(Photo credit:Kevin Lamarque, Reuters)
Eric Hughes, co-founder of the Cypherpunk Movement, made the following declaration in 1993: “We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. We must come together and create systems which allow anonymous transactions to take place. We the Cypherpunks are dedicated to building systems.”
In his manifesto, Hughes argued for strong and open access cryptography as well as networked systems independent of the modern Internet. Hughes believed that the responsibility for securing free speech and democracy in the digital age would fall to the programmer rather than the government.
Hughes’ manifesto is unapologetically libertarian; the amateurish design of his webpage, hosted on a “.net” domain name server, makes it easy to consign Hughes to the fringes of political thought. And yet, 25 years after Hughes’ manifesto, we all are living in a reality that seems to adhere to his philosophy.
Consider this: most modern mobile devices rely on encryption in some form to protect our data, much to the chagrin of many governments and law enforcement agencies. Additionally, blockchain technology boasts features that resemble the distributed and private systems of transaction Hughes argued for in his manifesto.
Hughes may not be the direct architect of our current reality, but his ideas are coming to pass regardless. Meanwhile, policymakers, with their limited understanding of computer technology, are slowly ceding governance to tech-savvy private actors.
If this sounds like hyperbole, internal procedures in Congress can offer a few illustrative examples. As of April 2017, two-factor authentication was not required for the 20,000 congressional staff members that include interns, career staffers, and Senators.
Two-factor authentication is a basic tenet of cybersecurity that allows access to a system only after a user demonstrates knowledge (a password) and possession of a key (often a USB key). This simple concept greatly reduces the opportunity for malicious actors to break into computer systems. Despite the 2016 DNC email hacking incident, which occurred in part due to lack of two-factor authentication, Congress has still not updated its cybersecurity protocols.
Furthermore, Congress has only recently transitioned all committee and member websites to the more secure HTTPS protocol. This simple step ensures user can trust that the information on these sites are secure, accurate, and trustworthy. This may sound like a step in the right direction until one realizes that the HTTPS protocol was introduced in 1995.
I make these observations not just to excoriate the government for lapses in basic cybersecurity; what I find more concerning are the implications of these facts vis-à-vis future technology policies. If policymakers have only recently recognized the importance of HTTPS, two decades after the protocol’s inception, how can we expect them to develop policies for technology as esoteric as artificial intelligence, quantum cryptography, or blockchain technology?
Let’s be clear, I am not suggesting lawmakers are unintelligent. What I am arguing, is that Congress currently lacks the specific technical knowledge necessary to develop an informed policy concerning emerging technology. For example, as of 2016, only 4 of the 535 members of Congress had possessed any formal education in computer science.
Unfortunately, we have seen the results of this dearth of technological knowledge manifest in the FBI-Apple encryption dispute. In the aftermath of the 2015 San Bernardino shooting, encryption debates garnered renewed mainstream attention. As the FBI grappled with Apple in the courts, policymakers explored options to obviate the need for litigation in the future.
The loudest voices, however, were often the most uninformed. As a result, the “Golden Key Law,” a concept that called for legally mandating the creation of digital “backdoors” in personal devices, gained traction in Congress. The basic idea was that the good guys would have special access to mobile devices to gather evidence, thus protecting Americans from the bad guys.
The idea, unfortunately, has two glaring weakness. First, malicious actors could simply switch to open source encryption applications, making the proposed law irrelevant. Second, it assumes that mistakes never occur, and the proverbial “golden key” would remain out of the reach of malicious actors.
History, however, demonstrates that mistakes do happen. In 2016, Microsoft failed to patch a bug in its software, resulting in the leak of Microsoft “Golden Keys” for Windows Secure Boot. Simply put, a basic understanding of encryption and some perfunctory research would have made it clear that a “Golden Key Law” wouldn’t stop malicious actors, but would endanger regular users.
The point is simple: technology has left our policymakers behind both in the technical and philosophical sense. For example, the open-source encryption previously mentioned is wholly consistent with Eric Hughes’ mantra, albeit with results Hughes may not have intended. His philosophy, which was likely ignored in 1993, is having real-world policy implications in 2018.
Additionally, the Cypherpunk ideology is not the only tech movement shaping the course of technological advancement and usage. For example, The Free Software Movement, notable for its hand in developing the Linux operating system, advocates for the free and open study, manipulation and redistribution of all software. Mark Zuckerberg has pushed the idea that greater connectivity and transparency, facilitated by Facebook, could bring about positive global change. There are numerous tech-focused ideologies and as the Cambridge Analytica scandal has demonstrated, each one can affect our politics and our society.
It is no longer enough for policymakers to wax poetic about Ayn Rand or quibble over the merits of socialism versus capitalism. The Digital Age is here. Policymakers can continue to ignore the techies and their idealism, however, to do so risk politicians relegating themselves to irrelevance.