From Visual Developer Magazine #53, January/February 1999


If U Cn Rd Ths...



A 2010 decryption robot might be able to process a million messages or more per hour, and multigigabit fiber networks could transmit a million or more such messages per second.

People sometimes ask me why I don't have my PGP public key in my email signature. After all, I've written about encryption in these pages many times. Surely I don't send my email naked across a public network!

Well, um, yes I do. Truth is, I almost never put anything in email that I wouldn't mind seeing on the front page of the New York Times. I'm not any sort of activist, I'm uninterested in drugs, I love my wife, I don't frolic with interns, and I don't cheat on my taxes. Basically, I'm a boring guy.

But there's another reason: Data encryption isn't the same as privacy. It's a big step, fersure, but incomplete. (Hey, if I send a strongly encrypted message to a Caribbean bank, the government will have some cause to assume I'm up to something…) There are actually three issues in communications privacy: 1. Who I am. 2. Whom I'm speaking to. 3. What I'm saying. Encryption only covers #3, but in fact a great deal can be inferred from #1 and #2.

Anonymous remailers claim to cloak sender identity, but they're only as secure as the server hosting the remailer program. The Scientologists went all the way to the Finnish government to crack, and it wasn't that hard to do. Security that depends on government self-restraint is no security at all, heh-heh.

I haven't yet figured out how to cloak sender identity, but I have an interesting suggestion as to how we might prevent anyone from determining who we're sending messages to. It depends on encryption, but it also depends on bandwidth and processor power, so it's really a mechanism for 2010 and not 1999. Still, once the country (and ideally the world) is heavily laced with gigabit fiber, this sort of thing will work.

Consider a Usenet newsgroup. Anybody can post to it, and anybody can read it. Posting anonymously to a newsgroup is tough—anybody who really wants to trace a posting can trace it, even if you dummy out your name and Net address. However, tracking who reads a newsgroup, while theoretically possible, is orders of magnitude harder, because a newsgroup doesn't live in just one place. A newsgroup is replicated at any number of servers around the world, each of which is a separate access point.

So…imagine with me a future scenario where people post strongly encrypted messages to a server, using the recipient's public key. This server is something like a news server, in that all messages are accessible freely to all. But they're intended for robots, not humans. Robotic clients suck down all the messages, and apply their owners' private keys to each message, discarding a message once it's obvious that it wasn't encrypted with their owners' public keys. Tens of thousands or even millions of messages might pass through a robot's sight before it snags one addressed to the robot's owner.

This is why it's a technique for the future, when processor power and bandwidth are much more abundant than now. Keep in mind that typical text messages (like those executing funds transfers) are quite small and can be compressed almost out of sight. A 2010 decryption robot might be able to process a million messages or more per hour, and multigigabit fiber networks could transmit a million or more such messages per second. 12 MB hard drives are $250 today. What sort of storage capacity will servers have in 2010?

In short, you post encrypted messages in thousands of public places, and monitor those places for messages encrypted for you. If you can read it, it's yours. If the other guy can read it, it's his. The use of bandwidth and CPU time are not a waste, really, but the price of privacy. And it is privacy, finally: The more people use the system, the less the government can infer from it. If use of the system becomes universal, I suspect that it would be uncrackable.

At that point, I'll start publishing my public key. In the meantime, I'll just be boring, OK?