Will Strong Encryption Protect Privacy and Make Government Obsolete?
April 24, 2001
David D. Friedman
ContentsIntroductory Remarks by David Theroux
Good evening, ladies and gentlemen. Im David Theroux and Im the president of The Independent Institute. I want to welcome you to our Independent Policy Forum this evening.
As most of you know, we conduct these programs, roughly, monthly and feature scholars and other experts who have written important new books and important issues. And tonight is certainly no exception.
This is the book that were featuring today, Laws Order, by our speaker David Friedman. I hope that everyone has gotten several copies. They make great presents, graduation, whatever.
The actual title of tonights talk is, Will Encryption Protect Privacy and Make Government Obsolete? Some of us might wonder if it had ever been otherwise.
David is actually trained as a physicist and economist, teaches at the law school at Santa Clara University because of his extensive knowledge in law and economics and other related fields.
As many of you know, The Institute regularly sponsors programs like this. Were a public policy research institute. We produce many books. This is our quarterly journal, The Independent Review, which I hope everyone here is also subscribing to for everyone in the family. This particular issue has a number of articles that pertain to privacy-related issues, especially pertaining to the nanny state, national security, and other matters. I wanted to recognize Robert Mondavi wineries who have very kindly donated the wine that we have enjoyed, and also The Customer Company, which co-sponsors our programs.
For those of you who are new to The Institute, in the registration packet youll find background information about our program, including how you can become a member and receive discounts, the journal, and many other benefits. We also invite you to visit our Website. We have a superb archive of previous events available in transcript and audio and so forth, as well as information about many of our publications.
Our next event will be on May 16. The program will focus on the ideas and significance of the Nobel Laureate economist and political theorist F.A. Hayek. The program is entitled, Friedrich Hayek and the Future of Liberty. The speakers will be Alan Ebenstein, who has a new book called Friedrich Hayek: A Biography, and Charles Baird, professor of economics at California State University, Hayward.
On July 5, well be hosting a program called, Why are the Public Schools Failing and What Can Be Done? The speakers then will be two economists, one whose name is John Merrifield from the University of Texas at San Antonio whos author of a new book called, The School Choice Wars, and Richard Vedder, who is a senior fellow here and also a professor of economics at Ohio University, whos author of a new monograph for us called Can Teachers Own Their Own Schools?
Later, on August 14, well be hosting Larry Elder, who many of you know is a popular radio and TV talk show host and personality, and his book entitled Ten Things You Cant Say in America. Well also be hosting Thomas Szasz this fall on his new book called, Pharmacracy, which is excerpted, I should mention, in this new issue of The Independent Review.
Last Friday, some of you may have noticed that The Washington Post reported on the efforts of the government in China to continue its approach, its efforts, to censor information technology. The questions that our speaker will be looking at is: can such repression work? and what are the pros and cons to such efforts? On the one hand, China was apparently ineffective in blocking the access that people had tried to have to foreign news accounts related to the recent spy plane incident. Furthermore, the U.S. planeIm not sure if you have noticed some of the reports that mentioned, the plane was equipped with the latest NSA technology that enables the government to intercept all e-mail, faxes, and other electronic mediaso it wasnt simply a question of surveillance of certain specific things, but it could survey virtually all transactions.
Just imagine the uproar here in the U.S. if the Chinese or the Cubans were flying continual surveillance flights along the West or the East Coast of the U.S. monitoring all communications media. On the other hand, when the truth about a deadly school explosion spread earlier across Chinese chat rooms, it turned out that government officials were essentially powerless to stop it, and they actually issued what was, essentially, a remarkable public apology. So thats what our speaker will be discussing; this tension between these two dynamics.
The U.S. itself, of course, is the home of the FBIs Carnivore surveillance system, as well as the NSAs Echelon system, which is actually an international system. In Congress, we actually have a bill thats proposed that includes a provision to make mandatory to have a special chip imbedded in all new cell phones by the year, I believe, 2005. It would enable the government to track the location of all cell phone use and their users.
Clearly, the subject of privacy is no longer the exclusive domain of speculative thinkers or futurists. It is a fact of public debate. The questionone of the questionsto ask is, will privacy-enhancing technology improve faster than privacy-threatening technology? Should the government make standards of privacy? Should it enforce contracts in cyberspace, or would private law do a better job? Tonight our speaker will discuss many of these issues.
David Friedman, as I mentioned, is a professor of law at Santa Clara University. He received his Ph.D. in physics from the University of Chicago. I went to the University of Chicago, but did not major in physics. He has taught at Cornell, the University of Chicago, Tulane, UCLA, Virginia Polytechnic Institute, University of California at Irvine, University of Pennsylvania, and Columbia University.
In addition to his new book, Laws Order, hes also the author of The Machinery of Freedom: A Guide to a Radical Capitalism. And if you havent read The Machinery of Freedom, youve really missed a very important and, I think, stimulating book. Also, the books Price Theory and Hidden Order, which are also ones Id highly recommend.
Hes contributed to The New Palgrave Dictionary of Economics. He is the author of many articles and reviews in many economics journals such as The American Economic Review, The Journal of Law and Economics, The Journal of Political Economy, Economics and Philosophy, and so forth.
David is also well known for pioneering some of the most creative and insightful critical analyses of government institutions and setting forth a non-state approach to social cooperation and human endeavor. Im very pleased to introduce David Friedman. [Applause]
Actually David Theroux doesnt know what Im going to say because he hasnt heard the talk either. I have written important books on important(speaking into microphone)you really need this thing for something?
I see, all right. I have writtenI regard the microphone as a device for distorting the human voiceI was going to say, I have written important books on important subjects, but I have not written any books on the subject Im talking about tonight. I do have some things on my Web site on that topic, in particular an old article called, Strong Privacy: Perils and Promises of Encryption, which is really the written version of what Im saying, as of five or six years ago, when I wrote the article.
I am afraid government is not obsoleteyet. Government is very good at what it does, enormously better than any competing institution. And if you dont believe me, compare the total revenue collected by the U.S. government each year with the total of all private theft and robbery in the U.S. Its orders of magnitude larger. It is a very successful institution.
But what I wanted to talk about was not the government, although well come back to that. I wanted to start out talking about the question of how you can maintain your privacy, because there are really two ways of protecting your privacy, and one of them doesnt work.
The one that doesnt work, which is, of course, the method central to all privacy law, is to let information about you out, and then control how other people use it. And if you believe it does work, I suggest a very simple experiment. The Fair Credit Reporting ActFederal lawforbids credit agencies to release credit reports on people except to those who have a legitimate need for the credit report. So the experiment is to start with the name of a random person, $10,000, and the yellow pages for private detectives for your city, then see whether you can end with a credit report on that random person. And I predict theif you are reasonably ingeniousthe answer will yes. And youll have money left.
Protecting privacy with public key encryption
The other way of protecting your privacy, the way that works, is to keep control over the information from the beginning. That is, not to let the information out. And it turns out that the technologies that have developed over the last few decades, make possible very, very powerful tools for that kind of privacy. And the central technology, which some of you know lots about but some of you know very little aboutand I think well have to talk aboutis public key encryption.
Suppose you want to send a message to somebody and you want to make sure that if its intercepted, strangers cant read it. And the oldnot very oldthe 50-year-old solution to this problem was that you had a form, a way of encrypting the message, a way of scrambling the message, which depended on a key, a set of instructions for scrambling. And you used the key to scramble to the message, you sent it to somebody, and he used the key to unscramble it.
Now if you think about it, theres a fundamental problem with this technology, and the problem is that the reason you need encryption is that you dont have a secure communication channel. The reason you need encryption is that when you send messages to people, they might get intercepted. But then when you send the key to him that might get intercepted, too. And if the key has been interceptedespecially if you dont know its been interceptedthen somebody else can read your mail. So the traditional single-key system has very serious limitations. Its workable for governments that can afford to send military attachés with briefcases handcuffed to their wrists, hither and yon about the world. But it isnt very practical for the rest of us.
And the solution is a mathematical solution made a few decades ago called public key encryption. And the way public key encryption works is that you generate two keys, each of these is simply a long number. And these keys have a rather complicated mathematical relationship to each other, which as the result that if you use one key to encrypt a message, that key cannot decrypt it. It depends on the fact that there are some mathematical operations that are much harder to do in one direction than the other. But the other key of the pair will decrypt it. So you roll up a key pair and you declare one of the two members of the pair to be your public key, and you give it to everybody in sight. And now anybody who wants to send a message to you encrypts the messages in your public key, sends it to you, and you decrypt it with your private key. And since your private key has never left your possession, you dont need any secure communication channel. All right? And if the people who are spying on you manage to steal a copy of your public key, thats fine. They can send you secret messages, too.
So its a very simple and elegant idea, and Im not going to try to describe the mathematics of it. But if youre really curious, if you go up on the Web, theres a firm called RSA, which is, in a sense, the major firm in this business, and last time I looked they had extensive Web page explanations of how public key encryption works, at least how their algorithms for public key encryption work.
It turns out that this single technology provides a whole lot of separate pieces that you can put together to get what I think of as a world of strong privacy. A world in which people can interact with each other, with quite a high degree of confidence that no third party can know what theyre saying, know who theyre talking to, trace their financial transactions, or in any way get information about what theyre doing.
The first technology is encryption itself, and the only tricky part is how you distribute your public key; how you make sure people really know its your public key; and we can talk about that if people want, but for the moment just assume that we have some way of doing that. Once youve done that, the next problem is when you are dealing with people who havent seen you at a distance, how do you prove youre you? How do you prove that when you are posing a revolt against the U.S. government, youre not really an FBI agent in disguise? Think of other cases when FBI agents disguised themselves as 12-year-old girls, for example, for other law enforcement purposes.
But how can you have a system where people can prove theyre them? And this is really two questions. One of them is, how do I prove Im David Friedman who teaches at Santa Clara?because for some purposes I might want to send a communication in which I identify myself. And the other question is, how do I prove Im the same unknown person who communicated with you last week? So the first question is, how do I link my cyberspace identity to my real space identity? But the second and more interesting question is, how I prove my cyberspace identity?because Im going to be arguing that there are a lot of purposes for which you dont want to link those two identities, for which you want to keep the cyberspace identity anonymous in real space, but not in cyberspace.
And the solution to this is something called a digital signature. And what Ill describe is a slightly simpler method than is really used, but it would work and it will do. And the method is quite simple. I wish to send you a message and prove its from me. So I encrypt the message with my private key. I then add a note to it saying, This is from David Friedman, and send it to you. You get the message, you decrypt it with my public key. Remember, whats encrypted with either key can be decrypted with the other. Since it turns out to be a message and not gibberish, you know it must have been encrypted with the private key that matches my public key. Im the only person in the world who has the private key that matches my public key. Hence, I must have sent the message.
Thats the guts of how digital signatures work. And not only does that mean that I can prove that Im me, it also means that if necessary, you can later prove to a third party that I sent that message, even if I deny it, because you now have in your possession the message encrypted with my private key, and the only way you could have gotten that is from me. So it provides not just identity, but non-deniable identity, as it were. It provides what a signature on a contract is supposed to provide, but much more reliable. Not perfectly. I could be careless and somebody stole my private key; thats my fault. But the only thing Ive got to do essentially in that system is make sure that my private key is secret. And since I never have to show it to anybody, that should not be impossible.
So we now have the ability to communicate securely and the ability to prove either my cyberspace identity or my real-space identity as I prefer. I should say, the way I prove my real-space identity is I go to some respected organization, say American Express or the Catholic Church, or whoever you and I both trust, which organization itself has its public key well-known. [Laughter.] All right. I really go to Verisign, which is a private firm in this business, but no reason you would have heard of it.
And that organization, I go to them and I show them my passport, and I show them my face and I show them my drivers license, and I show them my public key. And then they write whats called a digital certificate, which essentially is a statement intended to be read by a computer, which says, David D. Friedman, who teaches at Santa Clara and lives in the following place, has public key such and such. They digitally sign it with their private key. Now I can send anybody in the world who knows their public key that certificate. They check that American Express really checked that Im me, and now they know my public key, and now they can trust my digital signature. So thats how I demonstrate my real space identity. For my cyberspace identity, all I do is: the first time I communicate with you I give you my public key, and thereafter, anybody who can send you digital signatures which check with that public key is me. Thats the basic logic of it.
So now we can communicate with identity and with privacy, but we still have to worry about people seeing who theyre talking to because thats one common way of breaking privacy. And the solution to that? There are a couple of solutions, but the easiest one is something called an anonymous remailer, and the idea is very simple.
When I want to send a message to you, instead of sending it directly to you, I send it to David, here, whos an anonymous remailer, along with your e-mail, and he forwards it to you. Now, of course, that doesnt work, because now if somebody intercepts it, they can read the e-mail address and know, or alternatively they can just watch the message come in to him, go out from him, see where it came from and who it went to. Im assuming the spy whos watching the whole system. The beauty of this technology is that even with that spy, youre still safe.
And so what I dowhat I left out when I was describing itis first I take the message, I encrypt it with your public key because I dont want him to read my mail, then I add to that your e-mail address unencrypted, and I encrypt all of that with his public key, the remailers public key. Now the message goes in to him, he strips off the top layer of encryption, which is with his public key. He can now read the e-mail address, so he forwards it to you. Observe that somebody who intercepts the message when its coming from me cant read the e-mail address because its encrypted with his public key. And somebody whos watching him cant tell which incoming message matches which outgoing message, because, of course, since hes in the business, hes running 6,000 a minute and the messages look different when one layer of encryption is stripped off. All right?
Now, you see, theres still one remaining problem, and that is that David may be working for the FBI. Thats all right, thats all right. It wasnt your e-mail address that it was being forwarded to. It was the e-mail address of another anonymous remailer, and there was another layer of encryption, and another e-mail address, and of course, I dont trust him either because the FBIs been very energetic nowadays, so that was going to another one.
So my e-mail message bounces through 10 anonymous remailers before it reaches the intended recipient, and if you think of the logic of the system, unless all 10 are working for the same bad guys, Im safe, because any one broken link means you cant trace the line. So it really is a fairly powerful way of doing it.
The remaining problem is how I can make payments, because in order to do many things, you have to be able to pay people money. How I can make payments without being traceable. And credit cards and checks arent a very good solution, for obvious reasons.
But it turns out that using encryption technology, you can create what is referred to as anonymous digital cash, or anonymous e-cash. And Im not going to go into details. If people are curious, I can describe a way you could do it much simpler than the way people actually propose to do it. (And again, I assume were going to have a question period, and therefore, I can skip over things and if people find them puzzling, they can call me on them.) But the basic effect is that I send you a piece of information, and the result of your having that piece of information is that you now have control over an asset that I used to control. And you can send the information on to somebody else, and he can send it on to somebody else, and the hundredth person walks into the bank and takes the dollar bill that that information represents, and its done in such a way that each transaction, I lose control as you get control, that you andin effect, the information changes each time its transmitted, so my old information is now obsolete, and the result is, you get the same anonymity that cash gives you, that it is true, if our money were still redeemable for silver, at some point, the dollar bill comes in and gets redeemed, but it doesnt have a history on it. It doesnt say where its been, and therefore it cant be used to trace transactions. And you can do exactly the same thing with anonymous cash.
How anonymity with reputation can undermine taxation and regulation
So what is the result of this set of technologies? Its a very interesting world. To begin with, it is a world where you can simultaneously have anonymity and reputation. All right? That sounds paradoxical, but, I can have a cyberspace persona defined by a public key, and you can roll out public keys any time you like, public-private key pairs, so I have a cyberspace persona defined by a public key, and I can choose never to link that cyberspace persona to a real space persona, so that I can develop a reputation.
Suppose, for example, that I wanted to practice law without a license. No, Im not in fact a member of the bar, so if I want to give legal advice, and Im worried about getting into trouble, I set up online and I offer free legal advice for awhile. And when people have concluded that my legal advice is good, I start charging for it, and I get a reputation as a good source of legal advice, and at some point, the American Bar Association hears about this, and they say, we want to arrest this person. And so they send me a message, because theres some way of sending me messages through remailers, and the message says, Please come here so we can arrest you. And I throw it in the waste basket and thats the end of it, because they dont even know what continent Im on, or whether Im a man or a woman, a very bright 12-year-old, or a 90-year-old who hasnt gotten senile yet.
So thats a very interesting feature of this system. And it has both attractive and unattractive results. One obvious attractive result is that freedom of speech no longer depends on the legal doctrines of the Supreme Court. It only depends on the laws of mathematics.
Now I dont want to badmouth the Supreme Court. Freedom of speech is one of the few issues theyve been pretty good on historically. But, that was last decade. There is no predicting what theyll do next decade. And I prefer a system where violating freedom of speech is not merely illegal but impossible, where theyre unable to do it, not really not allowed to do it. Thats the good bit.
On the other handoh, another good bit, well, people in this room will think its a good bit, other people wontis that you cant tax or regulate something you cant see. All right. If I earn my money in cyberspace and spend it in real space, they can tax it when I spend it. If I earn money in real space and spend it in cyberspace, they can tax it when I earn it. But if I earn money in cyberspace and spend it in cyberspace, in particular if Im spending it for information goods, for computer programs, or videos, or consulting databases, or services, for anything which can be transmitted over the computer rather than having to be delivered by a UPS van, now, both the earning and the spending of money are invisible, and it now vanishes from the IRS.
Ditto for regulation, as in my example of practicing law without a license. Presumably, most of you will think this is a good thing. Some people wont. They have reasonable arguments for their position, although I think theyre mistaken. They think there are good things the government does and it needs money to do them with.
MurderInc.com: the dark side of encryption
But let me go on to a consequence that even some of us may be unhappy with. And that is, that it becomes possible to have criminal firms with brand name reputation. And I like to think of it in terms for my business plan for Murder Incorporated. Because I say to myself, Suppose I wanted to kill somebody. Me, right now. Whatother than moral reservations, which might depend on who I was thinking of killingwhat keeps me from doing it? [Laughter.]
And the answer is not the price. All right. As far as I can gather from published reports, the cost of a hit man is less than the cost of a new car. And we bought a new car quite recently. We could afford that. [Laughter.] All right.
What keeps me from doing it is that I dont have any safe way of locating a reliable seller of that service. If I were a professional criminal, I would. I would have the right contracts. But ordinary citizens dont. This problem we can solve. All right.
So think about my world of strong privacy. And the business plan goes as follows: Step One is a series of mysterious billboards placed at very high density places, on big highways. And all the billboard has is a series of numbers, digits, and the statement, Write down this number! Thats it.
The next thing that happens a week or two later is that the New York Times, and the Christian Science Monitor, and a few other major newspapers, receive a long classified ad, or at least a long ad, which appears to be gibberish. And maybe theres a sign above it, saying Save this ad!
The next thing is a very high profile assassination. I dont think politicians are important enough. I think a bomb at the Academy Awards is probably the optimal marketing strategy. [Laughter.] But you might manage it, say, at the World Series instead. On the field, of course.
So in any case, we in some way kill a bunch of people who get a lot of attention. And as soon as that happens, e-mails go, of course, through anonymous remailers, to all of the newspapers that we published this ad in, pointing out that if they take the number which was on that billboard, and use it to decrypt the ad, they will find something interesting. And what they will find is a description of our assassination, published two days before the assassination occurred.
So we have just demonstrated two things. One, we have an organization that is willing and able to kill people, and two, what its public key is. All right? The rest is details. We nowsince all the world has our public keyall the world can send us messages with confidence that nobody else but us can read it. All the world can check that messages from us are really from us. We are going to have to set up some protocols for getting messages to us through remailers, but that shouldnt be too hard, and now people can buy our services. We are Murder Incorporated. That was also in the encrypted ad, of course. And we are looking for business.
So thats the unattractivethats the downside of strong privacyand you can think of other less exotic cases. For example, Trade Secrets Incorporated, We buy and sell. Or a pirate archive which sells other peoples intellectual property at a penny on the dollar in an anonymous digital location.
So there are a bunch of opportunities for criminals which exist ultimately because this technology prevents the enforcement of law, certain kinds of laws, and although some laws shouldnt be enforced, some should. But theres a law against murder, and both are becoming harder. My prejudice is that weakening government is, on net, a good thing, but that doesnt mean that it has no bad consequences.
Let me however, raise a very general point about technological process with some specific applications, and that is, that technological change makes some things harder to do and some things easier to do. And when something you want to do gets very hard, what you ought to start thinking about is, is there some other way of achieving this objective thats just gotten easier. And in this case, at least a partial solution to Murder, Incorporated, is that if I am going to do things which will make people want to murder me, I do them online with my cyberspace identity, because theres no way that Murder, Incorporated, can get a bullet through a T-1 line.
So the same technology, on the one hand, makes murder easier, by solving one of the problems in arranging for murder. Of course, they still have to kill people. You can still protect yourself in real space; it takes a bullet in real space. But at the same time, it makes one of the defenses against murder, namely anonymity.
And of course, that suggests some of the reasons why people may choose to do business anonymously. The reasons for you and me arent all that strong. I mean, tax evasion is very nice, but its not worth enormous amounts of trouble, and in fact, I dont encrypt at the moment. I dont have many secrets.
But there are quite a lot of people who live in countries where, difficult though it may to imagine, property rights are considerably less secure than they are here. And where letting either your government or your neighbors know that youre rich is very risky, unless youve made an adequate investment in political influence. And in those countries, the idea of being able to sell valuable services, say computer programming or other things in a way such that no third party knows that you are the person getting that income, is going to be very attractive. All right. Some reasons to do it here, more reasons to do it elsewhere.
How to enforce contracts in cyberspace
Let me go on to discuss the question of using the technology to solve the problems that technology raises, but in a different and somewhat more detailed context. And thats the question of enforcing contracts. Because in general, contracts in cyberspace raise a problem. They raise two problems. Even without anonymity, they raise a problem because national boundaries are transparent in cyberspace, and therefore, you would like to be able to do business with people without worrying about what state or country theyre in.
However, although its possible to enforce contracts in the courts across jurisdictional and national boundaries, its relatively complicated, slow, expensive, and therefore much more difficult than for a contract with your neighbors. Hence, using the courts to enforce contracts is going to be somewhat more difficult in cyberspace than in real space. If the world I sketched comes into existence, its going to be a whole lot more difficult, because theres no way the courts can enforce a contract against somebody if they dont know who he is, right? [Laughter.]
On the other hand, if you actually think about contract enforcement in the real world, it should occur to you that there are two mechanisms by which we do it, and using law courts is the less important of the two. More important is that most individuals and most firms keep their promises most of the time, not because theyre afraid of being sued, but because they dont want a bad reputation.
Some of you may remember the wonderful line in, The Moon is a Harsh Mistress, by Heinlein where Manny is saying, Why on earth, they have laws for everything. They even have laws for private contracts. Why would you do business with a guy if you need the law? Doesnt he have a reputation? Anyway, its a good passage, good book. Great book.
But what I want to argue is that at the same time that moving to online commerce makes legal enforcement more difficult, it makes reputational enforcement easier. And, there are a couple of reasons.
How cyberspace strengthens reputational enforcement
To begin with, if you think about reputation enforcement, the crucial variable is the cost interested third parties of finding out who cheated who. Right? Suppose that you and I have a deal and you cheated me. And I say, Im going to tell everybody that you cheated me. And you say, Well, Ill deny it. And let us suppose, as is often the case, that for the third parties who might care whether youre honest; figuring out whether you cheated me is costly because youre going to do your best to argue that you were the wronged party and I cheated you. That not only reduces the effect of the reputation sanctional, it also gives me a reason not to complain in the first place, because if you didnt cheat me, I cheated you, and thus when I complain, both of our reputations go down, if other people cant check which of us in the wrong.
So its crucial, in order for a reputation system to work well, that interested third parties be able, at low cost, to know who is in the family. And the Internet helps in two ways. First, it makes finding information and transmitting information very quick and easy, so that in a casual sense, you can do a search using Google off the Web and off Usenet, and in a minute see if anybody has mentioned the firm youre thinking of doing business with, and what they said. Some, more organized fashion, as many of you know, eBay has deliberately gone out of its way to set up reputational mechanisms. That is to set things up, so that when you buy something on eBay, after the goods are delivered, you have an opportunity to report on the transaction and those reports are available to anybody else who wants to buy from that seller. So those sorts of reputation mechanisms work.
Let me describe a more formal reputation mechanism that one could use, if larger amounts were at stake. It goes as follows. You and I sign a contract. In the contract, we specify a private arbitrator. The contract includes the private arbitrators public key, which youll remember is the information you need to check his digital solution. The contract is digitally signed by both you and me. Now, you think I violated the contract. You demand arbitration. The arbitrator rules that I owe you $10,000 in damages. I refuse to pay. The arbitrator writes a brief statement that I agreed tothat he would be the arbitrator of disputes, that he gave a verdict, and that I refused to pay the damages. Digitally signs it and gives it to you.
You now have a package. That package consists of the original contract which I digitally signed, so provably I agreed to it, and the arbitrators verdict, which he digitally signed, so provably the arbitrator I agreed to, said that I cheated. You may now e-mail that package to anybody else in the industry. You can put it up on a Web site with my name all over it, so anybody who does a Web search for me will find it. In various low-cost ways, you can make it readily available to the world. And the beauty of it is, that when somebody gets the package, it takes his computer four seconds, or something less than four seconds, to find out that I cheated you, because all it has to do is verify the digital signature. Obviously if this is a routine procedure, well have standard ways of formatting the information so that no human being has to intervene and the computer can just check it, and then say, Hey boss, this guy cheats.
So that means that as a technology that makes it possible to drastically reduce the cost to interested third parties of knowing who cheated. And its really two technologies. One is a very old one, and thats arbitration. And the point of the arbitration is that it provides a cheap way for third parties to figure out who was in the wrong, because the arbitrator has done all the work, and all they have to know is, I agree to that arbitrator and that arbitrator says Im in the wrong. And that exists at present. It existed for a long time. There are articles on private arbitration in various industries, mostly written by Lisa Bernstein, whos been very enterprising in this field, starting with her classic article about the New York diamond industry, which is possibly the worlds most trust-intensive industry, in which almost nobody uses the courts, because the courts dont let you keep secrets. People have secrets, and for several other reasons.
Now, there is a problem of course, which is: suppose I want to make a contract with someone who has no reputation. Hes not a repeat player in this market, segment. Well, the solution to that is, you piggyback on somebody else who does have a reputation, and you do it by bonding, so that I want to make a contract, and the maximum damages Im going to be liable for are $10,000. So we agree on an arbitrator who is also a bonding agent. Each of us deposits $10,000 in digital cash with him. Of course, our contract with him specifies the arbitrator that he and we agree to use if we disagree with his verdict. Make sure he cant steal the money, which he probably wont do for reputational reasons anyway. And now, if he finds that I defaulted on the contract, he can award some of my money to you as damages. So the crucial thing now is that the bonding agent arbitrator has a reputation and that makes him honest, and once hes honest, we just trust him and thus get our enforcement second-hand.
You can think of other mechanisms as well, but I think this is enough to make the point that you can have a system for enforcing contracts entirely private, entirely reputational. Now of course, one implication is that if youre a new boy on the block, other than bonding, you arent going to be able to make large contracts. But thats often true in the real world as well, that you develop a reputation for awhile by making small contracts, and as the reputation becomes larger, people are willing to make larger contracts with you.
This could be the story of the 21st century, but it could also be the story of about the 12th century. Because as many of you may know, our present system of mercantile law ultimately has its roots in the lex mercatoria, which was a legal system that was evolved by the fair courts of medieval Europe, entirely as private law. That is, this was a context where you have lots of small governmental units with varying legal rules. You had courts at which merchants met from all over Europe, so they evolved their own system of legal rules, which was enforced primarily by reputational sanctions. And later got taken over, at least in England, by the common law, sort of adopted into it, and I suppose, ultimately ends up as the UCC [Uniform Commerical Code], largely. So this is not entirely new.
One of the attractive features of this system is that it is a system for generating efficient law, because when you are deciding what arbitrator to write into your contract, you want the arbitrator, who has the legal rules, that on average, maximize the sum gainsthe gains for the contracting parties. So you want the arbitrator who gets the right result at low cost. Doesnt take bribes. Follows legal rules that dont result in youre doing expensive things to avoid damages, and so forth.
So this is actually a market mechanism for generating efficient law for the private market, and I found that attractive, because I in fact, described that mechanism in 1971, when I wrote my first book in which I was describing an imaginary anarcho-capitalist society. I was trying to sketch out how a society could work with private property rights, but without government.
And one of the points I made, after showing how the legal institutions that work, this was not a reputational in question. These were ones where if necessary, they could shoot people. But after showing how the legal institutions worked, I proceed to show why they would have market reasons to generate efficiently. And I argued at the time, that one of the great advantages of my version of libertarianism over the minarchist version, was that the minarchist version has no reason to expect its institutions to actually generate the right law. It just assumes they do. Whereas in mine, I have economic reasons to expect to generate economically efficient law, and pretty persuasive reasons to believe that freedom is usually economically efficient, and that therefore, there will be a close, though not perfect, correlation to do an economically efficient law in libertarianism.
So here, it looks as though I dont have to wait 200 years for anarchro-capitalism to show up and transform the world. Its going to be happening more or less around us in cyberspace, not in real space, but in cyberspace in the form of the kind of private law Ive described, which I think is already developing.
Now, I could talk about other things along these lines as well, but Im going pretty long, so let me instead, give you some sort of summary comments, and then we can discuss things, and lots of more things to talk about, but talk is short and ours is long, as are speakers. [Laughter]
30 year prediction: more freedom, especially in cyberspace
Let me say a little bit about what I am guessing, and its only a guess, because prediction is, I think, a hazardous business. Im not in the prophecy business, but my guess of whats going to happen is that were going to be moving towards a world where you have two sets of institutions. One in cyberspace and one in real space. And the institutions in cyberspace are going to be voluntary institutions because the fundamental nature of cyberspace interaction is that all youre doing is sending messages. You cant get a bullet through a T-1 line. So that means that although its true you can defraud people, and ultimately do things like computer break-in, which are versions of fraud, you cant use force. And were unhappy with both force and fraud, but force is a lot more dangerous. With fraud, you can protect yourself against it if youre careful. With force, you cant. So its going to be a world of voluntary association, private law, all these things.
It will give us problems where you are working on the interface between cyberspace and real space, where you use the privacy of cyberspace to contract for a real space assassination. Thats where the problems are going to exist. But as long as youre only in cyberspace, you cant really assassinate people. Not people.
On the other hand, real space will still belong to the state, unfortunately. However, the state will be weakened in two interesting ways. The first is that the more of your life is in cyberspace, the more mobile you are, because it means that if youre working in a virtual firm. If your friends are largely people you know in virtual reality, who might be anywhere, now if you dont like the government thats taxing you, you move a thousand miles across a border and youve put a dot forward file in your e-mail file, so your e-mail all follows youand you have to get a new house, but nothing else changes very much.
So, the more mobile people are, the more governments have to compete for taxpayers, and thus the less they can steal. A very general rule, one which I sketched out in my first economics article a very, very long time ago, where I was an analyzing the size and shape of nations and arguing that large linguistically homogenous nations were a result of rising incomes, because it meant that human income was a major tax source, and if you want to tax human beings, youve got to make sure theres nowhere outside of your control they want to live. So I claim that explained the linguistic nationalists of the 19th century. Economic Theory of the Size and Shape of Nations, Journal of Political Economy, 1976. Anyway, so thats one effect.
Public key encryption as a virtual Second Amendment
The second effect, is that governments are going to be weaker because they cannot control information from us. And this is what Ive come to refer, especially when talking to my conservative friends, as the virtual Second Amendment. That if you think about the Second Amendment, the right to keep and bear arms, I think its pretty clear whats going on.
Its clear if you read say, Adam Smith. (I assume you all know that the important event of the year 1776, was not any of this nonsense going on in the colonies. That was the year that The Wealth of Nations was published.) [Laughter.] Anyway, Smith discusses the question of militias. He doesnt come up with the same conclusion, but its clear with the intellectual background of the late 18th century, that they were facing this problem. Professional soldiers are better than amateurs. They win battles, but professional armies are a potential threat to a free state, because when the government gets tyrannical, the army does what its told. Remember that Cromwell is a military dictator of England in the mid-17th century, so this is stuff people are still remembering. Its only a hundred years ago, a little more than a hundred years ago.
And the American solution, which I think was a very ingenious solution, is that you have a big militia. The militia is officered by the states, not by the federal government. Its the federal government that owns the professional army. The federal government makes the drill rules, so that if the militia is functioning as an adjunct to the federal army, they can all work together, but it doesnt have any control over the militia.
And this saves you in two directions. First, it means you dont need a very big professional army, because although your militia isnt very good, theres lots of it, so you can get along with a smaller professional army. And, second, it means that if the federal government engages in tyranny and uses the professional army, the militia outguns it a hundred to one. And even if theyre not as good, thats good enough. That was the theory.
I dont think that works anymore. I think thats probably a good explanation of why we have the Second Amendment. But, much as it pains me to say it, I think thats obsolete. I think its obsolete because the difference between the weapons a hunter uses and the weapons a soldier uses, is a whole lot bigger now than it was in the 18th century. And that while having an armed populace no doubt makes tyranny a little less likely, its not really a very effective connection.
On the other hand, my guess is, that any serious conflicts between the U.S. government and its citizens are going to be mainly information wars, not mainly bullet wars. And for information wars, I want to argue, widespread use of public key encryption is the virtual equivalent of the right to keep and bear arms, because it means not that government isnt allowed to do bad things, but that government doesnt have the power to do bad things. See? Thats the elegance of the Second Amendment. The Second Amendment doesnt say government may not establish a tyranny. The Second Amendment says, We will set up a situation in which if they try to establish a tyranny, they will lose. And that, it seems to me, is also the attractive feature of widespread use of strong encryption. It means if they try to censor people they will lose, in the long term. So, thats my view at least of the future we face.
Will government thwart the encryption revolution?
Now the final question is, why wont they stop it? Because Ive got to tell you, Im not the first person to think of these things, and while most of the other people who think of these things are also nutty libertarian types, the basic history of these ideas is that I stole them from a bunch of people called cypher-punks, of whom the leading light is Tim May, who stole some of them from me. That is to say, Tim read The Machinery of Freedom. He then took what he knew about online stuff, which I knew nothing about when I wrote the book, and evolved my ideas and other ideas into his ideas about the sort of crypto-anarchy Ive been describing, and then I stole the ideas back from him. Its only fair. [Laughter.]
But, there is another set of people who have been thinking about these things for a long time, and theyre very smart people, and they all work for the National Security Agency. Theyre the other encryption people. So, the bad guys know about it too. All right?
Why, therefore, have the attempts to regulate encryption, of which the most famous was the Clipper Initiativewhich some of you know about, and there have been others. Why have they so far been flops? And why do I think, though I could be wrong, theyre going to keep being flops, at least in the U.S.? And the ultimate reason is because governments have very short time horizons. All right?
Think about the question of, to what degree you are willing to accept a cost now for a benefit of the future. The critical question is whether you have secure property rights, all right? Youre thinking of planting black walnut trees, and they take, let us say, 40 years to mature. In a world of secure property rights, you plant the black walnut trees. In 20 years, you sell that forest to somebody else who is willing to wait another 20 years. In 20 more years he harvests the trees, and its worth making such long-term investments.
In a world of insecure property rights, by the time 20 years have passed, the odds are very high that somebody has stolen your walnut trees or the land theyre standing on. Someone, either a government or a private party. And therefore, you only make investments for the short-term payoffs. In our political system, political actors have insecure property rights. President Clinton could rent the White House. He couldnt sell it. Thats an important fact. He didnt own it. What does that mean? It means that Clinton was not willing to accept short-term political costs in order to make sure that the President 20 years later could collect taxes. All right?
But if you think about the nature of encryption regulation, because encryption and digital signatures are key technologies for making online commerce work, because in online commerce, youre moving lots of valuable information and money around, and you cant do it if you cant protect it, it follows that serious limitations on encryption are going to make it much harder to develop online commerce, and theyre going to do it right now. Thats going to be a big political hit now.
Why will they do it? In order that we cant cheat on our taxes 10 or 20 years from now. But Mr. Bush doesnt care about 20 years from now either. So thats why the prediction that I made, back at the beginning of the Clipper Chip stuff, which so far has held, is that the political actors wont be willing to take the short-term hits that they need in order to block this, assuming they can block it. And once its well-established, its very hard to do anyway. So thats my guess. I may be wrong. Im doubtless an optimist by nature, but I think thats whats been happening, and is going to continue to happen.
Who is it who tries to block it? And the answer is, its the long-lived bureaucracies. Because the NSA has much more secure property rights in its turf than Clinton does in his. So does the FBI. So its been the NSA and the FBI pushing it, and its been the Clintons not getting pushed, because theyd be the ones whod have to take the heat, and they dont want to take the heat. And so far, at least thats worked. It may or may not, but thats my guess.
So therefore, my guess of the future we face, and I may be wrong, but my guess is that its going to be a future where people who chose privacy, can in fact, have it. Itll take a few years to get all of the infrastructure established. To get e-mail programs modified so they automatically keep track of keys and encrypted or decrypt without you having to worry about it.
On the other hand, some of its happened very fast, that as you may have noticed, any time you do anything on the Web, you are every once in awhile, running into secure pages, and what does that mean? It means that those pages are rolling up a public key/private key pair, sending you the public key, youre sending stuff back, and therefore the whole transaction is encrypted. So thats a transparent, easy way of using encryption thats already happening. Thats the future. Its going to be a mixed future. I dont want to predict beyond 30 years, because Ive concluded there are too many technologies out there that could radically change the world in 30 years, but thats my current guess, thank you. [Applause.]
Carl has the microphone, if you just wait for that. And David, you want to just field the questions yourself?
Sure. Yes, I was delivering that talk from a pocket computer, and its a lovely pocket computer and Ill tell you all about it later. What was the first question? Yes?
Audience Member 1: I see a couple of bootstrapping problems. Although encryption is being used regularly over the Internet, whats being encrypted is basically credit card transactions, which are imminently traceable and taxable. And the two other problems: theres a long string of dead companies who have tried to do digital cash, and I dont see anything forthcoming in the near future that will be successful. And also, to deny the government tax revenue basically, [what] both parties have to do [to] be able to spend a dollar so they earn in cyberspace, as soon as they get taken out of cyberspace, its taxable. So you cant doeven though you could buy something from IBM thats an information product, and pay them anonymouslybecause they have very many feet in the meet-space world, the government is going to tax them.
Well, to begin with youre assumingits interestingyoure assuming a world where every time IBM makes a transaction, they have to tell the government whether they know whether the other party is reporting it.
No, its just that their income will be taxed.
Yeah, but yours wont. Yours will be only if the government could somehow use them, but since you might well be outside of the jurisdiction, they dont try to tax German purchasers of information stuff from IBM, so therefore, youre still free. IBM is being taxed, but prior to that, IBM and you would both be taxed.
Audience Member #1
Right. But [Inaudible]
Well, except that there are limits on collection and elasticity and so forth. My favorite counter-example, is on the general issue ofclearly impossible is always too strong a statement for the real world. But Id like to point out that state governments are currently losing, many, many million dollars of revenue, due to barriers much weaker than this barrier. And Im thinking about the problem of taxing interstate mail-order sales.
I know the situation in Illinois, and Im pretty sure its true in California: If I buy a copier from 47th Street Camera in New York, I am legally obliged to pay the State of Illinois a payment which corresponds to the sales tax on that copier. Furthermore, if I were so foolish as to again buy a copier when living in Illinois from 47th Street Camera, I might end up paying that tax, because it happens that New York and Illinois are both parties to something called The Great Lakes Compact, which is a bunch of states on the Great Lakes that have agreed to share the relevant information. And the reason I know that was that I did buy a copier from 47th Street Camera, and to my great astonishment, got a bill from the State of Illinois for the taxes.
Thereafter, I bought my high-tech stuff from Texas, which is not a party subject to the Compact. [Laughter.] And if you think about the logic of the situation, the more states sign the contract, the greater the incentive to be the chiseler on the cartel and to be the state that doesnt sign the contract. So thats a case where in fact they have failed to collect large amounts of taxes, because of a relatively smaller barrier, so I think that stands.
As far as whats happening, George Orwell wrote a series of articles for an American magazine during World War II, and just after the war, he wrote sort of a summary, a retrospect article. And he said it was very interesting, looking back, because he got right, the way things were going, but he always got wrong how fast they were going. Because as an intellectual, he looked at the logic of the situation, as it were, but the world had a lot of inertia. So that may well be true, and Im a little disappointed that Mark Twain Bank didnt succeed, that we dont have a digital cash system.
My latest effort to jump-start the digital cash movement is my solution to this spam problem, which Ive been trying to get unsuccessfully published as an op-ed, which involves your putting a price on your mailboxfive cents sayand when somebody who isnt on your list of people you want to receive mail from sends you an e-mail, it gets bounced with a message saying, I charge five cents to receive mail from strangers. If you wish to send me mail, here is the URL of the stamp machine.
And the stamp machine is now a Web page, which sells anonymous digital cash in small denominations, and that means that the stamps are reusable, unlike the governments inferior stamps, so when you want to send messages to people who dont already know you, you just use one of the stamps you received when somebody sent the message to you. And that seems to be a nice, innocuous idea, and if I can get it going, its one way of jump-starting the cash. And I think privacy advocates will be happy with the idea that these small denomination things are being done in an anonymous fashion, because youll want to be able to trace peoples letters back and forth. But of course, we can all do arithmetic, and a hundred million five cent stamps is a lot of money. [Laughter.] And computers multiply real easy.
Maybe Im wrong, but it does seem to me that the logic of things drives them eventually, and sometimes it takes a while.
In the case of encryption, its basically a network problem that I dont want to encrypt my mail to you unless I know youre already set up to receive it, and there what Im hoping is going to happen is that two or three of the main companies doing e-mail will get together and theyll agree on some standardized protocol so that we can make it all transparent, and basically when you receive an e-mail from somebody thats gibberish, your machine automatically writes back to his machine and say, Please send me his public key with the certificate, and it automatically sends it, and thereafter is no problem. But well see. Lots of entrepreneurial opportunities here. Yes?
Audience Member #2
You talked about the Clipper chip. Is that still happening? Its not happening. So the equipment, the infrastructure that was built on the government side with the two key requirement and all that stuff, Justice Department and some other authority
Ah, interesting. As far as I knowthats a good questiongovernments sometimes maintain things long after theyre dead. And so I dont guarantee that the mechanism isnt there, but nobodys using the Clipper chip, there is no effort to get people to use Clipper chip, maybe the government uses it for low-security stuff. They were never going to use it for high-security stuff. They knew better.
Audience Member #2
Is it true that the only company that was installing that as a function of some negotiation was AT&T?
I think thats right, yeah, but I dont think it ended up going anywhere.
Audience Member #2
Interesting. Thank you.
Yeah. No, the next generation were proposals for key escrow schemes, for schemes in which youre allowed to have your own keys, but youve got to have your private key escrowed with an authorized agency, and none of those things were going anywhere either. And Im a little puzzled about why Americans are as in favor of privacy as they are, but Im delighted to observe it. Yeah?
Audience Member #3
You mentioned that the NSA and FBI seemed to be picking up all of the e-mails. Is that right?
I didnt mention that. The NSA has for many, many years been part of an international operation called Echelon, which intercepts phone messages, and of course, phone messages might be emails, and Im sure it intercepts e-mails if they go on the air, and presumably reads very few of them. But it uses it for traffic analysis and other things. The FBI has a Carnivore system, which according to their description, which for all I know may be true, they essentially get a court order saying you can read all e-mails to Mr. Smith from Mr. Jones in between these dates, and Carnivore then looks at all e-mail that passes the relevant nodes and filters those out. And thats their description. Now I wouldve thought that you might also want to look at the e-mail which had certain words in it, but they say theyre not doing that. And for all I know, thats true.
Audience Member #3
But I guess what Im looking from is the macro standpoint, and Im trying to put a limit on kind of helping encryption just by kind ofthe decay mode orof data, is that if the government or entities are intercepting every e-mail that goes on, do they have kind of a physical constraint of how long they can hold that data? Because data storage starts to creep up, and then all of a sudden you basically have a protection there?
Let me go back a step. First, they certainly are not in practice intercepting every e-mail and every phone conversation at present. That would be very costly. On the other hand, one of the ways in which technology makes things worse is that we are getting good at speech-to-text technology, at programs which you speak to the computer and it turns it into words.
If you think about wire tapping, the reason there is so little wire tapping is its very expensive. Its very expensive in labor. Because somebody has to listen to that phone a whole lot of the time. All right? Once youve got good speech-to-text, technology that problem disappears. Computers are much, much cheaper by the hour than the FBI agents are.
So it becomes possible to tap a million phones, have it going to computers, the computers do speech-to-text, they then scan for keywords, they throw out 99.999% of the stuff, they tape record the rest, and when the right keywords come up they call a human being over to read it. So that means that one of the privacy threats is the cost of wire tapping is much lower, and thats especially disturbing if you know that COLEA, the Communications Assistance to Law Enforcement Act, essentially required the phone companies to make it possible for the federal law enforcement to tap very large numbers of phones at once. And the FBI denied they were planning to tap very large numbers of phones at once, they said it was just that they might want to tap 2% of the phones in some tiny area, so they had to havebe able to have the capacity for 2% everywhere, and thats a lot of phones. But I dont know if I believe them.
So thats a disturbing thing. On the other hand it doesnt do any good to intercept something thats encrypted, and so what we have to do is to get enough people encrypting so it doesnt stand out, at which point, they can intercept it if they like to. Who cares? Its privileged. Yes.
Audience Member #4
Im interested in one aspect of the enforcement. Its sort of a transactional hegemon of, for example, the Bank of International Settlements and their interest in getting taxation out of currency transactions. Youve got your private currencies flying back and forth, and theyve got enough clout through money to make governments per se write rules to keep the one man out from doing what it is that theyre interested in doing in setting up a Grand Cayman Bank, or whatever the heck it is thats going to do that. So its kind of a game theory question as to how you see that shape.
But I guess the main thing, as in many of these cases, is it only takes one government to let you do it, it takes every government to stop you from doing it. That is, as long as youve got one government where people trust the institutionsSwitzerland is an obvious candidatethen they can create a e-cache that everybody else can use, they get the seniorage on it, and that gives them an incentive to do it.
So again, I mean, obviously the U.S. government doesnt like e-cache. I wouldnt if I were the U.S. government. [Laughter.] But it seems to me not impossible but its going to be pretty hard to block it from happening anywhere anytime. That would at least be my reading.
Audience Member #5
This might be off the topic, but whats your take on Napster?
Whats my take on Napster? I argued, I think, back in my strong privacy piece about six years ago, that copyright in digital intellectual property was not going to be enforceable for much longer, just as a technological fact. You may be able to defend property and intellectual property, but not through copyright laws. That is, there is the possibility that technological protection may work well enough so that you can use the equivalent of barbed wire fences to protect your property. But it seems to me that once youve got lots of computer networking its going to be very, very hard to prevent widespread piracy of any kind of digital intellectual property, and I think thats whats now happening with music.
And Napster, of course, was a bad design because it had a centralized system and therefore could be hit, but my understanding is that some of its competitors dont, and that with a decentralized system, especially with use of encryption, it becomes very hard to find anybody to sue other than the ultimate users, and you at least are a little reluctant to try to sue a whole lot of 14-year-olds for listening to your music.
So yeah, I mean that would be my view of that, they can win in the short run, but I think theyre going to find that if you want to make money by producing digital IP, you have to either work out an effective barbed wire system, which is what Intertrust, for example, is in the business of trying to do, or you have to make your money indirectly in various ways, that you could, for example, have a song, which is given away for free, but you license a firm that wants to put that song into its advertisement. That firm is a real-space entity, it needs your permission, and so you make it valuable by giving it away and then use it in that way. Or you give away the songs and then charge for the concerts.
I happen to be reading a book that Bill Buckley published a while ago, which was a selection of his speeches over the years, and he comments in the preface that the secret that authors dont tell is that giving speeches pays much more per hour than writing books. And if you look at the history of people like Mark Twain, that was true then, too. So thats a case where you use tie-ins, as it were, to get your revenue. And my guess is thats the direction its going.
And of course Im doing that quite extensively, that is to say, my Web page has got the full text of two books and almost all my published articlesthree books actually, one from my hobby that my wife and I wrote. And from my standpoint Im collecting my revenues not in money, but in spreading ideas I want to spread, getting a reputation, which gets me invitations to talk to nice audiences, and gets me a few free pretzels, and one free book in this case[Laughter]and other things of that sort. So I think thats likely to be what the world is facing. Yes?
Audience Member #6
Is not the interception of these messages by the government a violation of the Constitutional defense, the requirement for search and seizure for warrants?
No. To begin with, there is no Constitutional prohibition to prevent the government of New Zealand from intercepting U.S. phone calls, and the fact that the government of New Zealand happens to be an ally of the government of the U.S. is irrelevant.
The National Security Agency will tell you with a straight face, probably truthfully, that if their people discover that a phone call they have intercepted has one end in America they will throw it away and wont listen to it. But of course, they have no obligation to make the Australians, New Zealanders and English agents, who are working in the next room to do the same thing.
As far as the FBI is concerned, the FBIs position in the matter is that Carnivore is working with court orders, and it is just simply a way of implementing a court order that says that they can read certain mail, thats a warrant.
Ive in fact constructed an argument which, for all I know, the FBI hasnt quite made, though theyve gotten close to it, which is that if you have a computer listening totapping phones, you dont even need a warrant. The argument, which might for all I know fly, Im not sure, is that as long as its only the computer, thats like a pen register. Thats something where no human being has listened.
So what you do is you have your computers listening to 100,000 phone conversations. Seven of them, the computer reports to you. It doesnt say anything about whats in it. It just says it meets our search requirements. And your search requirements are a complicated filter, depending on the words in it. So you thenno human being listens to it. Were assuming for a moment, the FBI is playing by the rules. You now go to a court, you now go to a judge and you say, Ive got these seven recorded messages that no human being has listened to, so I havent needed any warrants yet. I now want you to give me the warrant to listen to those messages. What is my probable cause? The fact that my computer beeped, that my computer says it meets those criteria.
Now I havent seen the FBI quite make that argument for Carnivore, but Im not entirely sure it wouldnt succeed in a court, because you could argue that this is how youre deciding which things you want to ask for warrants about. Right?
Audience Member #7
About the model you were discussing in the first part of the talk about enforcing against fraud by using reputation rather than force. It seems to me that the market has already shown it. In the case of cyberspace in particular, that doesnt work. There have been at least two cases I know of: online casinos in the Caribbean that were well reputed, and did a lot of business, and then all of a sudden closed their doors and disappeared with a lot of their customers money, and because they had, as you say, only a cyberspace identity nobody can find who it was and sue them.
Yeah. Im afraid you have a stronger definition of work than I do. I assume that all human institutions will sometimes produce undesirable results, and I assume that a working system of contract enforcement does not reduce the level of contract violation and fraud to zero, it merely reduces it low enough so that we can have a livable and workable society.
Audience Member #8
That would argue for the use of pooled risk in the guarantor of the reputation, is that ?
That isif you think ofthere are certainly going to be cases where youll want insurance institutions, thats what youre saying. Yeah, you might havejust like my bonding caseyou might have organizations which themselves have large reputations, and therefore at a price guarantee other people smaller reputations. Yeah?
Audience Member #9
What was the name of that 1971 book?
The Machinery of Freedom. I think it was 70, it was written in 71, I think the publication date is either 72 or 73. But the other question. My Web page, www.daviddfriedman.com. All right, all done as one word, daviddfriedman.com. If Id only applied about two months earlier, I couldve had davidfriedman.com, alas. So I didnt buy ithow muchwhatd I pay for it? That I dont know. The question has arisen. But its an interesting question.
But in any case, you will find lots of stuff there. Not all of it is political. If any of you are interested in medieval recipes youll find quite a lot of those there too. Thats one of my hobbies. Butsome poetry, some other things. But among other things, youll find most of my published academic articles, all of my price theory text book, all of Laws Order, although the version thats current is in the form of gifs, and so its about as good resolution as, say, a dot matrix printer, but its supporting my system of virtual footnotes, which means that the icons in the margin of Laws Order, when you go to the Web page those icons are links so they take you to additional stuff, which iswas my idea for that book, and selected chapters from other stuff and lots of articles. Soand even some of my Usenet posts arguing with Objectivists and stuff like that. Thank you. [Applause.]
You can see why David is so admired and well read by many people. One other thing I might mention is that anyone who hasnt gotten his book [Laws Order] or had your copy autographed, hed be happy to, I believe, autograph copies here. There are copies upstairs for those who havent purchased one. Also, if I could make another plug for something that we did here, this is a book that we published through New York University Press by one of our fellows, his name is Bruce Benson, called To Serve and Protect, and if youre interested in the ideas of private law and non-state organization, I think youll find this to be quite intriguing. If there are anybody here who would like further information about future events, let me know. I want to thank everyone for joining with us, and good night.
I havent read Bruce Bensons book, but I know Bruce, hes very good. A while ago he organized a conference at the university he teaches at in Florida, and my comment at the time was that one bomb at that conference wouldve set the anarcho-capitalists back a generation. [Laughter]
Theres a great review from Andy Morris in the University of Chicago Law Review
Audience Member #10
Have you ever considered opening a restaurant serving medieval food?
Yes, but Im not going to do it. Too much money.
Audience Member #10
Maybe if you have 110% like Sammy Davis, Jr.
Good, Im glad you liked it.
END OF EVENT