American Scientist

Many of us think of the Internet as a vast but searchable realm. Yet just beyond the reach of conventional search engines is another, hidden world of unindexed pages, encrypted content, and unlinked websites. Welcome to the dark net. It owes its existence to the efforts of IT-savvy privacy activists who began working to guard online anonymity nearly three decades ago. In this passage from his book The Dark Net , to be published in paperback in May, technology analyst Jamie Bartlett examines the early days of this movement and its activists.

One day in late 1992, retired businessman Tim May, mathematician Eric Hughes, and computer scientist John Gilmore invited 20 of their favorite programmers and cryptographers to Hughes’s house in Oakland, California. After taking a degree in physics at the University of California at Santa Barbara, May went to work for Intel in 1974, where he made a brilliant breakthrough in redesigning Intel’s computer memory chips. He retired at the age of 34 and dedicated himself to reading: computing, cryptography, physics, mathematics—and to politics. Gilmore was Sun Microsystems’ fifth employee; like May, he retired young to pursue political ideas. Hughes, a brilliant mathematician from the University of California, Berkeley, had spent time working in the Netherlands with David Chaum, perhaps the world’s best-known cryptographer at that point.

May, Hughes, and Gilmore were natural bedfellows. All were radical libertarians and early adopters of computer technology, sharing an interest in the effects it would have on politics and society. But while many West Coast liberals were toasting the dawn of a new and liberating electronic age, Hughes, May, and Gilmore spotted that networked computing might just as likely herald a golden age of state spying and control. They all believed that the great political issue of the day was whether governments of the world would use the Internet to strangle individual freedom and privacy through digital surveillance, or whether autonomous individuals would undermine and even destroy the state through the subversive tools digital computing also promised.

"Pretty Good Privacy," or PGP, was published free online in 1991, and remains the most widely used form of email encryption to this day.

• Facebook
• Twitter

At their first meeting, May set out his vision to the excited group of rebellious, ponytailed twenty- and thirtysomethings. If the government can’t monitor you, he argued, it can’t control you. Fortunately, said May, thanks to modern computing, individual liberty can be assured by something more reliable than man-made laws: the unflinching rules of math and physics, existing on software that couldn’t be deleted. “Politics has never given anyone lasting freedom, and it never will,” he wrote in 1993. But computer systems could. What was needed, May argued, was new software that could help ordinary people evade government surveillance. The group was set up to find out how.

Soon the group began to meet every month in the office of Cygnus Solutions, a business that Gilmore had recently set up. At one of the first meetings in 1992, one member—Jude Milhon, who wrote articles for the magazine Mondo 2000 under the alias St Jude—described the growing movement as “the cypherpunks,” a play on the cyberpunk genre of fiction made popular by sci-fi writers such as William Gibson. The name stuck. “It was a bit of a marketing ploy, to be honest,” May told me over the phone from his home in California. “A bit like Anonymous wearing the Guy Fawkes masks.”

The group began to grow. Eric Hughes decided to set up an email list to reach out to other interested parties beyond the Bay Area. The list was hosted by the server that ran Gilmore’s personal website, toad.com. The first post on the list, even before the introduction from Hughes, was a repost of a 1987 speech given by mathematician Chuck Hammill called “From Crossbows to Cryptography: Thwarting the State via Technology.” It set the tone perfectly for what would follow: “For a fraction of the investment in time, money, and effort I might expend in trying to convince the state to abolish wiretapping and all forms of censorship,” wrote Hammill, “I can teach every libertarian who’s interested how to use cryptography to abolish them unilaterally.”

The list quickly grew to include hundreds of subscribers who were soon posting every day: exchanging ideas, discussing developments, proposing and testing cyphers. This remarkable email list predicted, developed, or invented almost every technique now employed by computer users to avoid government surveillance. Tim May proposed, among other things, secure crypto-currencies, a tool enabling people to browse the Web anonymously, an unregulated marketplace—which he called “BlackNet”—where anything could be bought or sold without being tracked, and a prototype anonymous whistleblowing system.

The cypherpunks were troublemakers: controversial, radical, unrelenting, but also practical. They made things. Someone would write a piece of software, post it to the list, and others would test it and improve it. When Hughes put forward a program for anonymous remailers—a way to email people without being traced—another influential poster to the list, Hal Finney, worked to correct a flaw he’d spotted in it, then posted his improved version. Among the cypherpunks, writes Forbes journalist Andy Greenberg in his history of whistleblowing, creativity was more admired than theorizing. It was Hughes who coined the expression that would define them: “cypherpunks write code.”

Above all, the code they wanted to write was encryption. Encryption is the art and science of keeping things secret from people you don’t want to know them, while revealing them to those you do. From the time of the Roman Empire until the 1970s, encryption was based on a “single key” model, with the same code both locking and unlocking the message. Modern computing made encryption far more powerful, but the underlying principle was the same: If you wanted to communicate secretly with someone, you still had to get the code to them—which presented the same problem you started with.

Two MIT mathematicians called Whitfield Diffie and Martin Hellman solved this in 1976 with a system they called “public key encryption.” Each user is given his own personal cypher system comprised of two “keys,” which are different but mathematically related to each other through their relationship to a shared prime number. The mathematics behind it is complicated, but the idea is simple. It means you can share your “public” key with everyone, and they can use it to encrypt a message into a meaningless jumble that can be decrypted only with your secret “private” key. Public key encryption transformed the potential uses of encryption, because suddenly people were able to send encrypted messages to each other without having to also exchange a code, and indeed without even having to ever meet at all. Up until the early ’90s, powerful encryption was the sole preserve of governments. The United States had even classed powerful encryption as a “munition” in 1976 and made its export illegal without a license.

As more people ventured into cyberspace, the U.S. government began to take a greater interest in what they were doing there. In 1990, the FBI launched an over-the-top crackdown on computer hackers, known as Operation Sundevil. This was swiftly followed, in early 1991, by a proposed piece of U.S. Senate legislation that would force electronic communications service providers to hand over people’s personal data. (The key clause, S.266, was pushed by the then chairman of the U.S. Senate Judiciary Committee, Senator Joe Biden.) Worse still, in 1993 the U.S. government announced the “Clipper Chip”: industry standard encryption for the Internet, to which the National Security Agency would hold all the keys.

Many early adopters of the net considered this to be an attempt by the U.S. government to control cyberspace, which until that point had operated largely outside state control. Phil Zimmermann, an antinuclear activist and computer programmer, was worried that digital technologies appeared to be eroding citizens’ privacy, rather than liberating them. For years, Zimmermann had dreamed of creating an encryption system for the masses based on public key encryption that would allow political activists to communicate free from the government’s prying eyes. However, juggling a freelance job and two children, he had never found the time to realize it.

On learning of Biden’s S.266 clause, Zimmermann feverishly set out to complete the project, almost losing his house in the process. When he finished his software in 1991, he published it all online, free for anyone who wanted to use it. He called it “Pretty Good Privacy,” or PGP for short, and within weeks it had been downloaded and shared by thousands of people around the world. “Before PGP, there was no way for two ordinary people to communicate over long distances without the risk of interception,” said Zimmermann in a later interview. “Not by phone, not by FedEx, not by fax.” It remains the most widely used form of email encryption to this day.

The U.S. government, needless to say, wasn’t happy. They believed too many people using strong cryptography like PGP would make life a lot harder for the security services. The British government was also watching nervously. Sir David Omand, who was working for the British intelligence agency GCHQ at this time, recalls the period well. “We were very worried about the spread and adoption of powerful encryption like PGP,” he said. The British government even briefly considered following France in legislating to control encryption. In the end, they decided against: Once Zimmermann had released the source code online, it was going to be almost impossible to try to remove it from the public domain. Besides, it was increasingly obvious that encryption technology was vital for the health of the rapidly expanding Internet, especially for online trade and commerce. A more secure Internet would be trusted by more people. The U.S. government decided on a different course. Zimmermann, having released his PGP source code on the Internet, was considered by the U.S. government to have exported munitions. The United States Customs Service launched a criminal investigation, seeking to prosecute Zimmermann under the Arms Export Controls Act.

This battle over encryption became known as the Crypto-Wars, fought between those who believed citizens should have the right to possess strong cryptography, and the government who did not. For May, Gilmore, and Hughes, making sure crypto was available to all was a means to an end. The cypherpunks hoped and believed their endeavors would eventually bring about an economic, political, and social revolution. Their list fizzed with political radicalism.

The cypherpunks hoped and believed their endeavors would eventually bring about an economic, political, and social revolution.

• Facebook
• Twitter

In 1994, May published Cyphernomicon , his manifesto of the cypherpunk world view, on the mailing list. In it, he explained that “many of us are explicitly antidemocratic and hope to use encryption to undermine the so-called democratic governments of the world.” On the whole, the cypherpunks were rugged libertarians who believed that far too many decisions that affected the liberty of the individual were determined by a popular vote of democratic governments. The cypherpunks were advised to read 1984 , the cult science-fiction novels The Shockwave Rider and True Names , David Chaum’s paper “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” and perhaps most importantly, Atlas Shrugged . In Ayn Rand’s magnum opus, the most productive citizens of a dystopian American society refuse to pay taxes and disappear to “Galt’s Gulch,” a secluded community whose inhabitants are free to pursue greatness. May hoped to see similar “virtual regions” where individuals could make consensual economic arrangements among themselves with no state at all.

The mailing list became the favorite watering hole for hundreds of talented computer programmers and hackers from all over the world, many of whom would use the list to learn about crypto before setting out to pursue May’s vision in their own way. One of them was a programmer named “Proff,” who joined the cypherpunk mailing list in late 1993 or early 1994. He immediately got sucked into the raucous and aggressive exchanges that characterized the cypherpunks: insulting newcomers, ruthlessly criticizing perceived shortcomings in others’ technical knowledge, and plotting the downfall of governments. When Esther Dyson, head of the Electronic Frontier Foundation (EFF)—a civil liberties group committed to free internet expression and privacy, cofounded by Gilmore—argued on the list that some limits to anonymity might be acceptable if there were very strict laws respecting privacy, Proff shot back: “It is clear that the personal beliefs of those involved in EFF are those of compromise, present-day politics, and a general lack of moral fiber.” Proff even speculated that Dyson worked for the CIA. Dyson replied, “For the record, I am not a tool of the CIA nor have they pressured me, but there’s no reason for you to believe me.” (Despite their heated exchanges, the two would later become friends.)

“Proff,” it transpired, was a gifted young Australian programmer called Julian Assange. Although Assange was a libertarian, he did not share May’s unashamed elitism: In the Cyphernomicon May spoke disparagingly of “nonproductive” citizens, “inner-city breeders,” and, most notoriously, the “clueless 95 percent.” In one of his last posts on the list, Assange wrote (likely in rebuttal to May) that “the 95 percent of the population which compromise the flock have never been my target and neither should they be yours. It’s the 2.5 percent at either end of the normal that I have in my sights.” (When I asked May if he thought Assange was a “true” cypherpunk, he replied, “Yes, absolutely. I count him as one of us. He did things, he set things up, and he built things.”)

May’s dislike of government appears to have been an intellectual discovery, the product mainly of voracious reading. For Assange, it was more emotional. In 1991, he had been arrested for hacking into the Australian telecom company Nortel, under the pseudonym Mendax. Although he avoided prison, the threat of criminal prosecution had lingered over him for two years before he pleaded guilty to 25 hacking charges in 1994. The experience, he later wrote, allowed him “to see through that veneer the educated swear to disbelieve in but still slavishly follow with their hearts!”

Assange saw that crypto could be used for offense as well as defense. He believed that the anonymity crypto could provide would facilitate and encourage whistleblowers to expose state secrets. For Assange, crypto could pry governments open, making them more transparent—“to see through that veneer”—and more accountable, and hopefully pull down a few in the process. His inspiration came from another cypherpunk from the mailing list named John Young, who in 1996 founded the website cryptome.org as a place to publish leaked documents—especially any confidential government records and reports. Assange had contacted Young in 2006, saying, “You knew me under another name from the cypherpunk days.” He told Young of his plan to create a new organization called WikiLeaks, which he believed would change the world: “New technology and cryptographic ideas permit us to not only encourage document leaking, but to facilitate it directly on a mass scale. We intend to place a new star in the political firmament of man.”

For almost a decade, the cypherpunk mailing list was the center of the crypto world. Hundreds of people used it to propose and learn ciphers, evade detection, discuss radical politics. It was finally discontinued in 2001 when John Gilmore booted it from his host, toad.com, for reasons not entirely clear—Gilmore claimed it had “degenerated.”

But it had a remarkable track record: Anonymous remailers were everywhere, an anonymous browser that allowed users to browse the Web without anyone being able to track them was in development, and the whistleblowing site Cryptome was becoming a thorn in the side of intelligence agencies. Better still, the U.S. government had dropped its investigation into Phil Zimmermann, and PGP was being used all over the world.

But it had a remarkable track record: Anonymous remailers were everywhere, an anonymous browser that allowed users to browse the Web without anyone being able to track them was in development, and the whistleblowing site Cryptome was becoming a thorn in the side of intelligence agencies. Better still, the U.S. government had dropped its investigation into Phil Zimmermann, and PGP was being used all over the world.

After Gilmore shut down the original mailing list, others sprang up in its place, with several dedicated to improving crypto. The most notable was the cryptography mailing list hosted by Perry Metzger, where many of the original cypherpunks migrated. But it also attracted a new generation who were just as keen to post papers and ideas about how to evade government surveillance and improve individual privacy online.

From The Dark Net: Inside the Digital Underworld , by Jamie Bartlett. Copyright © 2015 by Melville House. Used by permission of the publisher.