Internet Code Ring! (Interview with Phil Zimmermann, circa 1993)

Discovered that this interview is no longer findable online, so I’m republishing it here. A version of this was published in bOING bOING (the ‘zine) in 1993 or 1994.

We were sitting in a circle on the floor at the Computers, Freedom,
and Privacy conference, March ’93 in San Francisco, St. Jude and I
with Tom Jennings, Fen La Balme, et al, discussing encryption and
other neophiliac rants when a dapper fellow wandered by with a
beard on his face and a tie hanging from his neck. He picked up
Jude’s copy of bOING-bOING number 10 and glanced through it,
clearly interested. I later learned that this was Phil Zimmerman,
creator of PGP (“Pretty Good Privacy”), so I tracked him down and
we talked for the record.

Jon: I’m fairly nontechnical, and I’m also new to encryption. I spent
some time recently on the cypherpunks’ list, and I have a pretty
good sense of what’s going on, but maybe you can tell me in your
own words how you came to write PGP, and what your philosophy
is, especially with distribution.

Phil: Well, okay. PGP, which means “Pretty Good Privacy” is a
public key encryption program, it uses a public key encryption
algorithm, which means that you can encrypt messages and you can
send them to people that you’ve never met, that you’ve never had a
chance to exchange keys with over a secure channel. With regular
encryption, the kind that everybody has heard about, you encrypt a
message, it scrambles it up, renders it unintelligible, and then you
send it to someone else, and they can descramble it, decrypting it.
They have to use the same key to decrypt it as you used to encrypt
it. Well, this is a problem, this is inconvenient, because how are you
going to tell them what that key is, what’re you going to do, tell
them over the telephone? If someone can intercept the message, they
can intercept the key. So this has been the central problem in
cryptography for the past couple of millenia. There’s been a lots of
different ways of encrypting information, but they all have this
problem.

If you had a secure channel for exchanging keys, why do you
need any cryptography at all? So, in the late 1970s, somebody came
up with an idea for encrypting information with two keys. The two
keys are mathematically related. You use one of the keys to encrypt
the message, and use the other key to decrpyt the message. As a
matter of fact, the keys have a kind of yin-yang relationship, so that
either one of them can decrypt what the other one can encrypt. So
everybody randomly generates a pair of these keys, the keys are
mathematically related, and they can be split apart like cracking a
coin in half, and the jagged edges stick together just right. They can
publish one of the keys, and keep the other one secret. Now, unlike
cracking the coin in half, you can’t look at the jagged edge, and
figure out what the other jagged edge is going to look like. In fact,
you can’t look at the published key and figure out what the secret
key is without spending centuries of supercomputer time to do it.
This means that any time anybody wants to send you a message,
they can encrypt that message with your public key, and then you
can decrypt the message with your secret key. If you want to send
them a message, then you can encrypt the message with their public
key, and then they can decrypt it with their secret key. Everybody
who wants to participate in this system can generate a pair of these
keys, publish one of them, and keep the other one secret.
Everybody’s published key can end up in a big public key directory,
like a phone book, or an electronic bulletin board, or something like
that. You can look up somebody’s public key, encrypt a message to
them, and send it to them. They’re the only ones that can read it,
because they’re the only ones that have the corresponding secret
key.

J: Are there any such directories now?

P: Well, actually, there are starting to be directories like that. For
PGP, there are some public key directories on Internet. You can just
send an electronic inquiry saying “Give me the key for
[somebody],” and it’ll send you their key back, their public key.

J: The convention I’ve seen has been the inclusion of the public key
in an email message posted to a mailing list.

P: You can do that, you can include your own public key when you
send a message to someone, so that when they send you a reply,
they’ll know what public key to use to send the reply. But the
problem…there is an achilles heel with public key cryptography, and
I’ll get to that in a minute. But first, let me explain authentication. If
I want to send you a message, and prove that it came from me, I can
do that by encrypting it with my own secret key, and then I can
send you the message, and you can decrypt it with my public key.
Remember I said that the keys are in this yin-yang relationship, so
that either one can decrypt what the other one encrypts. If I don’t
care about secrecy, if I only cared about authentication, if I only
wanted to prove to you that the message came from me, I could
encrypt the message with my own secret key and send it to you, and
you could decrypt it with your public key. Well, anyone else could
decrypt it to, because everyone has my public key. If I want to
combine the features of secrecy and authentication, I can do both
steps: I can encrypt the message first with my own secret key,
thereby creating a signature, and then encrypt it again with your
public key. I then send you the message. You reverse those steps:
first you decrypt it with your own secret key, and then you decrypt
that with my public key. That’s a message that only you can read
and only I could have sent. We have secrecy and authentication. So
you get authentication by using your own secret key to decrypt a
message, thereby signing the message. You can also convince third
parties like a judge that the message came from me. That means that
I could send you a financial instrument, a legal contract or some
kind of binding agreement. The judge will believe that the message
did come from me, because I am the only person with the secret key,
that could have created that message.

Now, public key cryptography has an achilles heel, and that
achilles heel is that, suppose you want to send a message to someone,
and you look up their public key, on a bulletin board, for example.
You take their public key and you encrypt the message and then
send it to them, and presumably only they can read it. Well, what if
Ollie North broke into that BBS system? And he subsituted his own
public key for the public key of your friend. And left your friend’s
name on it, so that it would look like it belonged to your friend. But
it really wasn’t your friend’s public key, it was Ollie’s public key that
he had created just for this purpose. You send a message, you get the
bulletin board to tell you your friend’s public key, but it isn’t your
friend’s public key, it’s Ollie’s public key. You encrypt a message
with that. You send it, possibly through the same bulletin board, to
your friend. Ollie intercepts it, and he can read it because he knows
the secret key that goes with it. If you were particularly clever,
which Ollie North isn’t because we all know that he forgot to get
those White House backup tapes deleted…but suppose he were
clever, he would then re-encrypt the decrypted message, using the
stolen key of your friend, and send it to your friend so that he
wouldn’t suspect that anything was amiss. This is the achilles’ heel of
public key cryptography, and all public key encryption packages
that are worth anything invest a tremendous amount of effort in
solving this one problem. Probably half the lines of code in the
program are dedicated to solving this one problem. PGP solves this
problem by allowing third parties, mutually trusted friends, to sign
keys. That proves that they came from who they said they came
from. Suppose you wanted to send me a message, and you didn’t
know my public key, but you know George’s public key over here,
because George have you his public key on a floppy disk. I publish
my public key on a bulletin board, but before I do, I have George
sign it, just like he signs any other message. I have him sign my
public key, and I put that on a bulletin board. If you download my
key, and it has George’s signature on it, that constitutes a promise
by George that that key really belongs to me. He says that my name
and my key got together. He signs the whole shootin’ match. If you
get that, you can check his signature, because you have his public
key to check. If you trust him not to lie, you can believe that really is
my public key, and if Ollie North breaks into the bulletin board, he
can’t make it look like his key is my key, because he doesn’t know
how to forge a signature from George. This is how public key
encryption solves the problem, and in particular, PGP solves it by
allowing you to designate anyone as a trusted introducer. In this
case, this third party is a trusted introducer, you trust him to
introduce my key to you.

There are public key encryption packages currently being
promoted by the U.S. Government based on a standard called
Privacy Enhanced Mail, or PEM. PEM’s architecture has a central
certification authority that signs everybody’s public key. If everyone
trusts the central authority to sign everyone’s key, and not to lie,
then everyone can trust that they key they have is a good key. The
key actually belongs to the name that’s attached to it. But a lot of
people, especially people who are libertarian-minded, would not feel
comfortable with an approach that requires them to trust a central
authority. PGP allows grassroots distributed trust, where you get to
choose who you trust. It more closely follows the social structures
that people are used to. You tend to believe your friends.

J: Did you make a conscious decision up front, before you started
programming PGP, that you were going to create something that
would be distributed in this grassroots way, free through the
Internet.

P: Well, there were some software parts of PGP that I developed
some years ago, as far back as 1986, that I developed with the
intention of developing commercial products with it someday. Over
the years that followed, I developed a few more pieces that I hoped
someday to turn into a commercial product. But, when it finally
came down to it, I realized that it would be more politically effective
to distribute PGP this way. Besides that, there is a patent on the
RSA public key encryption algorithm that PGP is based on. I wrote
all of the software from scratch. I didn’t steal any software from the
RSA patent holders. But patent law is different from copyright law.
While I didn’t steal any software from them, I did use the algorithm,
the mathematical formulas that were published in academic journals,
describing how to do public key cryptography. I turned those
mathematical formulas into lines of computer code, and developed it
independently.

J: Did you originally intend to license that?

P: When I first wrote the parts of it back in 1986, I did. But I began
in earnest on PGP in December of 1990. At that time, I had decided
that I was going to go ahead and publish it for free. I thought that it
was politically a useful thing to do, considering the war on drugs
and the government’s attitude toward privacy. Shortly after I stared
on the development, I learned of Senate Bill 266, which was the
Omnibus Anticrime Bill. It had a provision tucked away in it, a sense
of Congress provision, that would, if it had become real hard law,
have required manufacturers of secure communications gear, and
presumably cryptographic software, to put back doors in their
products to allow the government to obtain the plain text contents
of the traffic. I felt that it would be a good idea to try to get PGP out
before this became law. As it turned out, it never did pass. It was
defeated after a lot of protest from civil liberties groups and industry
groups.

J: But if they could get away with passing it, they would still take the
initiative and try.

P: Well, yeah, actually…it started out as a sense of Congress bill,
which means that it wasn’t binding law. But those things are usually
set to deploy the political groundwork to make it possible later to
make it into hard law. Within a week or so after publishing PGP,
Senate Bill 266 went down in defeat, at least that provision was
taken out, and that was entirely due to the efforts of others, I had
nothing to do with that. PGP didn’t have any impact, it turned out,
at all. So that’s why I published PGP.

J: Several of my friends are involved in cypherpunks, and I’ve been
on their mailing list…are you affiliated in any way with
cypherpunks? Are you getting their mailing list?

P: I was on their mailing list for a couple of days, but I found that
the density of traffic was high enough that I couldn’t get any work
done, so I had them take me off the list.

J: The reason I bring cypherpunks up is that they seem to have
almost a religious fervor about encryption . I was
wondering if you share that.

P: I don’t think of my own interest in cryptography as a religious
fervor. I did miss some mortgage payments while I was working on
PGP. In fact, I missed five mortgage payments during the
development of PGP, so I came pretty close to losing my house. So I
must have enough fervor to stay with the project long enough to
miss five mortgage payments . But I don’t think it’s a
religious fervor.

J: I’m impressed with the way encryption in general and PGP in
particular have caught on with the press, how it’s become within the
last year.

P: Well, PGP 1.0 was released in June of ’91. It only ran on MS
DOS, and it didn’t have a lot of the features necessary to do really
good key certification, which is that achilles’ heel that I told you
about. Theoretically, you could use it in a manual mode to do that,
but it wasn’t automatic like it is in PGP 2.0 and above. The current
release of PGP is 2.2. It’s a lot smoother and more polished that 2.0
was. 2.0 was tremendously different than 1.0, and the reason the
popularity has taken off so much since September, when it was
released, is because it ran on a lot of UNIX platforms, beginning
with 2.0. Since the main vehicle for Internet nodes is UNIX
platforms, that made it more popular in the UNIX/Internet world.
Since Internet seems to be the fertile soil of discourse on
cryptography, the fact that PGP 2.0 began running on UNIX
platforms has a lot to do with it’s popularity since that version was
released…Tthat was in September of ’92.

J: The easiest way to get PGP is through FTP from various sites?

P: Yeah. Most of them European sites. PGP 2.0 and above was
released in Europe. The people that were working on it were out of
reach of U.S. patent law…and not only are they out of reach of patent
law, but it also defuses the export control issues, because we’re
importing it into the U.S., instead of exporting it. Also PGP 1.0 was
exported, presumably by somebody, any one of thousands of people
could have done it…but it was published in the public domain. It’s
hard to see how something like that could be published, and
thousands of people could have it, and it could not leak overseas. It’s
like saying that the New York Times shouldn’t be exported, how can
you prevent that when a million people have a copy? It’s blowing in
the wind, you can’t embargo the wind.

J: And by beginning in Europe, you sort of fanned the flame that
much better.

P: Yeah.

J: It seems to have spread globally, and I’m sure that you’re hearing a
lot about it, getting a lot of response.

P: Particularly at this conference (CFP93), yes.

J: Do you plan to do more development of PGP, or are you satisfied
with where it is….

P: PGP will be developed further. My personal involvement is more
in providing design direction and making sure that the architecture
stays sound. The actual coding is taking place overseas, or at least
most of it is. We do get patches sent in by people in the U.S. who
find bugs, and who say, “I found this bug, here’s a patch to fix it.”
But the bulk of the work is taking place outside the U.S. borders.

J: Is there a Mac version as well as a DOS version now?

P: Yeah, there is a Mac version…there was a Mac version released
shortly after PGP 2.0 came out. Somebody did that independently,
and I only found out about it after it was released. People have
written me about it, and it did seem to have some problems. The
same guy who did that version is doing a much improved version,
Mac PGP version 2.2, which I believe should be out in a few
days…that was the last I heard before I came to the conference. The
second Mac development group, that’s working on a very “Mac”-ish
GUI, is being managed by a guy named Blair Weiss. That takes
longer, it’s difficult to write a good Mac application, so it’s probably
going to be a couple of months before that hits the streets.

J: Were you involved in the UNIX version, too?

P: I did the first MS-DOS version entirely by myself, but it’s not
that big a distance between MS-DOS and UNIX, so most of it was
the same. The UNIX board took place soon after PGP 1.0 was
released. After that, many other enhancements were added, and
major architectural changes took place to the code, and that’s what
finally made its way out as version 2.0.

J: You’re doing consulting now?

P: That’s how I make my living, by consulting. I don’t make
anything from PGP.

J: Do you think you’ll just let PGP take a life of its own, let other
people work on it from here out?

P: Other people are contributing their code, and other people are
adding enhancements, with my design direction. Perhaps someday
I’ll find a way to make money from PGP, but if I do, it will be done
in such a way that there will always be a free version of PGP
available.

J: I was thinking of the UNIX thing, where everybody’s modified
their versions of the UNIX Operating System so that some
[customized versions] weren’t even interoperable. I was wondering
if there was a chance that PGP would mutate, whether you’re going
to keep some sort of control over it, or whether people will start
doing their onw versions of it….

P: Well, I don’t know, that could happen. There are so many people
interested in the product now, it’s hard to keep track of everybody’s
changes. When they send in suggested changes, we have to look at it
carefully to see that the changes are good changes.

J: But you don’t have some sort of structure in place where you do
some kind of approval if somebody wants to make some kind of
mutant version of PGP….

P: There is a kind of de facto influence that I have over the product,
because it’s still my product, in a kind of psychological sense. In the
user population, they associate my name with the product in such a
way that, if I say that this product is good, that I have looked at this
and that I believe the changes made sense the last version are good
changes, that people will believe that. So I can determine the
direction, not by some iron law, not by having people work for me
that I can hire and fire, but more by my opinion guiding the product.
It would not be easy for a person to make a different version of PGP
that went in a different direction than how I wanted it to go, because
everybody still uses the version that I approved, so to be
compatible…this has a kind of intertia to it, a de facto standard. PGP
currently, I believe, is the world’s most popular public key
encryption program, so that has potential to become a de facto
standard. I don’t know what that means in comparison to the PEM
standard. PEM is for a different environment than PGP, perhaps,
although the PGP method of certifying keys can be collapsed into a
special case that mimics in many respects the PEM model for
certifying keys.

1992 Bruce Sterling Interview

I ran across a few old files today. Here’s an intrerview I did with Bruce Sterling in 1992. (Originally appeared in bOING-bOING #9) Bruce Sterling’s unparalleled reputation as a writer of bleeding edge science fiction and as a spokesman for the cyberpunk literary flare is well known, but recently he’s been wearing a new hat, as journalist, chronicler of the Operation Sun Devil and Chicago group raids on hackers and phone phreaks. His new book, Hacker Crackdown, is an account of these operations, which involved Secret Service and local police in raids on hackers and fellow travellers. Some may have been guilty of computer crime, but others, such as Steve Jackson, an Austin, Texas game designer, were innocent parties included for dubious reasons in operations that seemed designed less to catch criminals than to seize equipment, an attempt to disembowel the computer underground. I spoke with Bruce at the Austin Robot Group’s annual Robofest on May 16, 1992.

— Jon Lebkowsky


JL: What made you decide to abandon science fiction for a while in favor of journalism?

BS: Well, it was the Jackson raid. It didn’t take genius to recognize that if federal agencies were declaring that cyberpunk books were manuals for computer crime, that sooner or later there was gonna be trouble. And this in my own home town, no less, that was the real kicker. I just had to know what was going on. I felt that was too important a matter to be left in the dark about, I just had to get to the bottom of it. And while I was investigating it, I figured I might as well write a book about it, otherwise I would have wasted my time! [Laughs]

JL: Was that a big hole in your reality, to drop everything else? Or were you open at the time?

BS: Well, you know, I’m still a fiction writer, it’s my vocation. It’s not like I gave up reading fiction or that I no longer talk to my old friends. I had a lot of work coming out while I was doing this. The Difference Engine came out in the Unite d States, Gibson and I were on tour, I had speaking engagements, I was traveling all over, interviewing people for the book… No, it was not a black hole, by any means.

JL: So how did you approach the story from the time that you heard that Jackson had been raided? I heard that you immediately started mailing news clippings to people…

BS: I believe mailing lists are voodoo, I really do, they’re a very important thing. Being a ‘cyberpunk movement’ guy…the ‘movement’ consisted mostly of mailing lists, and I got called ‘Chairman Bruce’ because I was the guy who had everybody else’s addr esses. So I’ve always maintained quite a wide circle of correspondence, and, if anything, it’s wider now, because thanks to my investigations into the hacker business, I now have an Internet address and a FAX machine!

JL: So you immediately started getting the word out to people about what had happened…did you talk to Steve right away?

BS: Well, no, I didn’t, actually. I thought the whole thing was gonna blow over in a matter of days, or at most, weeks. It just seemed to me so utterly absurd that federal agents should come in here and seize this game designer’s computers…he’s such a h armless eccentric, he couldn’t conceivably pose any threat to the established electronic order [laughter]. At least that’s how it seemed to me at the time, but then the thing just went on and on, and there was just no end to it. And there were no answers, and there were no apologies. His machines were not returned. There were no charges, and there was no resolution of the situation.

I was doing a column for a British science fiction magazine called Interzone at the time, and I decided that I would do a column on Jackson, so I actually went down to Steve Jackson Games and interviewed some of the principals. I wrote up a blow by blo w account of what happened on March 1, 1990 [the date of the raid] from the point of view of the raidees. Then I printed that, and having come to discover just what had gone on, the enormous scope of it, the bizarrity of it…federal agents showing up in a white Chevy van before dawn and breaking their way into a place of business, a publisher’s place of business, and carrying off his computers…

JL: They visited Loyd Blankenship at the same time, didn’t they?

BS: Oh, they also raided Chris Goggans. Those two are fairly widely known, it’s the Izenberg case that’s not known very well. But all in all, they raided four different Austinites, carried off their machines, and none of these people were ever charged wit h any crime.

JL: Did you cover the Izenberg case?

BS: I interviewed Izenberg for my book, yeah.

JL: What exactly happened with Bob Izenberg?

BS: Well, Izenberg knew Terminus, Len Rose…he was involved in Len Rose’s circle. Rose eventually did plead guilty to misdeeds with AT&T software. These guys were Internet hounds, UUCP people, and they were trading a lot of UNIX software, some of it purp ortedly illegitimate. This was essentially an intellectual property infringement case. Rose was a heavy in the underground. He was not a Legion of Doom member, but he’d run bulletin boards for many years, and he’d written one of the first autodial program s for the IBM PC, one of these long distance code-hack things…

JL: Sort of like the autodial program used by the Matthew Broderick character in “War Games?”

BS: That’s right. He was a heavy hacker dude in underground computer circles. He also happened to work for AT&T…on the AT&T 3B2 computer, he was one of the experts on that. I believe that the Chicago Task Force had Rose figured as a dangerous individual , because he was an adult and because he was employed by a corporation. Now somebody like Goggans…Goggans is just, like, an *English* major, your typical swaggering college- age intrusion kid. Blankenship’s major offense is that he was LOD,and he was run ning a board, a pretty flagrant LOD board. He was inviting telephone security people to call in. That thing was a highly attractive nuisance, they just wanted that out of the picture. They did in fact get it out of the picture, Blankenship shut it down af ter the Izenberg raid…

JL: Was this before the Steve Jackson raid?

BS: Oh yeah, yeah. The Jackson raid was the last raid…the Jackson raid was the raid that was the most complete fiasco. Jackson’s machines did not have anything remotely hanky-panky-like on them. I mean, I have not seen the contents of Blankenship’s mac hine, I have not seen the contents of Goggans’ machine…I know that both Blankenship and Goggans were heavy people in the underground, they had a rep of being good at intrusion, and I’ve heard Goggans in particular boast about his prowess on several occa sions. They raided Goggans and they carried away his machines, but they didn’t get the best ones. He’d hidden them away. Whatever they got, he’s never been charged with anything.

JL: Has anybody from any of these raids ever been charged? Rose was…

BS: Yeah, Rose got sent to prison. Jackson was never charged, Izenberg was never charged….The connection in Dallas, ATTCTC “The Killer”…the guy up in Dallas named Charles Boykin who used to work for AT&T at their Consumer Technology Center at the Info Mart was tangentially involved in this because he was one of the informants to the police, but the fact that he was helping them did not prevent him from getting a lot of suspicion from Chicago. They had AT&T private security seize the machines out of his home and examine them for any sign of wrongdoing, and apparently they didn’t find any…at least they gave him back his machines in three days. They didn’t keep them for over two years without so much as a don’t call us, we’ll call you.

JL: How did the Chicago authorities get involved in Texas operations?

BS: Well, you know, that’s just the nature of computer networking.

JL: I’m talking about Bill Cook, et al…how did they have jurisdiction down here?

BS: Well, he’s a federal attorney…he’s an assistant U.S. attorney, so he’s a fed, and if he needs help, he can call on federal agencies for help, in this case the Secret Service.

JL: Were there ever any jurisdictional disputes?

BS: Well, I think there would have been, had there been any other law enforcement people who had the least idea what this guy was doing, but most police are basically clueless about computer abuse. The few police that are not clueless all know one another . I estimate there’s maybe 40 or 50 of them, although there’s new ones coming in every day. The thing is, it’s not so much that there aren’t police that can do this, the real bottleneck is in prosecutors. These crimes are hell to prosecute. It’s really ha rd to get a jury of twelve of one’s peers, and start in with “Well, this is what we call a bulletin board system…have you ever heard the expression ‘Random Access Memory?'” You know, that’s very tough. Sometimes it’s difficult to explain what these crim es are, and when it is explained exactly what is going on, judges just dismiss it, you know, the slap on the wrist. That’s one reason the hacker underground has flourished as long as it has, and has remained remarkably unmalicious for a criminal undergrou nd, because they’re simply not punished very hard. You can be a teenager, you can be into this, and somebody will show up and take away all your machines; you get real sorry about it, and you promise that you’ll never never ever do it again, and they say, “Okay, kid, you’ve got a high SAT and your parents have three cars, so we’re gonna let you off….”

JL: Seems like a day would come when this would reach some kind of critical mass, and there would be a kind of regulatory backlash if the right people were disturbed enough about it….

BS: Oh, I don’t doubt that that’s the case, I think that this was the situation the Chicago group and the Operation Sun Devil people both wanted to provoke. They wanted to prove that the underground was into something really hairy and awful, namely the de struction of the 911 system. This is about the worse thing a policeman can imagine, when it comes to telephone abuse. I mean, that’s the cops’ phone, right? 911, that’s cop phones. If “the underground’s into our phones,” that’s just too much.

JL: What’s the main difference between Operation Sun Devil and the Chicago operation?

BS: Mostly it was the tactics. Sun Devil was mostly Arizona, that was the assistant attorney general of Arizona, the now well-known Gail Thackeray, pretty much the motivating spirit behind Sun Devil. She was interested in bulletin boards. She was into pir ate bulletin boards, and she wanted to raid these boards because she felt that they were chock full of evidence and that they were just sort of neat things to have if you’re a cop. They’re worth owning, if they’re being used for criminal purposes, with cr edit card numbers and hot phone number on them. So she got her buddies nationwide, especially USSS, and a few of the dedicated computer crime units all pitched together and decided they were all going to go out and kick ass and take names on May 8, 1990. They set up loose coordination, and went out and seized every pirate bulletin board they could get their hands on, about 25 of them.

JL: Had they been infiltrating bulletin boards?

BS: Well, Thackeray had informants. There isn’t a hacker cop around who doesn’t have lots of informants. The minute you bust one of these guys, they just tell everything. They just spill their guts. I mean, a lot of them secretly idolize cops. Lots of hac kers are under the mistaken impression that they can grow up to be big-deal computer security experts and make tons of money, so if the Secret Service shows up at their door, they’re really overawed, they say “Wow, at last they’ve come to us!” I’ve actual ly had people tell me that. One Legion of Doom member said, when raided by the Secret Service, that his immediate impression was that they had come to him for advice.

JL: Some of the so-called “hackers” I’ve talked to discuss cyberpunk as a cultural meme. I always thought of cyberpunk as a short-term literary movement. What about the evolution of “cyberpunk” as an evolving culture, the Mondo 2000 sort of culture?

BS: There’s nothing I can do about it.

JL: How do you think that relates to the hacker aesthetic/hacker ethic?

BS: Well, it depends on what you mean by Hacker. I’m a great believer in the hacker ethic, as it were. I think empowering the individual is nifty, and I think the hands-on imperative is a useful way to go about things. On the other hand, I don’t think tha t computer intrusion really serves anybody’s purpose very much. Conceivably it might be useful, it might have been a nifty thing for the Rumanian underground to do against the Securitate, but you never see that happening. I don’t know of a single hacker c ase where somebody has broken into a government computer, or some big-deal computer system, and found some horrendous misdeeds going on, and then come out and said, “For you see, the Trilateral Commission is trying to destroy us with their mainframe!” Tha t never happens. They’re always breaking in on hospitals and universities and other sorta helpless institutions. It’s like computer viruses. The people who suffer most from computer viruses are not big deal heavy corporations. The suffereing are little pe ople, people who barely know how to operate their computers and have no idea of computer hygiene and computer security. Spreading viruses really plays into the hands of large organized groups with computers, because they know how to fix it, they’ve got gu ys on the staff full-time. It hurts the individual, it’s a very anti-hacker act to shove viruses around. Basically, when it comes to the underground, I have very little sympathy with a lot of their activities. They strike me as being silly and annoying an d very immature. Like other things teenagers have done throughout history, like teenage males doing peeping-tom stuff, or panty raids. When you’re doing a panty raid, I’m sure it seems really a cool, groovy thing, but once you’ve actually lost your virgin ity and seen panties in action [laughter], you no longer get completely bent out of shape about the amazing allure of this garment. So while I don’t think this is a good thing to do, I don’t think that people ought to be crucified for going on panty raids . I don’t think that going on a panty raid ought to mean that your entire life is forfeit, or that there ought to be whispering campaigns around about you for the rest of your life so that you’ll never be hired.

JL: How does the general paranoia about hackers fit into all this. Do you get the sense that the cops and other people who were involved in Operation Sun Devil and in the Chicago group didn’t really understand what they were dealing with?

BS: The people in the Chicago group, I think, were misled by their own propaganda. They were suffering from wishful thinking, and they really were sort of looking for reds under the bed. And who knows? There might have been reds under the bed! In t he Cuckoo’s Egg case, there were reds under the bed — we’re not kidding here, these guys were in the pay of the KGB! And that’s not a joke. And for all the Chicago people knew, the entire Legion of Doom was in the pay of the KGB. I know tha t people who were interviewed by Secret Service and so forth, one of the first things they asked was “Do you know people from foreign intelligence apparats? Are you a communist?” But you’re asking if the activities of the police are motivated through igno rance. No, I don’t think that’s the case. On the contrary, I think the police know a *lot* more than the people in the underground know. When it comes to paranoia, the sort of unthinking, knee-jerk fear fantasy, the underground’s a *hundred* times worse t han the police. There are people around who seriously believe that the Trilateral Commission runs everything. There’re people who are hackers who are *nuts*. They believe in UFOs, they take the Church of the Subgenius seriously [laughter]. There are peopl e out there who think that the NSA monitors every Internet post, and that the NSA has nothing better to do than read license plates from orbit. That’s just not the case. There’s plenty of silliness to go around…

JL: The early stuff I read about the 911 document was that it was actually a piece of software, that cops had been led to believe that software had been pirated. It turned out to be a document you could get for around ten bucks.

BS: You can’t actually get that particular document for ten bucks, but you can get all the information in that document, and plenty more, for ten bucks. You couldn’t get that particular document at all. The software thing, I think, was a conflation with t he Rose case. The press was confused when they were told that. The Secret Service in particular is an extremely closed-mouthed group, and there’s a bad mismatch between the Secret Service and policing bulletin board systems. The bulletin board systems are presses, they’re fairly open. Secret Service is well matched with something like credit card fraud, or wire fraud, or other kinds of embezzlement, because those are legal activities that require, or at least have always been associated with, very great discretion. When it comes to seizing bulletin board systems or other means of public address, it’s bad, because it’s bound to attract a lot of publicity, and the Secret Service just never gives publicity. And if you call a Secret Service office and ask what they have to say about their agency…call any other federal agency, call the Railroad Retirement board, for instance, and they’ll send you four cardboard boxes full of stuff about how great they are, but if you call the Secret Service, they have one kind of publicly available document, recruitment brochures. That’s it, nothing else.

JL: Did you talk to the Secret Service guys very much?

BS: I talked to ex-Secret Service people. I didn’t find anybody in Secret Service, who was still an agent, who was willing to really level with me. And I don’t blame them, to an extent. I think they probably would have been severely disciplined for talkin g to me had they done that. People who are out of the Service are sometimes willing to talk about it in retrospect.

JL: Have you drawn any conclusions about where this is going? Are they still raiding people, or have they cooled off since the Jackson case and some of the others turned out to be dead ends?

BS: It’s hard to separate the situation from the people who created it. There are so few police involved. Sun Devil was kind of a trompe l’oeil, really, because although it seemed huge, and the publicity was very big and sort of suggested that there was t his gigantic, massive, incredible thing, it was really done by only a few people behind the curtain, Thackeray foremost among them. Thackeray’s career was dealt a pretty severe setback, not so much by Sun Devil as by a bad state election, at least bad fro m her point of view. Cook’s career in law enforcement is pretty much over, he’s in private practice now. Cook had a shot at the brass ring, you know. He could have ended up running this new thing…I think the foremost reaction out of this whole thing is that the Department of Justice now has its own computer crime division. That’s being headed by this guy, I forget his name but they were talking about him at Computers Freedom and Privacy 2…he’s a new hire, and he’s supposed to be the federal czar of c omputer crime now. And I think Cook had a shot at that job. He was an ambitious man, and if he had carried this out…I mean, suppose that he had discovered that hackers were in the pay of the KGB, and that they did in fact have a plan to destroy the nati onal phone system. Or perhaps even that they had caused one of the four major telephone crashes that happened during the course of this investigation. This guy would have been covered in glory! He would have been the man who went out into the Electronic F rontier, a completely unknown situation, and collared the desperadoes and brought them back in handcuffs. It would have been a nine days’ wonder. He probably could have been state Attorney General, he could have cut himself out of the pack in a big way. T his could have been a really high profile prosecution, and he could have ended up like Rudolph Giuliani or something. A heavy dude! He had a chance, and I think he thought the odds were good, he got his ducks in a row, the horses started to gallop into the sunset, sweat was flying and dust was coming up…people were telling him all kinds of weird crap, and the situation just got out of hand. And basically he descended upon a peaceful Mexican pueblo [laughter]…

JL: Are you going to continue to write nonfiction?

BS: I’m trying to back off of the whole computer crime thing now. I know more about hacking now than any sane person should have to know. After the book comes out, I’m sure I’m going to get a lot of ridiculous phone calls from angry phone phreaks demandin g to know “Why isn’t my group in this?” They’re all glory hounds, every one of them has got his own scrapbook.

JL: You’ve been doing a lot of speaking engagements, too. Do you plan to do more of that?

BS: It depends on how the book goes. If the book is a big deal, I’ll probably be transformed into a recognized authority…you can see what happened to Stoll. Stoll is not a real computer crime expert, he just happened to be a thoughtful guy who wa s paying attention. So now he gets called to lecture and do all this stuff…I don’t want to do that, I really want to go back to writing science fiction novels.

JL: Have you got something in the works?

BS: I’m working on a new novel already. It’s going to be called Heavy Weather…it’s about hacking tornadoes in the early 21st century.

JL: I recall you saying that Hacker Crackdown would have a disk included.

BS: That’s still a possibility. There may be a disk given away with the promotional stuff. I don’t know what kind of promotional effort they really want to make, but I do plan to distribute the text of the book…I plan to publish the book to the Internet when it comes out in paperback, which will be about a year and a half from now. I want this book to be given away free for download.

JL: Is this something you want to disclose publicly?

BS: Yeah, I don’t mind talking about it now. At least I don’t mind talking about it to bOING bOING. I would point out to people who think, “Oh great, I can wait for the disk,” that it won’t have the handy index, nor will it have the handsome author’s phot o on the back flyleaf. [laughter] Plus, screens are a bitch to read, let’s face it. But, I don’t know, I might lose some money from doing this, but I don’t believe that every pixel in cyberspace ought to be made into a sales opportunity. I really felt tha t this was something I had to do in order to be a good citizen, something that I was sort of uniquely qualified to do, and felt a moral obligation to do. I would have done it, really, had no one paid me at all.

JL: Had you never been involved with bulletin boards, would you have been as interested in this story?

BS: I would have been interested in it, but there’s no way I would have devoted so much time to pursuing it. I probably lost a good novel doing this, I’ll die without having written that book. This has not been without sacrifice.

JL: You’ve been pretty active on bulletin boards for a long time. When did you start using BBSs?

BS: I think it was in ’86, whenever SMOF* went up. I was on SMOF. I’m not really that active on bulletin boards. The only bulletin board I use with any regularity at all is the WELL. I mess around in the UT Catalog sometimes, but mostly I just go down to the library and look at it. That’s not a system anyway, you can’t leave anything there. Boards are a very diffuse medium, it’s like listening in on phone calls…it’s like CB radio. I really need my information a lot more dense than that. I need bouillon cubes, I don’t need soup.

JL: Have you got strategies for filtering the information you pick up on bulletin boards and on the Matrix?

BS: When I call boards, I generally go right to their text files. I don’t bother to read commentary. And I’ll often find that there’s something of some use in the text files, and if there’s nothing there, that board’s going to be of no use to me anyway. M y best filter’s not even to mess with that particular medium [laughter]. If I want to know something about the Internet, I’ll read it in communications of the ACM…that’s a really useful document. Or RISKS Digest, that’s an Internet thing. That’s really useful.

JL: You’ve read John Quarterman’s The Matrix?

BS: Yeah, I’ve read The Matrix, I read “Computer Underground Digest,” I read “EFFector”, I read “Phrack.” I sometimes call the NIST Computer Security bulletin board in Washington, D.C., that’s a pretty good board. But I’m by no means a board hound. I write columns for magazines…I’m an author, I do words in a row. I also send FAXes [laughter].

JL: I recall hearing you talk to Steve Jackson about electronic books. You said you thought that they were just throwaways.

BS: Yeah, software is throwaways. Where is your Apple software right now? Where is your IIe software? Do you even know where it is? You know how much money you sank into that shit? What can you do with it now? Zilch. Nothing. People just don’t keep that s tuff the way that they keep books. It’s profoundly disposable. I’m not worried for the future of literacy, though. Some people think that nobody’s going to read books in the future. I think that’s ridiculous. You can learn stuff from books that you can’t get from video, period. For one thing, without books you’re not going to know anything about the past 5,000 years of history. They didn’t have video in the 18th century, okay, pal? And if you want to know anything about the 18th century and what went on i n it, say, why the American republic was started and what people meant when they wrote the constitution, you gotta know about books. You’re not going to get that out of a Hypercard stack, I’m sorry. And if you know that, you’re going to have something ver y valuable…not just culturally and artistically valuable, but practically valuable. Knowledge will forever govern ignorance. If you put a guy with 800 channels of tv next to a guy who knows how to go to a library and do serious research, there’s no ques tion who’s gonna know the skinny…

JL: Do you have any recommended reading?

BS: Well, yeah. I think people oughtta read bOING bOING [laughter]…and I think everybody oughtta get Mark Ziesing’s catalog, and get what he recommends.

JL: Lew Shiner talks about how he doesn’t read sf anymore. How about you?

BS: No, I still read the magazines with great regularity.

JL: Do you read novels very much?

BS: No, I mostly read shorter works. I’ll read a novel if I think it looks promising.

[At this point, we were drowned out by robot soul music…]

* SMOF-BBS, “The World’s First Online Science Fiction Convention,” has actually been operating since 1985. Sysop is Earl Cooley . Access: 512-467-7317 up to 9600b, 8n1.

Harvey Kurtzman

Harvey Kurtzman

I didn’t realize former suckster Joey Anuff was comicologist ’til I saw yesterday’s boing boing post about Joey’s Harvey Kurtzman collection. This warmed my heart and set a little fire in my eyeballs… I was a Harvey Kurtzman fan from the age of 7 or 8, when my brother wandered in with a ten cent comic book called Mad – actually “Tales Calculated to Drive You MAD.” Mad Magazine was a key cultural artifact in my world growing up… as was Kurtzman – we followed him to Humbug, then to Help Magazine, which was published by Jim Warren, who also published Famous Monsters of Filmland. How many young minds were destroyed and rebuilt by these guys? It was all pretty wonderful. He also created the great Harvey Kurtzman’s Jungle Book, and (with Will Elder) Little Annie Fanny for Playboy Magazine. Now Joey is “the owner of approximately 40 lbs. of blue-chip comic book art” from the Kurtzman collection. He also points to an upcoming book, The Art of Harvey Kurtzman: The Mad Genius of Comics The Amazon product description for that book tells you how important Kurtzman was and why you should know about him, if you didn’t already:

Harvey Kurtzman discovered Robert Crumb and gave Gloria Steinem her first job in publishing when he hired her as his assistant. Terry Gilliam also started at his side, met an unknown John Cleese in the process, and the genesis of Monty Python was formed. Art Spiegelman has stated on record that he owes his career to him. And he’s one of Playboy publisher Hugh Hefner’s favorite artists.

Harvey Kurtzman had a Midas touch for talent, but was himself an astonishingly talented and influential artist, writer, editor, and satirist. The creator of MAD and Playboy’s “Little Annie Fanny” was called, “One of the most important figures in postwar America” by the New York Times. Kurtzman’s groundbreaking “realistic” war comics of the early ’50s and various satirical publications (MAD, Trump, Humbug, and Help!) had an immense impact on popular culture, inspiring a generation of underground cartoonists. Without Kurtzman, it’s unlikely we’d have had Airplane, SNL, or National Lampoon.

The Art of Harvey Kurtzman is the first and only authorized celebration of this “Master of American Comics.” This definitive book includes hundreds of never-before-seen illustrations, paintings, pencil sketches, newly discovered lost E.C. Comics layouts, color compositions, illustrated correspondence, and vintage photos from the rich Kurtzman archives