The Best Defense Against Rubber-Hose Cryptanalysis

The cypherpunks were wrong (but also right)

Cory Doctorow
10 min readMar 27, 2022


A medieval engraving of a prisoner being tortured on a rack; in the background is a waterfall effect from The Matrix.

Listen to those who extol the virtues of blockchain and cryptocurrency and pretty soon, you’ll hear about the power of cryptocurrency to resist tyranny.

This isn’t a novel claim: the cypherpunk movement of the early 1990s (widely acknowledged as the intellectual and technological forerunners of the cryptocurrency movement) made strong claims about the political power of cryptography: namely, that unbreakable codes could transform the relationship of people to the state.

The cover of Wired 1.2, depicting three cypherpunks in white masks holding a white flag. The cover text reads “Rebels With a Cause (Your Privacy)”
Wired Magazine 1.2

They weren’t alone in making that claim. Indeed, cypherpunk ideology was a counter to the ideology of the US spy apparatus, primarily the NSA, who claimed that cryptography would enable a quartet of socially corrosive evils: child pornographers, mafiosi, terrorists and copyright scofflaws (these were invoked so often that they came to be known as “the four horsemen of the infocalypse”).

American spies — and their colleagues in other “free” nations — were adamant that social stability required the power to spy on any electronic communications, at will. Later, after the Snowden revelations, it became clear that their real agenda was spying on all electronic communications, and retaining them indefinitely.

A portrait of Edward Snowden, his face half in shadow.
Freedom of the Press Foundation/CC BY 4.0

The strongest version of the cypherpunks’ claim was that unbreakable ciphers could make the state both obsolete and largely harmless: self-organizing, cryptographically protected communities would be immune from state spying, and thus state control.

The state, for its part, seemed to concur. The NSA fomented drastic anti-cryptography regulation, classing mathematics itself as a munition that civilians could neither possess nor “export,” a verb that took on a new expansiveness with the advent of the nascent internet, which made “export” synonymous with “publish.”

The NSA’s goal of keeping working cryptography out of public hands was indeed thwarted, but how it was thwarted is a fascinating and instructive tale.

The NSA argued that Americans could rely on a weak cipher, DES (which the NSA was widely understood to be capable of bypassing), to keep themselves safe from criminals, identity thieves, industrial espionage, and hostile foreign governments.

DES Cracker circuit board fitted with Deep Crack chips.

This was demonstrably false. A $250,000 computer, Deep Crack, made short work of DES, proving that the NSA was putting the personal data of Americans and the internal records of US government agencies and corporations at the risk of organized crime, other nation-states, and anyone with $250,000 to spend on some specialized hardware.

But this didn’t settle the matter. The NSA — and the officials charged with keeping cryptography out of public hands — ignored the evidence and maintained their prohibition on uttering certain mathematical precepts in public.

What won the day for cryptography? A First Amendment lawsuit, Bernstein v. DoJ, which established that code was a form of expressive speech and entitled to Constitutional protection.

In other words, the thing that beat back the dangerous, authoritarian impulses of the most powerful spy agency in human history was the rule of law, which prevailed where technical arguments, business lobbying, and new technology failed.

The cypherpunks were wrong.

But also, the cypherpunks were right.

The rule of law is a bulwark against tyranny, but so is privacy. The rule of law works well, but it fails badly. When the state decides to ignore its own laws, we need a private place where we can organize to force the state to seek the consent of the governed.

Cryptography is a game-changer. With unbreakable mathematical ciphers, we can construct messages that can only be decoded by their intended recipients, no matter that our adversary has all the computing resources in the universe to throw at the problem (literally: the photo you snap with your smartphone is converted to a cryptographically scrambled file in an eyeblink, but you couldn’t brute-force the key to descramble it, not with all the time remaining in the universe, not even if you converted every hydrogen atom into a computer that did nothing but guess and guess and guess).

That means that the public has more theoretical power to resist state scrutiny than at any time in human history. But that, in and of itself, cannot beat back tyranny.

First, there is the attacker’s advantage. For you to perfectly defend your cryptographic privacy, you must make no mistakes. You must have perfect math, implemented in perfect code, on perfect hardware. You must choose a robust passphrase and never expose it to a third party (say, by keying it in within sight of a hidden camera, or where a sneaky keylogger can capture it).

Not only that, but everyone you communicate with has to be perfect, too — security is a team sport, and if your fellow dissident has a weak passphrase that reveals the contents of your group chat, it doesn’t matter if everyone else in your cell practiced better secrecy hygiene.

The defender has to be perfect, but the attacker need only find a single imperfection. For a spy agency to attack you successfully, they need only wait, and wait, and wait, until you slip up. You will be tired, hunted, demoralized. They will have well-paid operatives who rotate off shift every eight hours and can rewind and review their intercepts when their attention wavers.

Given enough time and a sufficiently powerful adversary, any cryptographic digital rebellion will be compromised — eventually.

But that’s only the half of it. A powerful state, unconstrained by the rule of law, doesn’t have to install a keylogger, or subvert a standard, or develop an exploit.

They can just kidnap you and torture you until you reveal your passphrase.

The cypherpunks understood this risk. In 1990, Marcus Ranum coined the term “rubber-hose cryptanalysis” to describe an attack on a cyphersystem that relied on coercion, rather than mathematics, to defeat digital security.

The best defense against rubber-hose cryptanalysis is the rule of law. Indeed, it might just be the only defense.

It’s been more than 30 years since the cypherpunks began to discuss the political possibilities for strong cryptography.

In those decades, we have seen a global breakdown of rule of law. As inequality mounted, the world’s wealth was gathered into ever-fewer hands, and the power of the wealthy to suborn the state to their will grew.

A pair of handcuffed hands sticking between prison bars, with the Chevron logo in the bottom left corner.

Chevron committed genocide, then jailed the lawyer who held them to account for it. Russian oligarchs used UK libel law to silence the journalists who reported on their dirty money. Pharma colludes with its regulators to murder people with price gouging. America’s largest bank commits crime after crime after crime.

The common thread in all this corruption is financial secrecy: trillions slosh through the world’s onshore and offshore treasure islands, converted into political dark money that pays for the bribes that ensure that the only laws that pass our legislatures are those that favor the wealthy.

Amid all this, the world’s spy agencies and authoritarians continue to press for an end to cryptography (for us, not them). Both despots and allegedly democratic rulers agree that it should be illegal to have secrets they can’t read.

These leaders understand that the cheaper it is to oppress people — the easier it is to spy, to kidnap, to imprison, to neutralize — the more they can get away with.

In other words, there’s a straightforward max-min problem that trades off corruption for guard-labor.

Every misery you inflict on the public must be offset by some measure to stop an angry mob from building a guillotine on your lawn. The cheaper it is to neutralize your victims, the more misery you can safely inflict and the more privilege you can assert.

Corruption relies on financial secrecy.

Corrupt governments are not accountable.

Human rights depend on accountable governments.

Note that this doesn’t mean that ending financial secrecy will end corruption. Far from it.

Some financial privacy fights corruption. For example, financial privacy enables closeted gay people can donate to a campaign to decriminalize homosexuality without exposing themselves to criminal sanction (see also: pot smokers donating to a campaign to legalize pot). It also provides a conduit for funding dissident media outlets where these are banned.

But remember the attacker’s advantage. In the long run, the only defense against a corrupt state is to force it to recognize human rights, not to construct a cryptographically protected, eternally sealed demi-monde defended by unbeatable ciphers.

If your dissident journalism does not provoke reforms or if being gay remains a felony, then you will eventually slip up and reveal yourself to your state adversaries. Your movement can’t be big enough to effect change and small enough to avoid a single screw-up.

The only sustainable countermeasure against rubber-hose cryptanalysis is the rule of law.

The primary role of cryptography in human rights struggles is not to exit from society, but to provide a robust, temporary shield for those who would reform it.

The world has a financial secrecy problem. On the one hand, we don’t have enough financial privacy for social movements. The inability to pay for media without identifying ourselves is a quiet, profound change to the composition of our discourse.

The ability to read, talk, watch and listen is a necessary precondition for social progress. All of our most meaningful liberatory notions started life as dangerous secrets, and if every participation in culture creates an indelible record, then only those who are either so privileged or so reckless that they do not fear sanction will encounter these ideas.

More likely, the only dangerous ideas that spread will be those with wealthy backers who subsidize messages that serve their interests, keeping that media free of charge so that no one need identify themselves by paying for it.

We won’t solve this problem with immutable public blockchains (where a single screw up will eventually re-identify all your pseudonymous transactions). We also won’t solve it with surveillance-based advertising that subsidizes all media by nonconsensually de-anonymize every member of every audience.

To be honest, I don’t know how to solve it. Banning surveillance advertising and replacing it with contextual ads would be a start, but just a start.

And for that to happen, of course, we’ll need lawmakers who side with the public interest.

Which brings me to the other problem with financial secrecy: dark money and its role in undermining the rule of law. Dark money funded the dismantling of tax on the wealthy and anti-monopoly enforcement. Today, we have monopoly-funded billionaires who keep the dark money faucets open, doing everything they can to make guard labor cheap, and corruption profitable.

They are probably immune to rubber-hose cryptanalysis, because they have something even better than the rule of law. They have the golden rule: Them that has the gold makes the rules.

Can cryptocurrency resist tyranny? Sure. Of course it can. It’s not hugely practical for this purpose, but cryptocurrency has some utility in defeating financial censorship.

I was raised on my grandmother’s tales of her girlhood in Leningrad and the boxes of barter-goods an uncle in the USA would mail to her. This was a hugely inefficient way to transfer financial aid to a distant relative, and there are probably people living under despotic rule for whom cryptocurrency transfers would be easier to convert to useful goods than unreliable deliveries of barterable trinkets.

But any accounting of the peripheral role cryptocurrency plays in fighting despotism has to also include the central role that financial secrecy plays in promoting despotism.

Cryptocurrency — and other unregulated financial products —have decentralized many bank-like functions, but they have only increased the centralization of wealth.

When it comes to the rule of law, that is the only centralization that matters. For governments to be accountable to the public, they need to be reliant on the public for their legitimacy.

The best defense against rubber-hose cryptanalysis is a political process that answers to voters, not donors. Every billionaire isn’t merely a policy failure: every billionaire is an engine for producing policy failures.

The use of cryptography to sideline institutions only exacerbates our problems. The only people this benefits in the long term are the corrupt — the people who don’t have to fear rubber hoses because they get to order their use.

The only way the rest of us improve our lives with cryptography is to use it as a temporary, provisional shield to shelter our organizing to redeem democratic accountability, not abolish it.

Cory Doctorow ( is a science fiction author, activist, and blogger. He has a podcast, a newsletter, a Twitter feed, a Mastodon feed, and a Tumblr feed. He was born in Canada, became a British citizen and now lives in Burbank, California. His latest nonfiction book is How to Destroy Surveillance Capitalism. His latest novel for adults is Attack Surface. His latest short story collection is Radicalized. His latest picture book is Poesy the Monster Slayer. His latest YA novel is Pirate Cinema. His latest graphic novel is In Real Life. His forthcoming books include Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid (with Rebecca Giblin), a book about artistic labor market and excessive buyer power; Red Team Blues, a noir thriller about cryptocurrency, corruption and money-laundering (Tor, 2023); and The Lost Cause, a utopian post-GND novel about truth and reconciliation with white nationalist militias (Tor, 2023).