When we switch over into a New Year, it gives marketing departments the opportunity to promote their end of year or their "what to look for in the New Year" lists--something that occurs across all industries. In the technology industry, every list seems to talk about artificial intelligence and the Blockchain, as companies move to understand, incorporate, and compete in the latest hot trends. Bitcoin and the Blockchain have been particularly in the news a lot because of the cryptocurrency craze propping up the exchange rates for Bitcoin, Ether, and other digital assets.
Despite the hype-cycle, the Blockchain is certainly burning keyboard keys and refresh buttons, as people check Coinbase for the latest Bitcoin price, and scour news sources for alternative currencies they can get in on early. In 2018, however, Bitcoin might be on everyone's mind, but cryptography is the underlying technology powering many different avenues of technological and political subjects, making one wonder if this is finally the new dawn of the cypherpunk, and what that means to information technology.
What is a Cypherpunk?
Most have heard the term cyberpunk to describe the subculture of 80's dystopian fiction, and the early computer scientists and programmers that took that genre and ran with it, but lost in a lot of that sci-fi imagining was the cypherpunk offshoot, consisting of privacy advocates promoting strong cryptography as a way to enact and safeguard social change. It sprung from the same left libertarian ideology that saw computers as a way to free the people from government and corporate overreach--the digital democracy.
Eric Hughes wrote that:
Privacy is necessary for [an] open society in the electronic age.
Hughes believed that it was up to the cypherpunks to write code to defend privacy rights. They have been at it ever since, including some in hacktivist cells of Anonymous, but have mostly been out of the spotlight.
Bitcoin and the Blockchain
Bitcoin changed the landscape of distributed endeavors by providing an immutable means to transact data. Every major banking and investment CEO has had his or her time in the limelight disparaging Bitcoin as a currency or value store. At the same time, those CEOs' companies are investing heavily in the Blockchain. Each sees the value in a distributed ledger, but does not want to give up control of that ledger.
Andreas Antonopoulos gives a solid analogy about Bitcoin and the Blockchain that paraphrased resembles something like: saying Bitcoin is bad, but the Blockchain is the real, valued technology would be like saying that the automobile car is bad, but the improved suspension is the real technology, so we'll take that and put in on the horse-and-buggy. Doesn't make sense, does it?
The value behind both Bitcoin and the Blockchain is the security and immutability that is found in a decentralized, cryptographically signed, distributed system. Bitcoin is the necessary reward to encourage the distribution and block completion to keep the ledger sufficiently decentralized, preventing centralized ownership.
Bitcoin uses a proof-of-work that has come under fire recently for being environmentally unfriendly. In addition, transactions can become slow, costly, and will likely balloon as more people use the system. This has resulted in hard forks, alternative cryptocurrencies, and different forms of consensus. It has also resulted in consumer confusion.
Proof-of-stake is an alternative form of consensus that expects skin in the game (stake) as opposed to proof-of-work, which requires energy resources. There are many criticisms about proof-of-stake, but Ethereum looks to switch over to some form of it relatively soon.
This says nothing of IOTA and their mathematical "tangle"--another form of consensus that does not require a Blockchain, and has received interest from Microsoft. The company itself, however, has be criticized for trying to roll their own cryptography algorithm and for keeping a large chunk of the generated currency to themselves.
What about the fast growing Ripple currency that has been making waves? Do you know the difference between Bitcoin and Ripple? If not, it is best to stay out of cryptocurrency trading and investing. Sadly, Coinbase is now one of the top apps on the Apple AppStore, and they make it incredibly easy to purchase cryptocurrency. With speculators flooding the market, all Coinbase has to do is add a new currency to see prices for that coin spike exponentially. Look at the Bitcoin Cash fiasco, which has resulted in an "insider trading" investigation. In addition, Coinbase is an exchange that owns your private keys. If you have a hard time trusting a bank with your money, are you okay with trusting a startup that has been having trouble just keeping their servers running? That is not to disparage Coinbase, which is a very good exchange, but exchanges like this end up centralizing cryptocurrency, which is against the original point to begin with. Of course, some companies are working hard to create decentralized exchanges, such as AltCoin.io.
If we are going all in on Bitcoin, what about the slowness of the Bitcoin network and the high transaction fees? Some cryptocurrencies are experimenting with alternative forms of consensus like mentioned above, but in the Bitcoin world, cypherpunks have staked their future to the Lightning Network--a way of creating off-chain payment channels with high risks for those who try to cheat the system, while allowing near instant transactions at minimal fees. By going off-chain with this second layer, it will limit transaction congestion, as well as ledger size.
This is not just about Blockchain cryptography though. Do you know the difference between a software wallet and a hardware wallet? How about an atomic swap? On-chain versus off-chain transactions? We live in era where initial coin offerings (ICOs) are raising multimillions of dollars in capital without any regulatory body to protect investors. ICOs are not an investment. They are ways to drain investors of capital without any repercussions for losses. People are investing in ICOs hoping to jump on the next Bitcoin, while many producing ICOs have less of a business plan than startups during the dot com bubble.
Decentralized exchanges, atomic swaps, and the Lightning Network have the opportunity to completely change the way our financial systems work, but there are very few people who truly understand the cryptography and technology behind these projects. The consumer and business world just see wallets and digital money--most fail to see the differentiators between the various technologies, and the risks of choosing one over the other.
Bitcoin was invented by a non-existent entity named Satoshi Nakamoto, and the core Bitcoin team works off a consensus that has not really solidified around a singular voice, but that is not to say that other cypherpunk figures have not risen in status.
Many probably don't remember cypherpunk pioneers such as Philip Zimmermann (for PGP). What about John Gilmore and the many who were originally a part of the founding of the Electronic Frontier Foundation? Even the infamous Julian Assange--agree or disagree with his tactics or personality--worked on deniable cryptography and is a noted cypherpunk. Yet he is most famous for releasing leaked documents. Then there is the reclusive Nick Szabo. Szabo is credited with designing the precursor to Bitcoin's architecture, and has even be accused of being the real person behind Nakamoto. None of these people (outside of Assange) are mainstream personalities, but that is starting to change as more people get interested in cryptocurrency.
For example, Charlie Lee (inventor of Litecoin) has been prominent in the cryptocurrency community since his time at both Google and Coinbase. Lee is the community's resident nice guy, who sees Litecoin as the silver to Bitcoin's gold, and is an important voice in an industry that can have some cagey characters. He recently sold off his Litecoin holdings so that he could speak on the subject of cryptocurrency without having a conflict of interest.
Meanwhile, you probably can't do an article on the subject of cypherpunks without mentioning Zooko Wilcox-O'Hearn (if only for the name alone)--a founding team member of the ZCash initiative to create a truly anonymous protocol for cryptocurrency addressing. Zooko is perhaps most famous for appearing in Radio Lab's podcast episode where he initiated the elaborate ritual for ZCash's launch. His Zooko's Triangle was a conjecture on the naming of participants in a network protocol, and how not all desirable properties were possible. Something later refuted by hacktivist Aaron Swartz, but impressive philosophizing nonetheless.
These are names just now starting to leak into mainstream journalism and financial analysis, being mixed with venture capitalists and tech gurus in a mashup of computation and money, attempting to conquer a wildly abstract frontier that few understand.
What about Big Brother?
The 2016 election resulted in an uptick in interest in VPNs, secure browsing, and secure messaging. Journalists were busy tweeting that the free press needed to browse with TOR, use PGP, and download a secure messaging app. WhatsApp came under fire in early 2017 for its implementation of the Open Whisper technology that powers its cryptography, while cryptographers came to its defense by noting that WhatsApp is a communication-first application, not a security-first one--something that people now need to consider when making trade-offs, but are consumers really researching this? Meanwhile, various encryption-enabled apps like Wickr, the Edward Snowden-approved Signal, and Telegram (another company under fire for rolling their own cryptography) were all battling it out for privacy supremacy. The Electronic Frontier Foundation used to have a scorecard for secure messaging apps, but it realized that the seven point scorecard wasn't enough in today's ultra-privacy minded public, so they've been busy working on a newer version.
How mainstream has secure messaging become? The television show Mr. Robot may have single-handedly pushed end-to-end encrypted, self-destructing text messages into the workflow of everyday journalism, activists, and those just paranoid about government intrusion. You won't see those people using Snapchat.
Do you have any idea why one would choose Signal over Wickr? Do you think WhatsApp's re-encryption of undelivered messages without informing recipients is a security flaw that warrants a serious loophole in architecture? Business cases, use cases, and the re-ignition of the open source vs. closed source debate on the utility and security of applications have thrust computational mathematicians and cryptography experts into the limelight on debates both within and outside of the technology community.
Secure messaging has become a power tool in the smartphone era in part because of how poorly PGP and GPG are implemented in email clients. The number one article on the Codepunk web site is still the one about how to get GPG working with Outlook 2016. Online clients like ProtonMail make things easier, but are limited in the number of messages that can be sent unless you have a paying account. If you're truly interested in privacy, does this mean paying in Bitcoin?
Since we mentioned Edward Snowden, it's important to point out that the need for security and privacy didn't just become a thing with President Trump's election, but was an on-going issue during both the Bush and Obama administrations as Snowden's leaks clearly showed violations by the government and corporate actors that were occurring for a very long time.
The Freedom of the Press Foundation spun out of the actions of Snowden and journalist Glenn Greenwald, and included support from journalists and activist from organizations like the Electronic Frontier Foundation. The Freedom of the Press Foundation is the fiscal sponsor of Open Whisper Systems, which creates the Signal app, and whose technology is used in WhatsApp, as well as other communication technologies. They also offer SecureDrop for anonymously submitting whistleblower information to news organizations, and recently introduced Haven--an Android application that uses phone sensors to monitor surroundings as a kind of makeshift security system. Haven sends messages to you via Signal's messaging protocol.
If you think all of this is paranoia, the proliferation of the term "fake news" in certain media--and from certain politicians--have led to verbal attacks that seem to be leaning more and more towards censorship. It isn't just a journalism issue either. Protesters are also having issues with law enforcement attempting to break encryption on their phones, or compel them to put in their fingerprint ID to unlock phones, and this has resulted in higher interest in self-destructing messages and security (both Signal and Wickr provide this).
How important has cryptography become? Keybase, an application and service launched by the former founders of OKCupid has a tagline of:
Crypto is for everyone, not just programmers!
This startup has created a public system for identity management that stores verifications as unspent transactions on the Blockchain. They offer an encrypted cloud file system tool, end-to-end encrypted chat, a Slack-ish teams component that is also end-to-end encrypted (even within organizational sub-teams), and an encrypted Git repository. On top of that, the identity management verifies PGP keys, as well as social media accounts like Twitter and Facebook. That way you can be assured that the person sending you a Facebook message is at least the same account owner as the Twitter user you've been talking to (even if he or she is on an unencrypted service).
Now with the Net Neutrality reversal, people are increasingly worried about the possibility of Internet censorship, which has led to an increase in software VPN sales. Meanwhile, Tor continues to be a tool for those who want to surf the Internet anonymously. Most people only think of Tor as a way to access the DarkNet, but the cryptography involved deals with handshakes between nodes in a manner that shields the destination from network sniffing tools, but users still need to be aware of things like exit node eavesdropping.
Get to the point
The point of all this is to say that tools used for secure communications and research are actively being used, and still desperately needed. This will increase the risk of poor applications being built that claim to have privacy protections, but don't, and an unsuspecting public will not know any better. It means that any company looking to secure their own communications needs to employ security experts and cryptographers that live and breathe prime numbers and hashing algorithms. It means that as the financial industry becomes distributed, and the banking industry gets nervous, the cypherpunks are finally have their day in the sun.