On the first day of the sprawling RSA security industry conference in San Francisco, a giant screen covering the wall of the Moscone Center cavernous hall cycles through the names and headshots of keynote speakers: steely-eyed National Security Agency director Michael Rogers in a crisp military uniform; bearded and besuited Whitfield Diffie and Ron Rivest, legendary discoverers of seminal encryption protocols that built the Internet safe for communication and commerce. And then theres Moxie Marlinspike, peering somberly into the distance wearing a bicycle jersey and an 18-inch-tall helmet shaped like a giant spear of asparagus. It was the only picture I could find, Marlinspike deadpans as we walk into the building.
Even without the vegetable headwear, Marlinspikes wire-thin 6′ 2″ frame and topknot of blond dreadlocks doesnt fit the usual profile of the crypto worlds spooks and academics , nor RSAs corporate types. Walking toward the ballroom where hes set to speak on the annual Cryptographers Panel, however, he tells me its not his first time at the conference.
In fact, when Marlinspike built his debut visit to RSA 20 years ago, as a teenager, he wasnt invited. Lured by the promise of watching his cryptographer heroes in person, he snuck in, somehow snagging a meeting badge without paying the $1,000 registration fee. Subsequently, he made the mistake of handing it off to friends who were more interested in scoring lunch than in hearing about pseudo-random-number generators. They were spotted and kicked out. RSA organizers must have gone in so far as to report Marlinspikes mischief to law enforcement, he tells; year later he requested his FBI file and discovered a reference to the incident.
A middle-aged man in a sport jacket and jeans approaches us, carrying a Wall street Journal . He shakes Marlinspikes hand and thanks him for creating the encrypted messaging app Signal, which the man tells was recommended to him by a friend, a former FBI agent. Marlinspike looks back at me with raised eyebrows.
Signal, widely considered the most secure and easiest-to-use free encrypted messaging and voice-calling app, is also the reason why hes been invited to speak as part of the very same crypto Jedi Council he had venerated as a teenager. Marlinspike designed Signal to bring uncrackable encryption to regular people. And though he hadnt yet uncovered it at the time of the conference in March, Signals encryption protocol had been integrated into WhatsApp, the worlds most popular messaging app, with over a billion users.
I guess law enforcement should be difficult. And it should actually is the possibility to infringe the law.
For any cypherpunk with an FBI file, its already an interesting morning. At the very moment the Cryptographers Panel takes the stage, Apple and the FBI are at the high levels of a six-week battle, arguing in front of the House Judiciary Committee over the FBIs demand that Apple help it access an encrypted iPhone 5c owned by San Bernardino killer Syed Rizwan Farook. Before that hearing ends, Apples general counsel will argue that doing so would define a dangerous legal precedent, inviting foreign governments to build similar demands, and that the crypto-cracking software could be co-opted by felons or spies.
The standoff rapidly becomes the topic of the RSA panel, and Marlinspike waits politely for his turn to speak. Then he makes a far simpler and more radical debate than any advanced by Apple: Perhaps law enforcement shouldnt be omniscient. They already have a tremendous sum of information, he tells the packed ballroom. He points out that the FBI had accessed Farooks call logs as well as an older phone backup. What the FBI seems to be saying is that we need this because we might be missing something . Obliquely, theyre asking us to take steps toward a world where that isnt possible. And I dont know if thats the world we want to live in.
Marlinspike follows this statement with a statement that practically no one else in the privacy community is willing to build in public: that yes, people will use encryption to do illegal things. And that may just be the whole point. I actually think that law enforcement should be difficult, Marlinspike tells, appearing calmly out at the crowd. And I think it should actually is the possibility to infringe the law.
Over the past several years, Marlinspike has softly positioned himself at the front lines of a quarter-century-long war between advocates of encryption and law enforcement. Since the first strong encryption tools became publicly available in the early 90 s, the government has warned of security threats posed by going darkthat such software would cripple American police departments and intelligence agencies, permitting terrorists and organized criminals to operate with impunity. In 1993 it unsuccessfully tried to implement a backdoor system “ve called the” Clipper Chip to get around encryption. In 2013, Edward Snowdens leaks revealed that the NSA had secretly sabotaged a widely used crypto criterion in the mid- 2000 s and that since 2007 relevant agencies had been ingesting a smorgasbord of tech firms data with and without their cooperation. Apples battle with the FBI over Farooks iPhone destroyed any pretense of a truce.
As the crypto war once again intensifies, Signal and its core protocol have emerged as darlings of the privacy community. Johns Hopkins computer science professor Matthew Green recalls that the first time he audited Marlinspikes code, he was so impressed that he literally discovered a line of salivate running down my face.
Marlinspike has enabled the largest end-to-end encrypted communications network in history.
While Marlinspike may present himself as an eccentric outsider, his ability to write freakishly procure software has aligned him with some of the tech industrys biggest companies. For a hour he led Twitters security team. His is being dealt with WhatsApp means that the Facebook-owned company now use his tools to encrypt every message, image, video, and voice call that travels over its global network; in fact Marlinspike has enabled the largest end-to-end encrypted communications network in history, transmitting more texts than every phone company in the world blended. In May, Google uncovered that it too would integrate Signalinto the incognito mode of its messaging app Allo. And last month, Facebook Messenger began its own rollout of the protocol in an encryption feature called ” secret conversations ,” which promises to bringing Signal to hundreds of millions more users. The whole world is making this the standard for encrypted messaging, Green says.
So far, governments arent having much luck pushing back. In March, Brazilian police briefly incarcerated a Facebook exec after WhatsApp failed to comply with a surveillance order in a drug investigation. The same month, The New York Times revealed that WhatsApp had received a wiretap order from the US Justice Department. The company couldnt have complied in either example, even if it wanted to. Marlinspikes crypto is designed to scramble communications in such a way that no one but the people on either end of the conversation can decrypt them( find sidebar ). Moxie has brought us a world-class, state-of-the-art, end-to-end encryption system, WhatsApp cofounder Brian Acton tells. I want to emphasize: world-class .
For Marlinspike, a failed wiretap can entail a small victory. A few days after Snowdens first leaks, Marlinspike posted an essay to his blog titled We Should All Have Something to Hide , emphasizing that privacy allows people to experimentation with lawbreaking as a precursor for social progress. Imagine if there were an alternate dystopian reality where law enforcement was 100 percent effective, such that any possible offenders knew they would be immediately identified, apprehended, and incarcerated, he wrote. How could people have decided that marijuana should be legal, if nobody had ever utilized it? How could states decide that same-sex wedding should be permitted?
To some, Marlinspikes logic isnt quite as airtight as his code. Not all felons are tech masterminds.
He admits that dangerous felons and terrorists may use apps like Signal and WhatsApp.( ISIS has even circulated a manual recommending Signal .) But he argues that those elements have always had the incentive and ability to encrypt their communications with tougher-to-use tools like the encryption software PGP. His run, he tells, is to build those protections possible for the average person without much tech savvy.
To some, Marlinspikes logic isnt quite as airtight as his code. Not all felons are tech mastermindsthe San Bernardino killers, for example. Former NSA attorney and Brookings Institution fellow Susan Hennessey wonders who ascertain which lawbreakers deserve to be wiretapped, if not a democratically elected government? Americans have long agreed, she argues, to enable a certain degree of police surveillance to prevent genuinely abhorrent crimes like child pornography, human trafficking, and terrorism. We could set up our laws to repudiate surveillance outright, but we havent, she tells. Weve made a collective agreement that we derive value from some degree of government intrusion. A spokesman for the FBI, when asked to comment on Marlinspikes law-breaking philosophy, replied, The First Amendment protects people who hold whatever view they want. Some people are members of the KKK. Im not going to engage in a debate with him.
Marlinspike isnt particularly interested in a debate, either; his intellect was made up long ago, during years as an anarchist living on the periphery of society. From very early in my life Ive had this idea that the cops can do whatever they want, that theyre not on your team, Marlinspike told me. That theyre an armed, racist gang.
Marlinspike views encryption as a preventative measure against a slide toward Orwellian fascism that constructs protest and civil disobedience impossible, a threat he traces as far back as J. Edgar Hoovers FBI wiretapping and blackmailing of Martin Luther King Jr. Moxie is compelled by the troublemakers of history and their stories, tells Tyler Reinhard, a decorator who worked on Signal. He ensure encryption tools not as taking on the nation immediately but inducing sure that theres still room for people to have those stories.
Ask Marlinspike to tell his own tale, andno surprise for a privacy zealothell often answer with diversions, monosyllables, and guarded smiles. But anyone whos traversed paths with him seems to have an outsize anecdote: how he once biked across San Francisco carrying a 40 -foot-tall sailboat mast. The hour he decided to teach himself to pilot a hot-air balloon, bought a used one from Craigslist, and spent a month on crutches after crashing it in the desert. One friend swears hes ensure Marlinspike play high-stakes rock-paper-scissors dozens of timeswith bets of hundreds of dollars or many hours of his time on the lineand has never seen him lose.
But before Marlinspike was a subcultural competitor for most interesting man in the world, he was a kid growing up with a different and far less interesting name on his birth certificate, somewhere in a region of central Georgia that he describes as one big strip mall. His parentswho called him Moxie as a nicknameseparated early on. He lived largely with his mother, a secretary and paralegal at a string of companies. Any other family details, like his real name, are among the personal topics he prefers not to comment on.
Marlinspike disliked the curiosity-killing drudgery of school. But he had the idea to try programming videogames on an Apple II in the school library. The computer had a Basic interpreter but no hard drive or even a floppy disk to save his code. Instead, hed retype simple programs again and again from scratch with every reboot, copying in commands from handbooks to build shapes fill the screen. Browsing the computer section of a local bookstore, the preteen Marlinspike detected a transcript of 2600 magazine, the catechism of the 90 s hacker scene. After his mother bought a inexpensive desktop computer with a modem, he used it to trawl bulletin board services, root friends computers to build messages appear on their screens, and run a war-dialer program overnight, reaching out to distant servers at random.
Moxie likes the idea that there is an unknown, that the world is not a entirely surveilled thing.
To a bored middle schooler, it was all a revelation. You look around and things dont feel right, but youve never been anywhere else and you dont know what youre missing, Marlinspike tells. The Internet felt like a secret world conceal within this one.
By his teens, Marlinspike was working after school for a German software company, writing developer tools. After graduating high schoolbarelyhe headed to Silicon Valley in 1999. I thought it would be like a William Gibson novel, he tells. Instead “its just” office parks and roads. Jobless and homeless, he spent his first nights in San Francisco sleeping in Alamo Square Park beside his desktop computer.
Eventually, Marlinspike detected a programming job at BE-Aowned WebLogic. But almost as soon as hed broken in to the tech industry, he wanted out, by the routine of spending 40 hours a week in front of a keyboard. I thought, Im supposed to do this every day for the rest of my life? he remembers. I get interested in experimenting with a route to live that didnt involve working.
For the next few years, Marlinspike settled into a Bay Area scene that was, if not cyberpunk, at the least punk. He started squatting in abandoned houses with friends, eventually moving into an old postal service warehouse. He began bumming rides to political protests around the country and uploading free audio books to the web of himself reading anarchist theoreticians like Emma Goldman.