Ask Cryptome's John Young Whatever You'd Like

John Young of Cryptome, though trained as an architect, has garnered recognition in another field entirely. Since 1996, he's been publishing timely, trenchant news online as the mind behind crypto jya.com and Cryptome. ("Our goal is to be the most disreputable publisher on the Net, just after the world's governments and other highly reputable bullshitters." ) This has put him on the forefront of various online liberty issues, from the MPAA's DeCSS crackdown on DeCSS (he fought the lawyers -- and won), to Carnivore, to Dmitry Sklyarov's continuing imprisonment, and now the several fronts along which electronic communications are threatened by current and upcoming legislation. He recently posted this to the front page: "Cryptome and a host of other crypto resources are likely to be shutdown if the war panic continues. What methods could be used to assure continued access to crypto for homeland and self-defense by citizens of all nations against communication transgressors?" Now's your chance to ask him about the fight for online freedom. Please pose just one question per post; we'll send 10-15 of the highest moderated ones on to John for his answers.

Turnaround on backdoors?

Immediately after the events of 11 September, lawmakers twiddled with the idea of backdoors in crypto products. Last week I read somewhere (not sure if it was on slashdot or some other news site) that lawmakers were backing down on this for some reason (can't remember why).

Is this 'backing down' accurate? What do you think caused the change of heart? And what is your opinion of backdoors in general? Do you think they would work as lawmakers intend them to?

Encryption

The current means of doing public/private key encryption (via large primes) seems pretty much universal. Should we be looking for an alternative if/when someone finds a way to break it?

Encrypting email

Mr. Young,

Currently the vast majority of email travels unencrypted through the Internet, ripe for eavesdropping by Carnivore/DCS1000/Echelon/etc. This is a bit of a "last mile" problem, as I can't reasonably expect my grandmother on AOL to be able to read my PGP-encrypted messages to her unless encryption is made into a standard part of the infrastructure. Otherwise 99% of the users won't bother and that's the situation we have now.

What do you see as being the catalyst that forces the majority of software and service providers to make encrypted email standard equipment? Will it be public outrage over eavesdropping, bribery of ISPs and Microsoft by Verisign or Thawte, or something else altogether? And do you forsee more success for a decentralized standard, like OpenPGP, or for a centralized standard like S/MIME?

-CT

I don't do anything illegal

I do nothing illegal in my life (okay, a little speeding) and don't really care if some government worker who I will never meet reads my e-mail. Should I be concerned about any of this stuff the gov't is trying to push?

Government and Privacy

Do you believe that it is even possible for any kind of government--be it theocratic, totalitarian, or democratic--to coexist on peaceful terms with the existence of individual and corporate privacy and secure communications?

Hi John

What's your opinion on Alan Cox's recient decision to censor security related fixes in his change log announcements on LKML? He cited the DCMA. Also, given that civil liberties are often the first casuality of war, and given that we're "at war" now with Afganistan, when if ever do you think we will see a sucessful court challange that will get this bad law (the DMCA) overturned?

Mirroring, now and in the future

Your efforts (and your unwillingness to flinch in the face of 800-lb. corporate and governmental gorillas) have made cryptome an invaluable resource, for which I certainly thank you. At least once in recent memory you've made a call for mirroring sensitive software and information.

1. What can normal people do to help out with mirroring important information (e.g., crypto information, documentation on civil liberties threats, reverse engineering and Fair Use securing tools, etc.)? How can we stay out of trouble with the law while we're helping out?

2. Have you ever considered providing a mirroring clearing house? That is, devoting a section of cryptome to listing, in an up-to-date manner, resources which need mirroring in various parts of the world?

Thanks!

Certified email?

Due to the current wave of anthrax troubles in the US, do you think a system will be developed somewhere to allow for Certified Email that employes the applications of crpyto to certifying digital signitures, certificate authority, etc? Even if such a service is funneled through a government agent like the Postal Service at like 5 cents per message to be certified, do you think such a service would be useful?

Optimistic or pessimistic overall?

I keep track of the kind of thing Cryptome covers. It affects you, after a while.

Overall, are you optimistic or pessimistic that we will eventually (call it 5-20 years) have a society that you would find reasonably acceptable? Or do you think we're destined for one form or another of effective totalitarianism?

Sources?

I read Cryptome regularly, generally every day or so, and the only question that I can think of is, Where do you get your information from? I'd like to know os that I canstart researching things much the same way.

Question:

John, I've heard a lot of debating lately on Slashdot and other discussion sites regarding the US governments recent initiative to include a government accessible "back door" into all new crypto tools.

Supporters of this program claim that such a program will allow day-to-day communications among law-abiding citizens to remain private, whilst still allowing the FBI and CIA to monitor the communications of suspected terrorists(with a warrant, of course).

The liberal media opposition to this initiative is claiming that by installing government accessible backdoors into encryption tools, we are giving up our right to privacy in favor of increased public safety. For the purposes of this post, I'm going to ignore the fact that nowhere in our Constitution or Bill of Rights, are we guaranteed anonimity or absolute privacy. It seems to me that if we cannot trust our policing agencies to be responsible with the power they have been given, the problem is not with the cryptography, but the government itself, and this problem needs to be addressed as such.

My question to you is: What is Cryptome's, and your personal, stance on government accessible backdoors installed in cryptography. Would the benefit to law enforcement, and the increased homeland security outweigh the possible implications to the loss of privacy. Do you think open-sourcing popular cryptographic tools would help alleviate people's fears about the integrity of their data security?

Re:Question:

Supporters of this program claim that such a program will allow day-to-day communications among law-abiding citizens to remain private, whilst still allowing the FBI and CIA to monitor the communications of suspected terrorists(with a warrant, of course).

A backdoor which does not require anyone outside the agency to assist, or even know about, the tap makes the warrant requirement unenforceable, of course.

The liberal media opposition to this initiative

What color is the sky in your world? If anything, the opposition to increased government snooping is from the conservative and libertarian factions of US politics.

For the purposes of this post, I'm going to ignore the fact that nowhere in our Constitution or Bill of Rights, are we guaranteed anonimity or absolute privacy.

That's good, because the Constitution specifically requires [cornell.edu] that position.

It seems to me that if we cannot trust our policing agencies to be responsible with the power they have been given, the problem is not with the cryptography, but the government itself, and this problem needs to be addressed as such.

The obvious first step in addressing the problem of government abuse is to avoid aggrivating the situation by giving the abusers additional powers.

Is Coding Free Speech?

I know it's a basic question - but it seems to be at the heart of the Free-Crypto debate. Free speech should be free whether its in English, French, FORTRAN or Perl. What arguments do you hear against programming being protected as free speech? Can you use the First Amendment against DMCA, ITAR, etc?

Appealing to the masses

The main problem when dealing with all of these technical/legal issues (legal access to encryption, fair use, privacy, etc.) is that the masses simply don't care. Many people will gladly give up their future rights to ever record a television broadcast again for the chance to watch higher quality (picture-wise, not content-wise) Friends reruns. My question is this - at what point will enough people say "Keep your laws out of my data!" to create a movement that is likely to change the way legislators look at these issues?

Passport and Windows XP Privacy concerns

Hi John,

What do you think of XP, particularly with regard to Passport and privacy concerns?

Thanks,
Al.

general encryption and anonymity

Given modern computing's advances, it's now much easier to encrypt casual traffic than it has been in the past. Have you ever considered providing https:// or some other encrypted form of access to your sites for the general public?

Fear and Personal Saftey...

Despite how everyone on /. talks a big storm about bucking the government, it's got to be pretty damn scary when the feds come knocking at your door. You've no doubt made some powerful, big-time enemies in both the private sector and the government.

Do you ever fear for your own or your family's saftey because of this. Have you ever been threatened? By whom, government agents or private individuals?

If you don't fear for your saftey, what factors about what you do make you feel 'immune' from being 'removed' clandestinely?

Mirroring, now and in the future

Your efforts (and your unwillingness to flinch in the face of 800-lb. corporate and governmental gorillas) have made cryptome an invaluable resource, for which I certainly thank you. At least once in recent memory you've made a call for mirroring sensitive software and information. 1. What can normal people do to help out with mirroring important information (e.g., crypto information, documentation on civil liberties threats, reverse engineering and Fair Use securing tools, etc.)? How can we stay out of trouble with the law while we're helping out? 2. Have you ever considered providing a mirroring clearing house? That is, devoting a section of cryptome to listing, in an up-to-date manner, resources which need mirroring in various parts of the world? Thanks!

A few questions

Are you ever worried about being shutdown / arrested / bugged / having a smear campaign run against you?

Do you think that all the muck flinging by both governments and corporations is going to lead to somone developing a virtual, anonymous, secure network running over the Net that will be untouchable by governments (i.e. legally secure from attack by dint of listening to the Harvard Law types and using their knowledge combined with technological solutions)?

Do you expect show trials by governments to show that the laws they areintroducing now (RIPA in the UK, USA-Patriot in the US etc) are effective, and how long do you think before there will be miscarragies of justice based on political expedeincy?

Public CA

Hi,

Thanks for your efforts. My question was discussed recently on a thread regarding the decision by Thawte to discontinue selling CodeSigning certificates to individuals.

What are the biggest obstacles to a public CA which is supported and funded by, say, the FSF? Is such a thing possible for the Free software community? I guess insurance and certification would be the biggest stumbling blocks. Are there other dimensions to such an undertaking which have not been considered?

If you have nothing to hide...

In your opinion Sir, what would be the best response to those who feel this monitoring should be fully funded and supported? My personal feelings are just if it is my business, it probably isn't any of yours.

Also, since most e-commerce is conducted on so called "secure" connections, how would the installation of government backdoors effect e-commerce. If a government back door was hacked and my credit information stolen and exploited, who would the blame fall on? The credit card company, the business I ordered from, or the government agency who installed a faulty back door?

How will world government deal with an AI economy?

Extremely serious efforts are underway to create artificially intelligent minds, such as at http://sourceforge.net/projects/mind [sourceforge.net] -- just one of 365 open-source projects in artificial intelligence (AI). Do you expect that the World Trade Organization (WTO) or other allances -- either governmental or corporate -- will attempt to control the emergence of AI technology and of an AI-based cybernetic economy?

As an architect, do you have any interest in the architecture of the mind?

Is there any likelihood that AI research will be outlawed or otherwise subjected to illiberal control?

Passport.

Is there any way you can think of that would help convince people (based on scientific principles) that centralised security services are a bad idea? That convenience should not come before security?

Soko

Personal Background

What do you do all day? From what I've read on Cryptome it's clear you remain interested in Architecture - do you still have any professional involvement (info in the on-site BIO tails off at 98)? If not, how do you pay the bills? How did you get from architecture to cryptome? Do you have any interest in computers and the internet other than as a tool (would you consider yourself a hacker, in the positive sense)?
I know, it's more than one question, but they're all in the same direction. I'm curious about the guy.

The Panopticon

The theory of the panopticon state bounces around on Cryptome and Cartome quite a lot. It is interesting that Cryptome and JYA in a certain sense have been set up to watch the watchers and mitigate the power of the panopticon.

My question is: how aggressive can you/should you be in trying to detail the actions of the (insert three letter acronyms and governments here) pushing panopticonism as the solution to society's problems?

You are clearly willing to put yourself in legal peril, but surely there is a point of diminishing returns. How do you balance things, and have you withheld, or would you ever withhold, information that you would like to publish? (...and yes there are two question marks, but they are pretty related)

And thanks!!

John Young and _The_Barnhouse_Effect_

John, I find the service that you provide as Cryptome to be essential. You remind me strongly of the title character in Vonnegut's short story
Report on the Barnhouse Effect [http]. Your reporting keeps the entire world somewhat more honest; and I can't think that it's possible that governments are more careful knowing that someone is watching.

The end of the story, is, of course, of the passing of the torch to Barnhouse's apprentice. I am worried that there's nobody with the combination of integrity, fearlessness, and intelligence to carry on with your work, when your time to perform it is over. Do you worry about that, and are there people to carry the load?

thad

What countries are still free?

I've been watching the United States slow slide towards becoming a police state since the early 90's, when I discovered the Clipper Chip fiasco on comp.org.eff.talk. Thanks for your dedicated work to fight this trend, it won't be forgotten, even if it fails...

So, my question is: If the United States becomes a hostile place for freedom (DMCA, SSSCA, extreme anti-terrorism laws, etc.) where are some good places to flee to?

I write and use free software, and I expect I'll be leaving the US within a couple of years. (I've got a great job, otherwise I'd be leaving already). I don't mind learning a different language... Do you know of any comparative study of different countries of the world, considering at least:

- free speech
- free software
- software patents
- Privacy
- public awareness of the above issues (Most important, perhaps!)
- A just and fair, uncorrupted legal system
- Reasonable balance of taxation, government spending on useful things like education, health care, etc.
- High standard of living

Where would you go?

Benefits/ Detriments of Real Identity

John,
At some point you decided to run cryptome and publish controversial materials under your true identity rather than under a pseudonym.

What benefits and detriments have you found to using your real identity for your efforts instead of a pseudonym?

what will make people care?

Dear Mr. Young,

In your opinion, what will it take - either in terms of EFF-style activism or in terms of 1984-style government repression - to make the average person-on-the-street care about our digital freedoms?

In the current environment it seems that most people have adopted the attitude of Britain's John Major who said - as his Tories wired the UK with videocameras - ``If you have nothing to hide, you have nothing to fear.''

-Renard

"Younglish" - How do you DO it???

Dear John:

Many people will undoubtably ask wide and far-reaching questions about civil-liberties, activism, and running cryptome.org. In contrast, I would like to ask a question perhaps trivial in comparison, but also in the hearts of so very many of your fans.

If this is really ask whatever we'd like ...

How in the world do you generate that unique hash of free-association, bafflegab, verbing, just-this-side-of-understandable wording (not sure which side), "Younglish" writing, for which you are reknowned?

Are consciousness-altering substances ever involved? Where they ever involved? Is it effortless, or do you work at it?

This is nowhere in the same league as DMCA, terrorism, and whatnot.

But believe me, inquiring minds want to know.

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

The "security" of the State vs. the individual

John,

Let me begin by thanking you for your unflinching adherence to the principals of disclosure and freedom of information. I am a great fan of your continuing work. My question follows:

You have in the past, and continue to, post "dangerous" information like names of former intelligence agents, details of government cover-ups, radically contrarian opinions, and open calls for subversive action.

A good example of this is Cryptome's continuing threads on the structural failure of the WTC and potential vulnerabilities of other landmarks. Some would claim that this kind of conversation should take place in closed-door meetings - that open discussion like this could only benefit evil and your support of such discussion is irresponsible.

What are the principals and moral guidelines you use when publishing Cryptome? Are there any lines you would not cross? What are the implications of shifting public opinion (70% favor a national ID card) and mounting US totalitarianism to Cryptome?

Transition from Architecture to Technology

As an architecture student who is also a geek - I'm curious as to how you made the transition to the technology sector. What prompted you to make the change and how did you do it? Was there anyone instrumental in providing you an opportunity? Do you still try to make a connection back to your architecture roots?

Is it true that...

You are channeling Dr. Bronner?

Encrypt! Encrypt! OK!

Backups?

Also, during your talk at USENIX Security '01 you talked about different ways that you are keeping backups of your data. Including having other sites ready to host the data at a moment's notice, and sending out backups of the site to whoever wants copies. You had also mentioned work on a distributed storage system that would be more resistant to having one node shut off. Have you made any progress with this?

Trends in legislation

With recent legal pushes such as the DMCA and proposed SSSCA, what do you see in the future of our legal system? Do you see more pro-corporate laws being passed or do you see potential for a change in the government's traditional bend towards protecting corporate interests? It seems that you are in a position that would grant more insight into this than most of us would have.

Mirror policy question

Mr Young,

I appreciate your site a lot (not only because you have posted some of my own material on it :)

Your site hosts obvious controversial papers. Yet you clearly don't want to have your site mirrored. You state so on your website and your robots.txt disallows it. Why don't you want the information on cryptome and jya to be mirrored? I noticed you changed this policy briefly after the sep 11 attacks,and ofcourse immediately grabbed a copy.

But I'd still like to have a synchronised copy. Not even to publish now, but just to have in case cryptome disappears for whatever reasons.

Paul Wouters