live in Lake Forest, Illinois. Some of us live in Baghdad, or Beijing, or various other places, and in those other places the balance of power between civil society and government is quite different from what it is in the United States and the social accounting is different. So, yes, the Iraqi gulag, or the Russian gulag, will be more difficult to erect in the 21st century. You can still have an empire of fear, but you have to base that empire of fear more on networks of personal surveillance and informers than on the interception of communication.
WORTHINGTON: And domestically?
MOGLEN: Well, the right of anonymity, which people are beginning to see they might have some stake in, and what we now call privacy, by which this time we mean control over personal information, both depend upon encryption based solutions. If we are going to have the ability to read what we want without being surveilled in reading it, that`s because we are using agents to do our reading, which are unidentifiable and which restore content to us in an encrypted stream. That`s how we get around people who establish surveillance blockages or interception points to find out what we`re reading and whether we`re paying for it, doing something seditious because of it, or just looking at naked people, or whatever. Our ability to behave anonymously on the net, and our ability to control the flow of information about ourselves both depend on our ability to encrypt what we do.
WORTHINGTON: At the same time, encryption is at the heart of the current mechanisms for extracting revenue from copyrighted streams of information on the net.
MOGLEN: That`s precisely why we now find ourselves in disputes over whether cryptanalysis can be controlled by intellectual property law as cryptography was controlled by arms-export law. What we face in the DVD case and in lots of other conceptual or actual situations - CyberPatrol, for example - is a claim that interfering with the secrecy of other people`s content, which in itself creates the possibility of copyright infringement, is somehow sufficient basis on which to abate the cryptanalysis technology altogether. It is not proven in the DVD controversies - nor will it be proven, since it is not happening - that somebody is actually pirating movies off DVDs using DECSS. That`s not what happens. Recovering 5.7 gigabytes of raw video and audio data on a hard drive is not a first step towards commercial piracy of DVDs. The way commercial piracy of DVDs goes is bit-by-bit copying in a mass presser plant, and that`s why movies are cheap in Thailand. It`s got nothing to do with all this DECSS stuff.
What we have is an environment in which rather than thinking about government control over whether we can encrypt, we are now thinking about private power control over whether we can decrypt without permission, and that`s a different war, with a very different legal feeling to it. It has a very different public feeling. The eight largest movie studios in the United States can, paradoxically, spend a whole lot more money litigating these questions than the United States government could ever spend litigating the export control regulations. It`s a paradox of the way the U.S. government works that the secret agencies spent hundreds of millions of dollars building Echelon and all the rest of the interception gear, but when it came down to defending the export controls over encryption in the federal courts you had a couple of assistant U.S. attorneys. You had lots of FBI agents and lots of NSA guys hiding in the shadows, but no lawyers. They couldn`t do scorched earth, bury the other guy, spend him into surrender litigation against Bernstein when he challenged the export controls, but when it comes to a Norwegian fifteen year old and the eight largest movie studios in the world, you can imagine that the shape of the legal confrontation is much more difficult.
WORTHINGTON: And do you think the lines here are as clearly drawn?
MOGLEN: No. What we have here are two different structures of the distribution of cultural product. You have a set of people whose fundamental belief is that cultural products are best distributed when they are owned, and they are attempting to construct a leak proof pipe from production studio to eardrum or eyeball of the consumer. Their goal is to construct a piping system that allows them to distribute completely dephysicalized cultural entities which have zero marginal cost and which in a competitive economy would therefore be priced at zero, but they wish to distribute them at non-zero prices. In the ideal world, they would distribute them at the same prices they get for physical objects which cost a lot of money to make, move and sell, and they would become ferociously profitable. They are prepared to give on price, but at every turn, as with the VCR at the beginning of the last epoch, their principle is any ability of this content to escape their control will bring about the end of civilization.
This is an absurd claim. Nobody believes it but studio executives. My students are beginning to believe, to my shock, a communist thing - namely, it`s our music, and how dare they take it away from us - which is an enormously important and suggestive development. But, the theory of commercial distribution of proprietary culture is not a theory that one can say people have a duty to resist. I`m not at the Abby Hoffman "Steal this Book" level.
But there is, of course, an alternative economy trying to grow up. With respect to software, it`s happened already. With respect to software, it`s already been demonstrated that in the real world in which we live, zero-marginal cost products that are collaboratively developed in the net and that have measurable functional characteristics - so that one can say, in an objective way, this is better or worse — are better produced anarchistically than they are in a proprietary mode. This is what the development of GNU, Linux, and all the rest are about. You can have more people doing more work, contributing more rapidly, fixing more bugs at the point of discovery, and you have Lamarckian evolution of software so that all favorable characteristics are inherited and therefore you get very rapid development. That`s why the development curve on free software products has been so staggering to commercial producers who didn`t know how these things could have roared up out of nowhere.
This is the hypothesis of "Anarchism Triumphant" and part of what I`m writing about in "The Invisible Barbecue." We`re going to have a competition in certain sectors of the economy between property and non-property production and non-property production is going to win. But the same can`t be said when the goods are not functional and there is not an objective evaluation of betterness or worseness, and where the level of collaboration in production is less. We will see art forms in the next generation that are just as collaborative in production as software or free-data goods are, where thousands of people have collaborated on something, but many, almost all, of the traditional art forms are produced by a comparatively small number of people in direct contact with one another. In such a world, I maintain, there`s no inherent reason why non-property production drives out property production. In this world, however, non-property distribution drives out property distribution, and the reason is simply that non-property distribution propagates at the speed of personal recommendation.
WORTHINGTON: Assuming decryption.
MOGLEN: Absolutely. Non-property distribution assumes music you can copy as many times as you please and give to whoever you want, changing it however you like.
WORTHINGTON: And how are producers compensated? Through the kinds of informal systems and prestige that commentators have observed in the free software movement?
MOGLEN: They may very well be, and we have to ask how the producer gets paid, but at the moment we can understand that the distributor who wants to do the same thing in a property way will fail. The market will saturate with non-property distribution. This is what the music industry is afraid of, with respect to Napster and Gnutella and so on.
WORTHINGTON: Unless people are willing to pay for certain proprietary content that can be defended.
MOGLEN: Absolutely. The point is only that the distribution structures have an advantage when it is free. But because the free production structure has no advantage, there`s nothing to prevent Warner Brothers from making better music than a garage band that gives it away for free. Lots of people could prefer one, or lots of people could prefer the other. So, if there were no attempt to make what I would call monopolistic decisions, there`s no end in sight to the coexistence of the free cultural properties market and the non-free, proprietary cultural properties market. They would exist independently of each other for the foreseeable future. What is happening now in the lawsuits against MP3 and Napster, the content industries are saying that you`re not allowed to have a non-property distribution structure. The reason you`re not allowed to do this, they`re saying, is that even if you have non-property goods to distribute in it, the mere fact that you could also be distributing proprietary goods through such a structure means that the whole structure is contributory copyright infringement and should be suppressed.
WORTHINGTON: What do you think will be the long-term outcome of that particular struggle?
MOGLEN: You`d have to put every teenager in the world in jail, and you can`t do it. I published an op-ed piece in the Harvard Crimson last week addressed to that audience, and I said "Isn`t it interesting that here are these companies that do business all over the world selling to young people, and now they`re suing, jailing and harassing them." How can you keep on like this? You can`t alienate your customers. What is the Mattel toy company going to do when children don`t like it?
WORTHINGTON: Will customers actually make buying decisions with their social and political interests at heart?
MOGLEN: At the moment, all over university campuses, two things are going on: students are demanding that the sweatshirts sold in the bookstore not be made in sweatshops, and they`re using Napster. I think the answer to your question is pretty clear - yes, they will put their behavior behind their attitudes. How far?We don`t know. Could it really develop into a kulturkampf between Disney on the one hand and its consumers on the other? No, because Disney is not an idiot. It cannot actually forfeit the goodwill of its consumers.
WORTHINGTON: What if Disney targets, not its customers, but the programmers who make Napster possible?
MOGLEN: But, in the end, of course, that turns out to be the customers. The problem here is that the people who have made free distribution systems have not used free software to do it, and this is the difference between Napster and Gnutella. Once the free distribution structure is free throughout; the software is free; there is no centralized server anymore; there`s no point of contact between Disney and the distribution system it is attempting to suppress, except the consumers who constitute the distribution system, so that after a while you`d have to attack the consumers, because the consumers are also the distributors. We`ve disintermediated the distributors out of the story. Now that happens with respect to zero-marginal cost goods throughout the economy. In the world where music has been subjected to a free distribution structure, there are only musicians, listeners, and people who try to get in between musicians and listeners who we used to refer to as facilitators, publishers.
WORTHINGTON: And people who write the free software that makes this distributed network of relationships possible.
MOGLEN: Absolutely. All of this depends upon that.
WORTHINGTON: Are there ways for the proprietary distribution camp to make that now formless element something tangible, something that they can approach or attack?
MOGLEN: What we are going to see is a strong part on the part of the content industry to attack free software centrally. In the pipelines they`re trying to build, the switch between their pipe and your eyes and ears, your computer is the weakest link in the chain. You control the operating system kernel of that computer, and if you control that operating system, then you can say, "Hey. On the way to the sound card, drop this where I want it put." You have decrypted the content. You`re at the last stage before the noise emerges into air molecules.
WORTHINGTON: So the real civic obligation is to download Linux?
MOGLEN: The real civic obligation is to use free software. That`s correct.
WORTHINGTON: How do you proselytize that?
MOGLEN: If you`re a capitalist and you have the best goods and they`re free, you don`t have to proselytize, you just have to wait.
WORTHINGTON: How long would you say Linux has been the best good? Five years? It seems like there`s a whole world of consumers out there who don`t feel themselves capable of judging whether Linux is a better good at all.
MOGLEN: There are two possible ways of thinking about this question. One is, how long does it take the current user base to get to free software, and the other is how long does it take the current user base to be replaced by another user base. It`s a transitional issue. In 1979, when I was working at IBM, I wrote an internal memo lambasting the Apple Lisa, which was Apple`s first attempt to adapt Xerox PARC technology, the graphical user interface, into a desktop PC. I was then working on the development of APL2, a nested array, algorithmic, symbolic language, and I was committed to the idea that what we were doing with computers was making languages that were better than natural languages for procedural thought. The idea was to do for whole ranges of human thinking what mathematics has been doing for thousands of years in the quantitative arrangement of knowledge, and to help people think in more precise and clear ways. What I saw in the Xerox PARC technology was the caveman interface, you point and you grunt. A massive winding down, regressing away from language, in order to address the technological nervousness of the user. Users wanted to be infantilized, to return to a pre-linguistic condition in the using of computers, and the Xerox PARC technology`s primary advantage was that it allowed users to address computers in a pre-linguistic way. This was to my mind a terribly socially retrograde thing to do, and I have not changed my mind about that. I lost that war in the early 1980s, went to law school, got a history PHD, did other things, because the fundamental turn in the technology - which we see represented in its most technologically degenerate form, which is Windows, the really crippled version. I mean, I use Xwindows every day on my free-software PCs; I have nothing against a windowing environment, but it`s a windowing environment which is network transparent and which is based around the fact that inside every window there`s some dialogue to have with some linguistic entity.
WORTHINGTON: There`s a command prompt in every window.
MOGLEN: Exactly. And, of course, network transparency, a central idea of how to organize computers in the world so that what`s behind your window might be a process on another computer is largely gone. The whole thing represents a very downmarket view of the way people and machines ought to interact.
WORTHINGTON: Don`t you think, in today`s world, that it`s increasingly difficult to resist Windows?
MOGLEN: Well, maybe. But the two and three year olds, who`ve grown up with computers since the day they were born, and for whom the limited semantics and even more limited syntax of mouse-frame interaction are just second nature - my two and a half year old nephew, who has all of the difficulties of hand-eye coordination and language acquisition that any two and half year old has, he`s absolutely comfortable moving a mouse around and looking at a pointer on the screen, and he can do 30 or 40 interactions on the screen per minute. All of that is natural to him, and he`s two and a half. When he`s fifteen, is he going to want to use an operating system he can`t change? The idea that he can`t get under the covers after a whole decade and half of life with computers, he`s just got to accept that they`re as formlessly, seamlessly, totally incorporated, with nothing for him to do as his father`s Oldsmobile? That`s just not the way society is going to exist. The number of people who are going to demand to control their environment is going to be very large.
WORTHINGTON: You mean demanding to have access to their source code, tinker with it, and share it with others? Is that how you`re defining controlling their environment?
MOGLEN: Absolutely. In the same way, kids, boy kids particularly of course, they wanted the engines of automobiles to be malleable.
WORTHINGTON: What fraction of Americans actually knew how to tinker with the insides of their cars?
MOGLEN: The answer would be an interesting one. I don`t know, but it`s an important question in the historical sociology of the American relationship to the automobile. At that moment after the second world war, when a high school to factory attitude prevailed about where the good working class life was, what proportion of those kids - mainly boy kids - grew up messing with automobiles?
WORTHINGTON: That`s the question you`d ask in a different form today.
MOGLEN: Yes, you would. And you would say, it`s not going to quite as much a boy thing, but it`s already too much of a boy thing, and the level of sexual dimorphism in this is interesting to observe and to think about and do something about. But, look at the life histories of a bunch of the people you come across when you occupy this beat - people like Stallman and Gillmore. Stallman and I met when he was nineteen and I was sixteen and we sat at adjacent desks in Westchester county working for the same timesharing company, and with two other guys we were writing what I believe was the first networked e-mail system in the world. What I see when I look at guys in our generation, we are now in our 40`s, we were kids who grew up in an environment where we were programmers - not of video games, but of really heavy stuff - we were youngsterswho were allowed to work in ways that youngsters are not now allowed to work because the whole industry is professionalized to the point where you can`t get in without some of the same kinds of credentialing that you get into any other business with.
We grew up in a free-software world. We shared everything. We worked in an environment where the source code to our mainframe operating system was given away. It wasn`t that IBM didn`t claim to own it, but they shared it with their customers so that everybody could improve it together. The people who grew up in the culture of the programmers of the early 1970s, the late 1960s, you see them now at the edges, or even at the center, of the free software movement. You see them now trying to bring about some sense of what it is like to grow up knowing how to program and wanting to be able to make changes and do neat stuff. I think what we`re doing is showing why people will give away what they do, why they will do what`s neat, why they will engage in making stuff just because they know how to do something terrific. To respond to your question, I say that the generation of kids growing up now with computers as standard equipment in their world, they`re not going to lose that feeling, they`re going to have that feeling much more than we did. Now the question is, what are they going to be able to do with it?
WORTHINGTON: Will we have that world even if children are using Windows software from birth? I`m inclined to think that a three year old growing up with Linux, in your story, is much more likely to grow up into your idealized fifteen year old.
Continued
© Cabinet Magazine, 2002