Late one night while sharing a pharmacological product with a spook I met in the northeastern part of the United States, I mentioned I was studying cryptology. "Cryptology is the future," he responded emphatically. "It's what's going to protect us from Big Brother." Since he worked for the National Security Agency (NSA), the thought did occur to me that many would have taken the position that he and his colleagues were Big Brother. But I had learned years ago not to demonize people on the basis of an accidental profession. After all, if an ex-CIA employee like Kerry Thornley could become a staunch libertarian, the creator of Zenarchy and implied co-author of the Erisian holy book Principia Discordia [1], then there was hope for all of us. I additionally believed that one of our best defenses against the national security state was the perennial proclivity of clandestine organizations to piss off their own employees [2]. At any rate, the spook spoke the truth: cryptology represents the future of privacy, and more. By implication cryptology also represents the future of money, and the future of banking and finance. (By "money" I mean the medium of exchange, the institutional mechanisms for making transactions, whether by cash, check, debit card or other electronic transfer.) Given the choice between intersecting with a monetary system that leaves a detailed electronic trail of all one's financial activities, and a parallel system that ensures anonymity and privacy, people will opt for the latter. Moreover, they will demand the latter, because the current monetary system is being turned into the principal instrument of surveillance and control by tyrannical elements in Western governments. These elements all want to know where your money comes from, and when and how you spend it. After all, you might be a terrorist, drug dealer, or spy. And if you try to hide your transactions, you are by definition a money launderer and perhaps a child pornographer. Say what? To understand this quaint accusatorial juxtaposition, one only has to grasp a few simple facts: Money is digital information. The way to hide digital information is through cryptography. The government doesn't want you using cryptography, because they want to know where your money is so they can get some of it. And they don't like you using drugs, unless the government is the dealer [3], or viewing child pornography, unless the government supplies it because it is setting you up for blackmail or a smear campaign [4]. Okay, I'll admit it. I like privacy (I often send mail inside sealed envelopes, and sometimes close the door when I go to the bathroom), take drugs (nothing like a cup of expresso in the morning), and don't like to pay taxes (but doesn't H&R Block make a living off this same popular sentiment?). I don't know much about child pornography, but a friend of a friend is said to have a distant cousin who swears he keeps several hundred gigabytes of encrypted pictures of naked children stored in NSA computers at Ft. Meade. ("No one breaks in there," the cousin supposedly brags.) [5] This is serious stuff. Consider the following items as pieces of an overall mosaic, whose ultimate meaning will become even more obscure as we proceed. Cryptography software is classified as munitions, and its export is restricted by the State Department. The International Traffic in Arms Regulations (ITAR) defines "encryption software" to include not only computer programs designed to protect the privacy of information, but all of the technical data about those programs. ITAR restrictions continue to be enforced, even though the Justice Department originally found them unconstitutional [6]. Mail a copy of your new encryption program to a friend in Italy, and-- presto!--you are subject to prosecution as an international arms dealer. (It is not, however, illegal to export your program to outer space, or to deliver it to your friend by rocket, since a "launch vehicle or payload shall not, by the launching of such vehicle, be considered export for the purposes of this subchapter" (120.10).)

Steward Baker, Chief Counsel for NSA, points out how the spread of cryptology plays into the hands of pedophiles: "Take for example the campaign to distribute PGP ('Pretty Good Privacy') encryption on the Internet. Some argue that widespread availability of this encryption will help Latvian freedom fighters today and American freedom fighters tomorrow. Well, not quite. Rather, one of the earliest users of PGP was a high-tech pedophile in Santa Clara, California. He used PGP to encrypt files that, police suspect, include a diary of his contacts with susceptible young boys using computer bulletin boards all over the country. 'What really bothers me,' says Detective Brian Kennedy of the Sacramento, California, Sheriff's Department, 'is that there could be kids out there who need help badly, but thanks to this encryption, we'll never reach them' " [7] . Which does lead to a few questions. Since the NSA is the largest user of encryption software in the world, does that mean NSA is rife with pedophiles? Are police suspicions to be taken as convincing evidence? And what if this alleged pedophile had never kept notes in the first place? But never mind. What really bothers me is that there could be kids out there who need help badly, but thanks to sloppy records, extended ignorance, and appeals to national security, we'll never reach them. The NSA Chief Counsel also noted, as he had in previous speeches, ". . . it's the proponents of widespread unbreakable encryption who want to create a brave new world, one in which all of us-- crooks included--have a guarantee that the government can't tap our phones." Which caused one observer, Bruce Sterling, to remark, "As a professional science fiction writer I remember being immediately struck by the deep conviction that there was plenty of Brave New World to go around" [8].

Georgetown University cryptologist Dorthy Denning reminds us that "Because encryption can make communications immune from lawful interception, it threatens a key law enforcement tool. The proliferation of high quality, portable, easy-to-use, and affordable encryption could be harmful to society if law enforcement does not have the means to decrypt lawfully intercepted communications. Although encryption of stored files is also of concern, 99% of the issue is telephone communications (voice, fax, and data)" [9]. The reason for this is all those people on the phone dealing drugs. "Almost two thirds of all court orders for electronic surveillance are used to fight the war on drugs, and electronic surveillance has been critical in identifying and then dismantling major drug trafficking organizations. In an operation code named 'PIZZA CONNECTION,' an FBI international investigation into the importation and distribution of $1.6 billion worth of heroin by the Sicilian Mafia and La Cosa Nostra resulted in the indictment of 57 high-level drug traffickers in the U.S. and 5 in Italy . . .. The FBI estimates that the war on drugs and its continuing legacy of violent street crime would be substantially, if not totally, lost if law enforcement were to lose its capability for electronic surveillance" [10]. In fact, that's supposed to settle the issue right there: "We need such-and-such to fight the war on drugs. Case closed." This argument is used ad nauseam in document after document. Nowhere is the issue raised: Oh yeah? So why are we fighting a war on drugs? Such questions are ruled out, because we're dealing with needs here, and needs spew forth their own logic and evolve their own morals.

One of governments' biggest needs is to get all that drug money for themselves, the part they don't already have. The U.S. State Department proposes a sort of international spree of government theft: "We must effect greater asset seizures, not just of bank accounts, but also corporate assets and even corporate entities . . . We must be ready to impose appropriate sanctions against banking institutions, as well as bankers . . . The FATF [Financial Task Force] countries, the 12 EU [European Union] nations, the EFTA countries, and the majority of the 95 states party to the 1988 UN Convention are adopting (if not yet fully implementing) legislation that will ultimately improve individual and collective capabilities." [11] Everyone is suspect. You say you want to buy some Portuguese escudos? We better keep our eye on you--you're a potential money launderer. According to the State Department, "Entry in the European monetary system has made the escudo, which became fully convertible in 1993, more attractive to potential money launderers" [12]. Hmm. Hey, fellows. With that mentality, you should send some investigators from Foggy Bottom up to 19th Street. You'll find an entire building, an outfit called the International Monetary Fund, which was originally set up to work for currency convertibility. No telling what wicked potential money laundering havens they're working on next.

The Financial Crimes Enforcement Network (FinCEN) located in Vienna, Virginia, was set up in April 1990 to track money laundering, and given computerized access to data from pretty much everyone--FBI, DEA, Secret Service, Customs Service, Postal Service, CIA, NSA, Defense Intelligence Agency, National Security Council, the State Department's Bureau of Intelligence and Research, and, yes, the IRS (despite denials). FinCEN has a $2.4 million contract with Los Alamos National Laboratory to develop artificial intelligence programs to look for unexplained money flows [13]. FinCEN also proposed a "Deposit Tracking System" (DTS) that would also track deposits to, or withdrawals from, U.S. banks accounts in real time. Now, if you were a drug dealer (or maybe just an average Joe), how would you react to all this unwanted attention? Try to keep a low profile, maybe? Perhaps opt out of the usual banking channels? "During the past two years, analysts saw an increasing use of non-bank financial institutions, especially exchange houses, check cashing services, credit unions, and instruments like postal money orders, cashiers checks, and certificates of deposit (particularly in 'bearer' form), with transactions occurring in an ever longer list of countries and territories" [12]. This process whereby money flows through non-traditional banking channels is termed disintermediation . Disintermediation happens whenever a government manipulates banking services in such a way to make them less attractive. For example, if bank deposits have an interest rate ceiling of 3 percent, you may elect to pull your money out of bank deposits, and purchase Treasury bills which have no ceiling. In the same way, if the government is looking around in your bank account, perhaps with the idea of seizing it, or seizing you, you may elect not to have a bank account, or at least not one the government knows about. Or you may elect to use non-traditional financial channels which are less likely to be observed. The ultimate end of the process is completely anonymous banking through encrypted digital cash. The State Department also notes will alarm that "[drug] traffickers were employing professional money managers." Which does lead one to reflect, whatever is the world coming to? The next thing you know, drug dealers will be shopping at the local grocery store and sending their children to better schools. They'll be mowing their lawns and sprucing up the neighborhood. How could we live in such a society?

All this talk of computers has gotten the IRS hot and bothered also. Not in a negative way, mind you. The IRS has become obsessed with the noble goal to save us time by just sending us a bill: "In an effort to catch more tax cheats, the Internal Revenue Service plans to vastly expand the secret computer database of information it keeps on virtually all Americans. . . .'Ultimately, the IRS may obtain enough information to prepare most tax returns,' said Coleta Brueck, the agency's top document processing official. 'If I know what you've made during the year', she said, 'if I know what your withholding is, if I know what your spending pattern is, I should be able to generate for you a tax return...' " [14]. We have nothing to fear, apparently, but fiends who hide their spending patterns. Well, Coleta, you had better prepare for a flood of data that is spending-pattern impaired, because according to the Crypto Anarchist Manifesto, "Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions" [15]. How did we come to this state of catch as catch can, and where are we going from here? Perhaps history will give some perspective. Let's start with that big bugaboo--drugs. In article logic, drug prohibition leads to money laundering, which leads to increased surveillance of banking transactions, and heightens interest in anonymity through cryptology. Oh, What a Lovely War! In the mid-1990s the United States and other countries were spending a good deal of money on a "war on drugs." What the phrase meant was unclear in a nation where 50 million people used tobacco, over 100 million used alcohol, and virtually everyone used aspirin or an equivalent pain-reliever. But certainly there was a prohibition in using, or dealing in, certain drugs. Naturally these drugs were still available on the black market despite the prohibition. The market supplied the consumption needs not only of the general public, but also of federal prisoners. Thus even if the country were turned into a police state, such drugs would still be available. Given this, what was the purpose or function of the prohibition? The simple economic rationale was this: the war on drugs was a source of profit both to those who dealt in prohibited drugs, and those who conducted the war against them. The prohibition of anything is a restriction in supply. Supply restriction drives up the price. In 1973-4 the OPEC cartel caused a quick four-fold increase in the price of oil by restricting its supply. It also greatly increased the profit margin on each barrel pumped out of the ground. In a similar way, prohibition of drugs increases their black market price and the potential profit margin from supplying them to the public. But legitimate businessmen are deterred from entering the market. Hence drug prohibition creates a bonanza--high profit margins --only for those willing to deal in prohibited products. Just as alcohol prohibition financed the growth of powerful mobsters like Al Capone earlier in the century, so did prohibition of cocaine finance the growth of powerful production and supply cartels, such as the Cali cartel in Colombia. The U.S. government's prohibition made it possible for them to become rich, and then powerful. Because trade in drugs is illegal, contracts cannot be enforced in court. One cannot resort to common or commercial law. Hence contracts are often enforced via the barrel of a gun. And as there is no countervailing authority, those who enforce their contracts with guns may use the same method to simply eliminate competition. Territory is acquired or defended by force. Steven B. Duke, the Law of Science and Technology Professor at Yale University states simply: "The use of drugs-- except, of course, alcohol--causes almost no crime." But drug prohibition does cause crime. The firearm assault and murder rates rose in the U.S. with the start of Prohibition in 1920, and remained high during it, but then declined for eleven consequence years after Prohibition was repealed. In the U.S. today, perhaps one-third of murders are related to contract enforcement and competition over dealing territory [16]. Prohibition turns others into crime victims. Because certain drugs cannot be obtained at the local neighborhood drugstore, drug consumers visit unsafe parts of a city, and are simply assaulted. Such victims, naturally, are not in a position to complain to the police. Others become victims because of the lack of quality control. Because drugs are illegal, rip-off artists who deal in substitute or impure products know they will not be sued. Other suppliers simply make mistakes in production, but these mistakes are not caught right away because information flow is not efficient in a non-public market. This results in injuries, often caused not the use of the prohibited drugs themselves, but by the constraint on the flow of information brought about by prohibition. During the earlier era of alcohol Prohibition in the U.S., many of a city's leading citizens became criminals by the fact of visiting the bar of a local speakeasy. There, naturally, they associated with the proprietors, mobsters, who began to acquire increasing political influence. Today billions of dollars in cocaine profits leads to wide-spread corruption [17]. About 1.2 million suspected drug offenders are arrested each year in the U.S., most of them for simple possession or petty sale [18]. Currently in the U.S., police spend one-half their time on drug- related crimes. The court system is on the verge of collapse because of the proliferation of drug cases, which-because they are criminal cases-have priority over civil cases. Six out of ten federal inmates are in prison on drug charges. Probably another two of the ten are there on prohibition- related offenses. There is a crisis in prison crowding (forty states are under court order to reduce overcrowding), with the result that violent criminals--including child molesters, multiple rapists, and kidnappers--are often released early. This is reinforced by mandatory sentencing laws. Consensual drug offenses are not only treated as the moral equivalent of murder, rape, or kidnapping: they are given harsher punishment. Youths are sent to prison for life for selling drugs, while murderers were eligible for early parole for good behavior [19]. As one example, Florida punishes "simple rape" by a maximum prison term of 15 years, second-degree murder with no mandatory minimum and a maximum of life in prison , first degree murder (where the death penalty is not imposed) with a mandatory minimum penalty of 25 years, after which one is eligible for parole, but trafficking in cocaine is punished with life imprisonment "without the possibility of parole." The war on drugs has turned into a war on civil liberties The reason is simple. The war is a war on people suspected of using, or dealing in, or otherwise being involved in drugs. But the drug industry survives because tens of millions of people engage in voluntary transactions, which they try to keep secret. Hence law enforcement must attempt to penetrate the private lives of millions of suspects, which could be almost anyone. A Nobel prize-winning economist wrote: "Every friend of freedom . . . must be as revolted as I am by the prospect of turning the U.S. into an armed camp, by the vision of jails filled with casual drug users and of an army of enforcers empowered to invade the liberty of citizens on slight evidence" [20]. Unfortunately, not everyone is a friend of freedom. A mayor of New York advocated strip searching travelers from Asia and South America. A U.S. congressman introduced a bill to create an "American Gulag" of Arctic prison camps for drug offenders. And so on. The drug trade is sustained by prohibition itself. Agencies like the Drug Enforcement Administration (DEA) grew up to "fight" the drug war. Their budgets, prestige, and paychecks depend on the war's continuation. These agencies have vast sums to spend on public relations and propaganda ("education"), and a vested interest against legalization. Since these agencies profit from crime, they have an incentive to cultivate criminality as a natural resource. The sheriff of Broward County, Florida, manufactured his own crack cocaine to sell to buyers in order to arrest them [21]. Others employ cocaine gigolos, who then pressure unsuspecting boyfriends/girlfriends into purchasing drugs from undercover agents (e.g., United States v. Eugenio Llamera, No. 84-167-Cr (S.D. Fla. 1984)). Periodically a new "biggest ever" drug bust (such as 22 tons of cocaine in a Los Angeles warehouse) is proudly announced, with no apparent perception that such busts prove the agencies are failing in their alleged goal of drug elimination. Meanwhile, some government employees-drug warriors-themselves engage in criminal acts for enjoyment or to supplement their income. Drug dealers, in particular, can be killed and robbed with impunity. Forfeiture laws, which allow the seizure of money, houses, boats, cars, planes, and other property on the basis of a circumstantial connection with prohibited drugs, have also been profitable. The associate deputy attorney general in charge of the U.S. Justice Department's forfeiture program said "we're not at all apologetic about the fact that we do benefit (financially) from it" [22]. Others are paid to extend the war internationally. Examples include Latin American coca crop eradication and substitution programs. These have had almost no success, and have created massive social problems [23]. Poor farmers can make four to ten times as much growing coca as in growing legal crops [24]; they can grow coca and marijuana in regions with poor soil; and they can avoid oppressive agricultural regulations encountered with the production and sale of crops lacking an efficient alternative to government marketing organizations. The 200,000 peasant families (1 million people) engaged in coca production in Peru are oblivious to campaigns urging them to "just say no" to the source of their livelihood. In the last few years, the use of, and hence the demand for, cocaine has fallen. But there are always new ways to justify increased drug war budgets. The U.S. Department of State notes, with no awareness of the irony of the statement: "The economics of the heroin trade are also important. While at U.S. street prices, cocaine and heroin are competitive, at the wholesale level heroin has a strong advantage. A kilo of cocaine wholesales for between $10,500 and $40,000; a kilo of heroin will fetch on average between $50,000 and $250,000. With the likelihood that heroin will be to the 1990's what cocaine was to the 1980's, Latin American trafficking organizations are poised to cash in on a heroin epidemic" [12]. And, naturally, so also are those who fight them. For at some point it occurred to these drug warriors, mighty and bold, that there were easier ways to make a living. Why not just go after the cash? After all, if you go out to the poppy fields you may get your boots muddy, and (more importantly) bankers don't carry guns. 99 and 44/100 Percent Pure The House of Representatives report on the banking legislation leading up to the U.S. Banking Secrecy Act of 1970 noted that "secret foreign bank accounts and secret foreign financial institutions" had been used, among other things, to "purchase gold," and to serve "as the ultimate depository of black market proceeds from Vietnam" [25]. The report does not explain why the purchase of gold was a menace to society, nor elaborate on the role of the House in creating a black market in Vietnam. Within a few years gold was legalized, and the absence of U.S. military forces in Vietnam eliminated the black market. The report also noted: "Unwarranted and unwanted credit is being pumped into our markets." This was also attributed to foreign banks with secrecy laws, although the Federal Reserve--the real source of excess credit in the years leading up to the breakdown of Bretton Woods--is not foreign. In short, the House report was a broad-based attack with little rhyme or reason, setting the tone for similar future studies. As is usual in political double-speak, the Banking Secrecy Act was an act of legislation intended to prevent, not preserve, banking secrecy. It created four requirements that were supposed to address the issue of money laundering: 1) A paper trail of bank records had to be maintained for five years. 2) A Currency Transaction Report (CTR) had to be filed by banks and other financial institutions for currency transactions greater than $10,000. CTRs were filed with the IRS. 3) A Currency or Monetary Instrument Report (CMIR) had to be filed when currency or monetary instruments greater than $5,000 were taken out of the U.S. CMIRs were filed with the Customs Service. 4) A Foreign Bank Account Report (FBAR) had to filed whenever a person had an account in a foreign bank greater than $5,000 in value. (The latter two requirements have been increased to $10,000.) These reports mostly collected unread during the 1970s. But that was to change with the growth in computerized recordkeeping and artificial intelligence processing, and with the escalation of the "war on drugs." In the early 1980s, a Senate staff study noted in alarm "what appears to be otherwise ordinary Americans engaged in using offshore facilities to facilitate tax fraud. These cases signify that the illegal use of offshore facilities has enveloped 'the man next door'--a trend which forecasts severe consequences for the country" [26]. The same report made a concerted effort to draw connections between the eurodollar market and criminal activity, noting "few banking authorities address the issue of primary concern to us here: criminal uses of Eurobanking." The focus was not banking fraud or theft: "The most visible and notorious aspect of offshore criminality involves drug traffic." One of the report's many recommendations was that the Treasury Department should work with the "Federal Reserve Board to develop a better understanding of the financial significance and use of currency repatriation data as well as information about foreign depositors' currency deposits." Subsequently, Panama was identified as the major banking center for the cocaine trade, and Hong Kong as the major center for the heroin trade, based largely on the amount of U.S. dollars, including cash, being return to the Federal Reserve by, respectively, the Banco National de Panama and by Hong Kong-based banks [27]. Thus, with that simple act, the Federal Reserve Board was transformed from an institution that watched over the currency to a co-conspirator that watched over currency users. Efforts were extended internationally to trace cash movements. The Bank for International Settlements (BIS) Code of Conduct (1984) recommended a global version of the CRT. Information from the global CRT was to be processed by the OECD and shared with tax authorities in all industrialized countries. The G-7 countries in 1989 agreed to form the Financial Action Task Force (FATF), with staffing and support to be provided by the OECD. FATF now includes 26 governments. In May 1990, FATF adopted forty recommendations on money laundering countermeasures. These included provisions that a global currency tracking system (the global CRT proposed earlier by the BIS) be created, that financial institutions be required to report "suspicious transactions" to law enforcement authorities, that global sting operations be used against launderers, and that electronic money movements, especially international wire transfers, be monitored. So better beware your banker: by law, he's a snitch. Maybe even a government employee. In one recent example of a global sting, government officials set up a bank in the Caribbean (Anguilla), and advertised their services in confidential banking. They then turned all the information over to tax authorities. Did you ever wonder why uneducated people believe in international banking conspiracies? The Digital World of Money Money is a mechanism for making payment. What we want from a payments mechanism is fast, reliable (secure) service at a low cost. In current technology that means that the payment mechanism will be determined by transactions costs. Hence money in a modern economy exists chiefly in the form of electronic entries in computerized recordkeeping systems or data bases. Money exists as a number (e.g. 20) beside which is attached a currency or country label (e.g. DM or BP or U.S.$) and also an ownership label (e.g. "Deutsche Bank" or "Microsoft" or "Jack Parsons"). Physical goods are transported to different geographical locations, but currencies by and large are not. This is true both domestically and internationally. A bank in London will sell British pounds to a bank in Frankfurt for deutschemarks by having the Frankfurt bank's name recorded as the new owner of a pound deposit in London, while the London bank's name is recorded as the new owner of a deutschemark deposit in Frankfurt. Payment between banks is made by an exchange of electronic messages. The scope and size of transactions mandates this type of payment mechanism. The most important communications network for international financial market transactions is the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a Belgian not-for-profit cooperative. This system for transferring foreign exchange deposits and loans began actual operation in May 1977 and by 1990 had 1,812 members, and connected 3,049 banks and securities industry participants in eighty-four countries. It carried an average of 1.1 million messages per day. SWIFT messages are transmitted from country to country via central, interconnected operating centers located in Brussels, Amsterdam, and Culpeper, Virginia. These three operating centers are in turn connected by international data- transmission lines to regional processors in most member countries. Banks in an individual country use the available national communication facilities to send messages to the regional processor. A bank in London, for example, will access SWIFT by sending messages to a regional processing center in the north of London [28]. The message will be received by a bank in New York via the SWIFT operating center in Culpeper, Virginia. Within the U.S. the most important communications-money-channels are Fedwire and CHIPS. Eleven thousand depository institutions have access to Fedwire, the electronic network system of the Federal Reserve System. (About a thousand of these access the system through the New York Fed.) In 1991 an average of $766 billion daily went through the net, of which $435 billion involved the New York Fed. The average size of a funds transfer was $3 million. There were 258,000 average daily transfers. The New York Clearing House Association (twelve private commercial banks) operate the Clearing House Interbank Payments System (CHIPS) to settle foreign exchange and eurodollar transactions. CHIPS connected 122 participants in 1991. On an average day $866 billion went through the CHIPS network, with 150,000 average daily transfers (or an average transfer size of about $5.7 million). Sometimes there are large fluctuations in the level of payments. On January 21, 1992, $1.5977 trillion went through the CHIPS system. That is, the U.S. M1 money stock turned over several times in a single day. The CHIPS system maintains an account at the New York Fed. Much of the nation's money flows through what is literally an underground economy: the computer banks located beneath 55 Water Street in Manhattan. These systems, even the Fedwire system, did not arise by centralized government planning. ". . . it is historically accurate that the Fedwire system evolved in almost a 'natural' manner; no one at the Board or at a Reserve bank ever sat down and said 'let there be a wire transfer system.' Thus, Fedwire can be regarded as an example of a market tendency to evolve, over time, in an efficient manner" [29]. In Europe, banks have available CEBAMAIL, a shared voice and data network established by European central banks and later expanded to other users. European banks also use IBM's International Network and DIAL service to communicate with the Bank for International Settlements in Basle, Switzerland, and with each other. Money, then, is part of the worldwide information superhighway (or infobahn). The Clinton administration's proposal for a "National Information Infrastructure" (NII) was announced in 1994: "All Americans have a stake in the construction of an advanced National Information Infrastructure (NII), a seamless web of communications networks, computers, databases, and consumer electronics that will put vast amounts of information at users' fingertips. Development of the NII can help unleash an information revolution that will change forever the way people live, work, and interact with each other" [30]. To be sure, the ensuing hype has made the whole thing sound like more circuses to keep the masses pacified and thirsty: 500 channels of MTV with beer and Pepsi ads, and insurance salesmen popping out of your home computer. But the information revolution was already well underway, and had been so for years. The real agenda for government involvement was stated in the White House Press release, April 16, 1993: "Sophisticated encryption technology has been used for years to protect electronic funds transfer. . . While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals." Now, in fact, almost all modern technology, from can openers to automobiles, can be used by terrorists, drugs dealers, and criminals (even the thieves in the Justice Department who preside over asset forfeitures). But what is special about cryptography is that it threatens to slow or nullify the effectiveness of government-sponsored computer surveillance of individuals and private business. To get a handle on this, let's brush up our high school cryptography, which has probably grown rusty from lack of use. Eager students can read an exhaustive history of the subject written by David Kahn [31], but we will only focus on the tail- end, post-Kahnian part of the story, on something called "public key cryptography" [32]. Public Key Cryptography in One Easy Lesson Public key cryptography relies on two scrambling devices, called "keys", that have the following relationship. There is a public key P and a private key R. Suppose I write a sweet, sensitive love letter, filled with spiritual values, genetic imperatives, and sexual innuendo, to my current flame Veronica. Let's refer to this letter as the message M. I encrypt it with Veronica's public key P, producing the encrypted message P(M). Anyone looking at P(M) will only see a string of meaningless symbols, gibberish. When Veronica receives it, she will apply her private key R to the encrypted message, producing R(P(M)) = M, turning the apparent randomness into tears, joy, and erotic fantasy. The key pairs P and R must have the relationship that for any message M, R(P(M)) = M. In addition, it should be practically impossible for anyone to determine M from P(M), without the associated private key R. For any other private key R', R'(P(M)) is not equal to M--it's still gibberish. The key pairs P and R also have the commutative relationship P(R(M)) = M: if you encrypt a message with your private key R, then anyone can decrypt it using your public key P. Being able to send secure messages is one function of public key cryptography. Another function is authentication. Suppose you sent a message M to Bill. He receives the message M*. Bill doesn't know whether M* is really from you; or, even if it is from you, whether it has been altered in some way (that is, if the M* he receives is the same as the M you sent). The solution to this problem, using public key cryptography, is that you also send Bill a digital signature S along with the message M. Here is how this authentication process works. For simplicity, assume you don't even encrypt the message to Bill. You just send him the plain message M, saying "Dear Bill: You are wrong and I am right. Here is why, blah blah blah [for a few thousand words]." Then you just sign it by the following procedure. First you chop your message down to size, to produce a (meaningless) condensed version, where one size fits all. To do this, you need a message chopper called a "hash function." You apply the hash function H to the message M to produce a "message digest" or "hash value" H(M) which is 160 bits long. You then sign the hash value H(M) with your own private key R, producing the signature S = R(H(M)). The receiver of the message, Bill, applies the same hash function to the received message M* to obtain its hash value H(M*). Bill then decrypts your signature S, using your public key P, to obtain P(S) = P(R(H(M))). He compares the two. If H(M*) = P(R(H(M))), then he knows the message has not been altered (that is, M* = M), and that you sent the message. That's because the equality will fail if either (1) the message was signed with some other private key R', not yours, or if (2) the received message M* was not the same as the message M that was sent [33]. By some accident, of course, it could be that Bill finds H(M*) = P(R(H(M))) even if the message has been altered, or it is not from you. But the odds of this happening are roughly 1 in 2^160, which is vanishingly small; and even if this happens for one message, it is not likely to happen with the next. The Growth of the Information Superspyway NSA is the U.S. intelligence agency located in Ft. Mead, Maryland, which is responsible for collecting electronic and signals intelligence. Activities include monitoring the conversations of foreign leaders, listening in on most international communications (including financial transactions), breaking codes, and setting the cryptological standards for U.S. military and security agencies [34]. In 1975 at the University of California at Berkeley, I made a special trip over to the employment office to see the NSA recruitment posters. They were, after all, a novelty. Hardly anyone knew the NSA ("No Such Agency") existed, and the word was just getting around that mathematicians could compete with physicists for Defense Department largess. A couple of years later, Bobby Inman departed his post as head of Naval Intelligence, from which vantage point he had leaked Watergate revelations to Bob Woodward, to become head of NSA. Soon thereafter, the NSA began harassing certain mathematicians in the private sector, claiming "sole authority to fund research in cryptography" [35]. In those days such a monopoly was possible. The computer culture was hierarchically structured and mind-bogglingly pedantic. Peon programmers produced a token 20 lines of code per day, which allowed them plenty of time to attend "efficiency" meetings. Systems analysts involved themselves in busy work--creating elaborate flow charts to explain self-evident routines. Only those who learned to toe the line were allowed gradual access to better equipment and more CPU time. NSA, meanwhile, was one of the top markets for expensive, sophisticated computer equipment. If you wanted to be a cryptologist [36], you bit the bullet and bowed to NSA and IBM. The federal encryption standard for unclassified government computer data and communications, an encryption algorithm called Lucifer, had been developed by IBM in the early 70s. It was later certified by a civilian agency, the National Bureau of Standards (now NIST), as the Data Encryption Standard (DES) in 1976. Unlike public key cryptography which uses two keys (either one of which may be used to encrypt, and the other to decrypt), DES was a symmetric key system, using a single key to both encrypt and decrypt. Because of the single key, DES could be used for encryption or authentication, but not both simultaneously. Through the American Bankers Association and ANSI's Financial Institution Wholesale Security Working Group, DES entered the banking world as a method of encryption and message authentication in electronic funds transfer. But for digital signatures it made more sense to rely on public key cryptography. And although the NIST began to solicit public-key cryptographic algorithms in 1982, nothing would be approved for another decade, so both federal agencies and private organizations, including banks, began to look to commercial sources of digital signature technology. (They basically settled on one called the Rivest-Shamir- Adleman (RSA) system.) Meanwhile, the anarchy of the personal computer had been unleashed. The PC allowed one person to be in charge of the entire software development process. She could be hardware technician, systems analyst, mathematician, programmer, artist-in-residence, and general hell- raiser rolled into one. Just as Gutenberg inspired later generations to learn to read precisely because they had, Pogo-like, acquired the ability to write, so did the appearance of the microprocessor inspire a generation of talented and creative people to absorb themselves in computer-accentuated tasks which no longer mandated interaction with a phalanx of mandarins whose notion of Eros was a COBOL routine to insert Tab A into Slot B. To be sure, the PC was not powerful enough to break codes (cryptanalysis), but it was a good enough tool for creating cryptography software. In 1984 Reagan's National Security Decision Directive 145 (NSDD-145) shifted the responsibility for certifying DES-based products to NSA. Executive Order 12333 in 1980 had made the Secretary of Defense the government's executive agent for communications security, and NSDD-145 expanded this role to telecommunications and information systems. The Director of NSA was made responsible for the implementation of the Secretary's responsibilites. In 1986 NSA created an uproar by saying it would no longer endorse DES products after 1988, and would substitute a new set of incompatible, classified, hardware standards. Banks and software vendors weren't happy with the news because they had only recently invested heavily in DES-based systems. But Congress effectively rejected NSDD-145's federal computer security plan by passing the Computer Security Act of 1987, and DES was reaffirmed anyway (with the NIST reinstated as the certifier of applications that met the standard), and then affirmed again in 1993. (The next DES review is scheduled for 1998.) Changes in technology were creating both new security concerns and spying opportunities. On the one hand, a rank amateur with a scanner could sit in his apartment and monitor his neighbors' cordless and cellular telephone conversations. (After all, if a signal makes it into your bedroom, you may feel you have a right to tune it in.) On the other hand, the NSA could in the same way make use of the electromagnetic signals sent out by computer hardware components. Unshielded cables act as radio broadcast antennas. Related signals, especially from the computer monitor and the computer's CPU, are sent back down the AC power cord and out into the building's electrical wiring. Signals may also be transmitted directly into the phone line through a computer modem (which isn't in use). These frequencies can be tuned, so that what appeared on one person's computer screen can be displayed on an observer's screen a block away. (There were no laws against monitoring computer radiation then, and there are none now, so the NSA can take the position that it is doing nothing illegal by parking its monitoring vans in domestic spots in New York, Chicago, San Francisco, and Washington, D.C. [37].) The erosion of the spying monopoly led to the 1986 Electronic Communications Privacy Act (ECPA) which prohibited phone and data-line tapping--except, naturally, by law enforcement agencies and employers. ECPA made cellular (but not cordless) phone monitoring illegal. President Bush would later sign a second law which prohibited even the manufacture or import of scanners that are capable of cellular monitoring. But the latter law was nonsensical, since every cellular phone is itself a scanner. In a demonstration for a Congressional subcommittee, it took a technician only three minutes to reprogram a cellular phone's codes so that it could be used for eavesdropping [38]. With the worldwide collapse of Communism, federal agents quickly discovered a new fount of terrorist activity: American teenagers, hackers. The Secret Service crusade to conquer children started when Congress passed the Computer Fraud and Abuse Act in 1986, and culminated in May 1990 with Operation Sundevil, in which 42 computer systems were seized around the country, along with 23,000 floppy disks. One college-age hacker, Chris Goggans (a.k.a. Eric Bloodaxe) upon receiving information which led him to suspect the coming raid, went home and (like any good host) cleaned and vacuumed his apartment, placed little notes in drawers ("Nope, nothing in here"; "Wrong, try again"), and adorned his desk with brochures from the local Federal Building--titles like How to Become an FBI Agent, . . . Secret Service Agent, etc. The raid came one morning while Goggans was in bed. "Leading the pack is Special Agent Tim Foley," Goggans recounts, "and he's got his service revolver out, and he's got it pointed at me. He's a pretty big guy and I'm me. . . . Hackers are a notoriously violent group of people who are known for their physical prowess, so guns are definitely always necessary" [39 ]. Paranoia verged on the imbecilic. AT&T Security found a description of 911 system administration, called "E911," on one bulletin board service. They claimed in court the theft of this information was worth exactly $79,449, but the case fell apart when the defense showed the same information, with more technical details, about the 911 system was publicly available from AT&T for the mere price of $13. The FBI, meanwhile, was undergoing culture shock. Telephone carrier signals were now digital and multiplexed, so that any specific channel might be interleaved among many others in a continuous stream of bits which the FBI could no longer access with only a pair of alligator clips. In March 1992 the FBI proposed Digital Telephony legislation (code-named in FBI documents "Operation Root Canal") that would require private industry to provide access ports in digital equipment for the purpose of tapping specific conversations. The FBI proposal didn't sit well with the General Services Administration (GSA), the largest purchaser of telecommunications equipment for the U.S. government. GSA noted that the "proposed bill would have to have the FCC or another agency approve or reject new telephone equipment mainly on the basis of whether the FBI has the capability to wiretap it." So GSA opposed the legislation for security reasons, noting it would "make it easier for criminals, terrorists, foreign intelligence (spies) and computer hackers to electronically penetrate the public network and pry into areas previously not open to snooping. This situation of easier access due to new technology changes could therefore affect national security" [40]. Ironically, the World Trade Center was subsequently bombed by a group that was already under FBI surveillance, so one could make a case that voyeurism, not public security, was the real intent of the proposed legislation [41]. The 1992 Digital Telephony proposal would have also given the Justice Department the unilateral and exclusive authority to enforce, grant exceptions, or waive provisions of the law, or enforce it in Federal Court. You know, the *Justice Department*: that splendid collection of righteous lawyers, whose recent triumphs include overseeing the slaughter of a religious group in Waco, Texas [42], running a software company into bankruptcy and appropriating its software [43], and allegedly manipulating the machinery of justice to cover tracks left by financial thieves [44]. Now the Computer Security Act of 1987 had authorized a U.S. government project to develop standards for publicly-available cryptography. On April 16, 1993 the Clinton Administration announced two new controversial Federal Information Processing Standards (FIPS) which embodied Capstone's principal elements. These were the Escrowed Encryption Standard (EES)-- a.k.a. "Clipper"--and the Digital Signature Standard (DSS). All private companies doing business with the government might be affected. The Escrowed Encryption Standard The EES was promulgated by the Clinton Administration as a voluntary (for now, anyway) alternative to the Data Encryption Standard (DES). It involved a bulk data encryption algorithm called Skipjack, which would be contained on a tamper- resistant chip, called the Clipper Chip (or MYK-78). The chip would be manufactured by VLSI Logic, and programmed with the algorithms and keys by Mykotronx at a facility in Torrance, California. Each chip would contain a trapdoor that would allow the government, using a two-part key (U = U1+U2), each half deposited with a different escrow agency, to decode any communications sent through the chip [45]. Here is how the process works. (You can skip this paragraph and the next one if you like.) In addition to the Skipjack encryption algorithm, each chip will contain a 80-bit family key F that is common to all chips; a 30-bit serial number N; and an 80-bit secret "unique" key U which can be used to unlock all messages sent through the chip. Suppose I have my secure device get in touch with Veronica's secure device. The first thing that happens is our two chips agree on a randomly generated 80-bit symmetric session key K, which will be used only for this one conversation. The Clipper Chip takes our whispered message stream M and encrypts it with K, using the Skipjack algorithm, producing the encrypted message K(M). Simple enough. But my chip also has other ideas. As an entirely separate process, it also takes the session key K and encrypts it with the secret key U, producing U(K). Then it tacks the serial number N on to the end of the encrypted session key, giving the sandwich U(K)+N. Then it takes the family key F and encrypts the sandwich, giving F[U(K)+N]. The encrypted sandwich, F[U(K)+N], is called the LEAF, or "Law Enforcement Access Field." Both my encrypted message K(M) and the LEAF, F[U(K)+N], are sent out over the telephone line. Veronica's chip receives both these, but mostly ignores the LEAF. Her chip simply takes the previously agreed session key K and uses it to decrypt the encrypted message, yielding K[K(M)] = M. Now suppose Fred is a horny FBI agent who wants to listen in on all this. He gets a warrant (maybe), and has the phone company plug him into the conversation. With his listening device, he siphons off both my encrypted message K(M) and the LEAF, F[U(K)+N]. As a member of the FBI he is allowed to know the family key F, which he uses to decrypt the LEAF, yielding the sandwich: F{F[U(K)+N]} = U(K)+N. So now he knows the serial number N. He then takes N along with his warrant over to the first escrow agency, which gives him half of the secret key, U1. He takes N with his warrant over to the second escrow agency, which gives him the other half, U2. He now knows the secret key U = U1+U2. He uses U to decrypt the encrypted session key: U[U(K)] = K. Now he knows the session key K, which he uses to decrypt my encrypted message: K[K(M)] = M. To his great disappointment, he discovers I was only calling to thank Veronica for the pepperoni and cheese pizza she sent over. Industry was urged to build the EES into every type of communication device: computer modem, telephone, fax, and set-top TV converter. Of course to do so (surprise, surprise) will make a product subject to State Department ITAR export controls. But AT&T, at least, promptly popped the Clipper Chip into the AT&T Security Telephone Device 3600, which has a retail price of about $1,100, because they had been "suitably incentivised" (see below). Another implementation of the ESS is the Capstone Chip (Mykotronx MYK-80), which includes Clipper's Skipjack algorithm, and adds to it digital signature, hash, and key-change functions. While Clipper is mostly intended for telephone communication, Capstone is designed for data communication. Finally there is Fortezza, which is a PCMCIA card that contains a Capstone Chip. Despite generating universally negative comments, EES was approved by the Department of Commerce as a federal standard in February 1994. The details of the NSA-developed Skipjack algorithm are classified. However, it uses 80-bit keys and scrambles the data for 32 steps or rounds. The earlier standard, DES, uses 56-bit keys and scrambles the data for only 16 rounds. But the secrecy of Skipjack removed some of its credibility. People are confident in the security of DES, because its details are public. Hence people have probed DES over the years and failed to find any weaknesses. The primary reason for Skipjack's classification appears to be an attempt to prevent its use without transmission of the associated LEAF field. An outside panel of expects concluded there was no significant risk that messages encrypted with the Skipjack algorithm would be breakable by exhaustive search in the next 30 to 40 years. The same cannot be said for the EES protocol as a whole. Matthew Blaze, a researcher at AT&T showed there are ways to corrupt the LEAF, so that the session key K cannot be recovered, and hence messages cannot be decrypted [46]. Of course if you are sending data files, and not voice, you can ignore the presence or absence of the Clipper Chip altogether. Just encrypt your file with, say, Pretty Good Privacy, before you send it through the Clipper Chip. Thus your original message is an already-encrypted file, and it won't matter if FBI Fred reads it or not. But things are not so simple with voice messages. So the first target for a government ban is alternative encryption devices for voice communication, particularly if the Clipper Chip doesn't catch on. Which would be nothing new: for years ham radio operators have been prohibited from using encryption on the air. The future of the EES may depend on the coercive purchasing power of the U.S. government. A memorandum prepared for the Acting Assistant Secretary of Defense had noted a number of U.S. computer industries objections to a trapdoor chip, such as the Clipper Chip: "The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. In support of their argument, they note that powerful public-key cryptography developed and patented by RSA using U.S. tax dollars is free to developers in Europe, subject to royalties in the United States, and cannot be exported without expensive and time-late export licenses. These charges are true. . . .Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of government purchases)" [47]. The Digital Signature Standard The second announced standard, DSS, uses a digital signature algorithm (DSA) to authenticate the source and validity of messages [48]. Digital signatures are the equivalent of handwritten signatures on legal documents. While there is yet no body of case law dealing with the subject, documents signed with proper digital signatures will almost certainly be legally binding, both for commercial use as defined in the Uniform Commercial Code (UCC), and will probably also have the same legal standard as handwritten signatures. The computer industry had generally wanted the U.S. government to choose instead the RSA algorithm, which was currently the most widely used authentication algorithm. The banking and financial services industry were using both the RSA algorithm and a modified form of the DSA algorithm [49]. As we saw previously, it is typically not the entire message that is signed, but rather a condensed form of it, a hash value. The hash function for the DSS is the Secure Hash Standard (SHS), which accepts a variable-size input (the message) and returns a 160-bit string. SHS was adopted as a government standard in 1993 [50]. That both EES and DSS were rushed forth in an attempt to break the spread of good cryptography in the private sector is acknowledged even by a government agency, the Office of Technology Assessment (OTA): "In OTA's view, both the EES and the DSS are federal standards that are part of a long-term control strategy intended to retard the general availability of 'unbreakable' or 'hard to break' cryptography within the United States, for reasons of national security and law enforcement. It appears that the EES is intended to complement the DSS in this overall encryption-control strategy, by discouraging future development and use of encryption without built-in law enforcement access, in favor of key-escrow encryption and related technologies" [51]. Which brings us back to privacy and the monetary system. The Buck Stops Here In 1993 SWIFT began asking users of its messaging system to include a purpose of payment in all messages, as well as payers, payees, and intermediaries. This type of arrangement would allow NSA computers to scan for any names in which they were interested. To be sure, $10,000,000 for the "Purchase of Plutonium" would have been scanned for anyway. But now they can search for "Hakim 'Bobby' Bey," because someone has decided he's a terrorist. Or someone decided they just don't like him, and so they claim he's a terrorist. In addition, proposals resurfaced for a two- tier U.S. currency. When such a proposal was rumored around 1970 during the slow breakdown of the Bretton Woods agreement, the rumor was dismissed as a paranoid fantasy. Recently the proposal itself has been discussed on the Federal Page of the Washington Post, which gives support to the plan of "an expert on terrorism" (another one?) to have two separate U.S. currencies, "new greenbacks for domestic use and new 'redbacks' for overseas use." The International Counterfeit Deterrence Strike Force (an inter-agency working group informally called the "Super-Bill Committee") supports a revived 1989 DEA plan for the forced conversion of "domestic" dollars into "international" dollars by U.S. travelers at the border, which would be re-exchanged on their return [52]. While Customs deals with physical cash, NSA is set to deal with the electronic variety. That NSA has in some circumstances already monitored international banking transactions since at least the early 1980s seems evident from the inclusion of detailed banking transactions between the Panamanian branch of the Discount Bank and Trust of Switzerland and a Cayman Islands bank in a classified report to the Secretary of State during the Reagan administration. The information in the report seemingly could only have come from electronic access to the bank's computerized records. Some observers have speculated that a bugged computer program, Inslaw's PROMIS, was involved. This program, allegedly stolen from Inslaw by the U.S. Department of Justice, was sold to dozens of banks. (A federal bankruptcy judge found that the Justice Department had purposefully propelled Inslaw into bankruptcy in an effort to steal the PROMIS software through "trickery, deceit and fraud" [53].) The program was said to have been altered in such a way to allow government agencies trapdoor access into a bank's transaction records [54]. The Federal Deposit Insurance Corporation (FDIC) is the government corporation that insures deposits at U.S. member banks. The FDIC Improvement Act of 1991 required the FDIC to study the costs and feasibility of tracking every bank deposit in the U.S. The notion was it was necessary to compute bank deposit insurance requirements in real time. Not everyone thought this was a good idea. The American Banker's Association noted it was inconceivable that such data would "be used only by the FDIC in deposit insurance coverage functions." And even though the FDIC itself argued against the proposal in its draft report to Congress in June 1993, FinCEN used the occasion to propose a "Deposit Tracking System" (DTS) that would also track deposits to, or withdrawals from, U.S. banks accounts in real time. So advances in cryptography come face to face with round-the-clock, round-the-border surveillance. F.A. Hayek argued for the denationalization of money, an abolition of the government monopoly over the money supply, and the institution of a regime of competitive private issuers of currency [55]. One reason was to stop the recurring bouts of acute inflation and deflation that have become accentuated over this century. Another reason was to make it increasingly impossible for governments to restrict the international movement of individuals, money and capital, and thereby to safeguard the ability of dissidents to escape oppression. He said that "attempts by governments to control the international movements of currency and capital" is at present "the most serious threat not only to a working international economy but also to personal freedom; and it will remain a threat so long as governments have the physical power to enforce such controls." Two decades ago, Hayek's proposal seemed to have scant probability of ever coming about. No longer. Hayek's dream is about to be realized. Footnotes [1] The Principia Discordia, or How I Found Goddess and What I Did to Her When I Found Her was authored by Malaclypse the Younger (a computer programmer named Greg Hill) and recounts the visionary encounter he and Omar Ravenhurst (Kerry Thornley) had with Eris, the Goddess of Chaos, in an all-night bowling alley. Kerry Thornley is also the author of Zenarchy as well as a novel about Lee Harvey Oswald, whom Kerry knew in the Marines. Some of the early Erisian (Discordian) writings were mimeographed at the office of Jim Garrison, the New Orleans District Attorney, where a friend of Kerry's worked. Principia Discordia may be found on the Internet at the wiretap.spies.com gopher, in the directory Electronic Books, filed under Malaclypse the Younger. It and the other works mentioned in this footnote are also available from Loompanics Unlimited, P.O. Box 1197, Port Townsend, WA 98368. Phone: 206-385-2230, Fax: 206-385-7785. [2] The NSA employee handbook notes: "It is the policy of the National Security Agency to prevent and eliminate the improper use of drugs by Agency employees and other personnel associated with the Agency. The term "drugs" includes all controlled drugs or substances identified and listed in the Controlled Substances Act of 1970, as amended, which includes but is not limited to: narcotics, depressants, stimulants, cocaine, hallucinogens and cannabis (marijuana, hashish, and hashish oil). The use of illegal drugs or the abuse of prescription drugs by persons employed by, assigned or detailed to the Agency may adversely affect the national security; may have a serious damaging effect on the safety [of yourself] and the safety of others; and may lead to criminal prosecution. Such use of drugs either within or outside Agency controlled facilities is prohibited." A copy of this handbook may be found in the hacker publication Phrack Magazine, No. 45, March 30, 1994, which is available on the Internet at ftp.fc.net/pub/phrack. [3] Governments have always been in the drug business, and perhaps always will be. In earlier times, governments attempted a monopoly on drugs, sex, and religion. But in recent years the ungodly have stopped paying tithes, so many governments have gotten out of the religion business, and private competition has forced them out of the sex business. Of the big three, most governments are left with only drugs, which explains why drugs are politically more important than either sex or religion. Two references on historical drug politics are Jack Beeching, The Chinese Opium Wars, Harcourt Bruce Jovanovich, New York, 1975, and Alfred W. McCoy, The Politics of Heroin: CIA Complicity in the Global Drug Trade, Lawrence Hill Books, New York, 1991. Two references on more recent U.S. government involvement include the well- documented book by Peter Dale Scott and Jonathan Marshall, Cocaine Politics: Drugs, Armies, and the CIA in Central America, The University of California Press, Berkeley, 1991, and the less well substantiated, but provocative, Compromised: Clinton, Bush, and the CIA, by Terry Reed & John Cummings, Shapolsky Publishers, New York, 1994. [4] The following may be related, although no charges have been filed. In 1987 Tallahassee police traced an alleged child porn operation back to a warehouse in Washington, D.C. The warehouse was operated by a group called The Finders, whose leader has an extensive background in intelligence. Customs agents had information that was, according to Customs and FBI documents posted on the Internet by Wendell Minnick (author of Spies and Provocateurs: A Worldwide Encyclopedia of Persons Conducting Espionage and Covert Action, 1946-1991), "specific in describing 'blood rituals' and sexual orgies involving children, and an as yet unsolved murder in which the Finders may be involved." The evidence included a telex which "specifically ordered the purchase of two children in Hong Kong to be arranged through a contact in the Chinese Embassy there" and a photographic album. "The album contained a series of photos of adults and children dressed in white sheets participating in a blood ritual. The ritual centered around the execution of at least two goats. . . ." As the investigation proceeded, the "CIA made one contact and admitted to owning the Finders organization as a front for a domestic computer training operation, but that it had 'gone bad.' CIA defers all further contacts to FCIA (Foreign Counter Intelligence Agency). FCIA is distinct and autonomous organization within FBI. . . . FCIA contacts [Washington] MPD Intelligence and advised that all reports regarding Finders are to be classified at the Secret level. FCIA also advised that no information was to be turned over to the FBI WFO [Washington Field Office] for investigation, and that the WFO would not be advised of the CIA or FCIA involvement/contact." I've since checked with all my programming friends, but no one remembers seeing a computer training film involving the sacrifice of goats. [5] It is argued that the creation and distribution of images of nude children should be prohibited, since they might be used "for the purpose of sexual stimulation or gratification of any individual who may view such depiction" (Edward De Grazia, The Big Chill: Censorship and the Law, Aperture, Fall 1990, page 50). Where I grew up, children sometimes played naked. However, I guess in that case rays of natural light seen by the human eye underwent a mysterious transubstantiation that turned the data into pastoral innocence before digitized messages were sent to the brain. By contrast, .gif files stored in a computer have not undergone transubstantiation, and remain slimy with evil inherited from the Original Snub. [6] The Justice Department's Office of General Counsel issued a legal opinion on the First Amendment constitutionality of ITAR restrictions on public cryptography on May 11, 1978. The opinion--addressed to Dr. Frank Press, the Science Adviser to the President--concluded: "It is our view that the existing provisions of the ITAR are Unconstitutional insofar as they establish a prior restraint on disclosure of cryptographic ideas and information developed by scientists and mathematicians in the private sector." The ITAR regulations are also referred to as Defense Trade Regulations. See Department of State, Defense Trade Regulations, 22 CFR 120-130, Office of Defense Trade Controls, May 1992. The State Department turns all cryptology decisions over to NSA. [7] Stewart A. Baker, "Don't Worry, Be Happy," Wired Magazine, June 1994. [8] Remarks at Computers, Freedom and Privacy Conference IV, Chicago, March 26, 1994. [9] Denning, Dorothy E., "Encryption and Law Enforcement," Georgetown University, February 21, 1994. [10] Which explains, I guess, why I am no longer able to get any smack with my pepperoni and cheese. [11] U.S. Department of State, Bureau of International Narcotics Matters, International Narcotics Control Strategy Report, U.S. Government Printing Office, April 1994. [12] Ibid. [13] Kimery, Anthony L., "Big Brother Wants to Look into Your Bank Account (Any Time It Pleases)," Wired Magazine, December 1993. [14] Chicago Tribune, January 20, 1995. [15] Timothy C. May, "The Crypto Anarchist Manifesto," September 1992. [16] Steven B. Duke and Albert C. Gross, America's Longest War: Rethinking Our Tragic Crusade Against Drugs, Putnam, New York, 1993. [17] Examples may be found in Steven Wisotsky, Beyond the War on Drugs, Prometheus Books, Buffalo, New York, 1990. [18] John Powell and Ellen Hershenov, "Hostage to the Drug War: The National Purse, The Constitution, and the Black Community," University of California at Davis Law Review, 24, 1991. [19] David B. Kopel, "Prison Blues: How America's Foolish Sentencing Policies Endanger Public Safety," Policy Analysis No. 208, Cato Institute, Washington, D.C., May 17, 1994. [20] Milton Friedman, "Open Letter to Bill Bennet," Wall Street Journal, September 7, 1989. [21] Larry Keller, "Sheriff's Office Makes Own Crack for Drug Stings," Fort Lauderdale News & Sun Sentinel, April 18, 1989. [22] The quote may be found on page 5 in Andrew Schneider and Mary Pat Flaherty, Presumed Guilty: The Law's Victims in the War on Drugs, reprinted from The Pittsburgh Press, August 11-16, 1991. [23] Melanie S. Tammen, "The Drug War vs. Land Reform in Peru," Policy Analysis No. 156, Cato Institute, Washington, D.C., July 10, 1991. [24] Rensselaer W. Lee, The White Labyrinth: Cocaine and Political Power, Transaction, New Brunswick, NJ, 1989. [25] House of Representatives, Banks Records and Foreign Transactions concerning P.L. 95-508, House Report 91-975, October 12, 1970. [26] U.S. Senate Permanent Subcommittee on Investigations, Crime and Secrecy: The Use of Offshore Banks and Companies, U.S. Government Printing Office, February 1983. [27] President's Commission on Organized Crime, The Cash Connection: Organized Crime, Financial Institutions, and Money Laundering, U.S. Government Printing Office, October 1984. [28] Bank for International Settlements, Large Value Funds Transfer Systems in the Group of Ten Countries, May 1990. [29] Ernest T. Patrikis, Thomas C. Baxter Jr., and Raj K. Bhala, Wire Transfers: A Guide to U.S. and International Laws Governing Funds Transfer, Probus Publishing Company, Chicago, IL, 1993. [30] The National Information Infrastructure: Agenda for Action. [31] David Kahn, The Codebreakers: The Story of Secret Writing, Macmillan, New York, 1967. [32] The best accessible book on the subject is Bruce Schneier, Applied Cryptography, John Wiley & Sons, New York, 1994. [33] It could also fail for other reasons, such as a signature garbled in transmission (solution: resend it), or disagreement on the hash function (solution: adopt a common standard, such as the Secure Hash Standard, discussed later). [34] The activities of the NSA were first comprehensively surveyed in James Bamford, The Puzzle Palace: a Report on NSA, America's Most Secret Agency, Houghton Mifflin Company, Boston, 1982. [35] David Burnham, The Rise of the Computer State, Random House, New York, 1983. [36] Cryptology is divided into cryptography, the art of secret writing (encryption), and cryptanalysis, the art of code breaking. By analogy, thinking of the world of banking divided into vault-keepers and thieves. [37] Computer Monitor Radiation (CMR) is involved in the plot of Winn Schwartau's Terminal Compromise, the best hacker novel available. A freeware version, replete with misspellings and other typos, under the filename termcomp.zip, is available by ftp or gopher from many sites. One location is ucselx.sdsu.edu/pub/doc/etext. [38] Cindy Skrzycki, "Dark Side of the Data Age," Washington Post, May 3, 1993. [39] Interviewed by Netta Gilboa in Gray Areas Magazine. Interview reprinted in The Journal of American Underground Computing, 1(7), January 17, 1995. [40] Attachment to memo from Wm. R. Loy 5/5/92, (O/F)-9C1h(2)(a)-File (#4A). [41] I was a block away in a building with a view of one of the World Trade Center towers when the explosion occurred, but, along with all the Barclays Precious Metals dealers, only found out about the bomb when the news came across the Telerate monitor a few minutes later. [42] Not that there weren't good motives for the operation. For example, the four BATF agents slain in the attack on the Branch Davidians were all ex- bodyguards for the Clinton presidential campaign, and heaven knows we've already heard enough revelations from Clinton's ex-bodyguards. [43] INSLAW, discussed further below. [44] The latter statement is speculation on my part, and I have no evidence to back it up. I am certainly not referring to the following alleged sequence of events, cited by Nicholas A. Guarino ("Money, Fraud, Drugs, and Sex," January 26, 1995): When Madison Guaranty Savings and Loan folds, it is somewhere between $47 and $68 million in the hole. The tab is settled at $65 million. One of the biggest debtors to Madison is a Madison director, Seth Ward, who is the father-in-law of Webb Hubbell. Webb is Hillary Clinton's former law partner and afterward (until April 1994) Associate Attorney General (the Number 3 position) at the Justice Department, who gets assigned to investigate Whitewater. But when the Resolution Trust Corporation (RTC) takes over Madison Guaranty Savings & Loans, Hillary has been on retainer to Madison for many months. The RTC brings suit to obtain $60 million from Madison Guaranty's debtors. But Hillary negotiates the RTC down from $60 million to $1 million. Hillary then gets the RTC to forgive the $600,000 debt Seth Ward owes the RTC, leaving the RTC with $400,000 out of the original $60 million owed. But (surprise) Hillary does this as the counsel for the RTC, not Madison. Her fee for representing the RTC? $400,000, which leaves the RTC with nothing. [45] Dorothy E. Denning, "The Clipper Encryption System," American Scientist, 81(4), July/August 1993, 319-323. The NIST and the Treasury Department's Automated Systems Division were designated as the initial escrow agents. [46] Matt Blaze, "Protocol Failure in the Escrowed Encryption Standard," AT&T Bell Laboratories, June 3, 1994. [47] Ray Pollari, Memorandum for the Acting Assistant Secretary of Defense (C31), April 30, 1993. [48] National Institute of Standards and Technology (NIST), The Digital Signature Standard, Proposal and Discussion, Communications of the ACM, 35(7), July 1992, 36-54. [49] American National Standards Institute, American National Standard X9.30-199X: Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry: Part 1: The Digital Signature Algorithm (DSA), American Bankers Association, Washington, D.C., March 4, 1993. [50] National Institute of Standards and Technology (NIST), Secure Hash Standard (SHS), FIPS Publication 180, May 11, 1993. [51] Office of Technology Assessment (OTA), Information Security and Privacy in Network Environments, September 9, 1994. [52] "TerrorDollars: Counterfeiters, Cartels and Other Emerging Threats to America's Currency," Washington Post, March 6, 1994. [53] Maggie Mahar, "Beneath Contempt Did the Justice Dept. Deliberately Bankrupt INSLAW?," Barron's National Business and Financial Weekly, March 21, 1988; and "Rogue Justice: Who and What Were Behind the Vendetta Against INSLAW?," Barron's National Business and Financial Weekly, April 4, 1988; U.S. Congress, Committee on the Judiciary, The Inslaw Affair, House Report 102-857, September 10, 1992. [54] Thompson's, Congress backs claims that spy agencies bugged bank software, Thompson's International Banking Regulator, Jan. 17, 1994. [55] Hayek, Friedrich A. von, Denationalisation of Money: An Analysis of the Theory and Practice of Concurrent Currencies, The Institute of Economic Affairs, Lancing, 1976. First posted to the Internet February 1995. © 1995 J. Orlin Grabbe, 1475 Terminal Way, Suite E, Reno, NV 89502.

Web Page: http://www.aci.net/kalliste/