And there’s more!

I always feel a bit bad shooting music on a DSLR rather than on a Zoom Q3 but I didn’t have the right camera with me. The audio quality is acceptable, but you’ll want to play things pretty damn loud to get any sense of how the room felt.

One of the best evenings of intimate live music I’ve ever seen. We should do this again. Can we get Andrew Clarke out to the next one?

Rock.

Oh, and the music was so good I almost neglected to mention the stew which was, and I say this to you as a fat man, excellent. More of that too.

Musicians – song titles in the comments and I’ll update things.

Why? I don’t know. I can’t seem to get settled anywhere in the world. I was happiest wandering in America, backpack and social network, occasionally spending weeks camping alone in the back country, the infamous hobo sections, Burning Man, the world. I am a traveller.

But although I’ve crawled over many, many inches of America (sometimes literally) I’ve never done the rest of the world – didn’t get to Africa, only a touch of South America, haven’t been to India since I was three. Even my Europe is pretty limited! And then there’s China to consider.

To simply pick up and go, repack the life into a carry on bag, and take off. I suspect I could pick up quite a bit of perspective along the way, maybe make some notes for a book, meet a lot of interesting people.

I’m failing to ground in London, and while I love Ireland, it’s cold. I’m going to head back there for the summer 90% odds, but I’m not wintering in a cold country this year, it’s just not good for me.

So it may be time to take the show on the road, go see some of the world, and learn what’s out there.

I really want to go.

There’s also a certain “last chance to see” quality to a lot of this, too, that the world won’t look this way long, and I’d like to have seen these places before gas gets too expensive, I get too old, and life gets too complicated. And I travel well.

Perhaps its time.

The crew of Spaceship Earth are largely holed up in Engineering and down to the last rations, occasionally losing members to bloody, fruitless combat with passengers who believe that any interruption to their Vacation Cruise because of minor contingencies like hitting an asteroid or breaking the lifesupport system should be treated as a grave mortal threat and met with violence.

I’d like you ask you to consider rerouting some of your productive capacity to taking the actions necessary for the continuation of the human species, and the continued existence of all life on this planet. The social structures we used to use to organize these goals have always basically sucked, but it did not matter very much until we invented atomic bombs and started to scour the earth and pollute the skies. Now we are in urgent need of an immediate cessation of destructive activites, and as many as a third of the passengers are in urgent need of medical assistance or resupply and that number is expected to rise sharply if fighting breaks out about forthcoming problems in ration supplies and energy availability.

There are several plausible strategies for an immediate cessation of hostilities between passengers and crew, and indeed between passengers and passengers. You could implement realistic pricing within the market economy, using government action to make what is irreplaceable simply unaffordable. You could implement a green planned economy in socialist states. But the surging mass of humanity believes itself to be in a position that it is not: a position where the future will be better than the past, and where one’s children or one’s children’s children will live in a substantially better manner to than we do now.

The reverse is likely true. Structural damage to lifesupport and teeming population mean the yield of natural resources supporting our species is dropping sharply as our population rises. What can be scavenged from the surface or by digging up areas of the ship has been made use of, and is a steadily less productive activity. In short, things may well be largely worse rather than better without action.

The so-called Deck Courts are small local jurisdictions on many decks, claimed by bands of passengers attempting to keep order, enforcing laws which protect only the interests of inhabitants of that deck.

However, these Deck Courts are making many areas inaccessible to engineering, and inter-deck rivalries are squandering yet more of our precious capacity, talent and resources on action which not only will not protect the ship, but reduces all of our chances of survival. Worse still, armed Ship Security personnel have become embroiled in these fruitless conflicts, which presents a danger to all passengers and crew. Heavy weapons intended for ship defence are unsuitable for settling political issues between passengers.

Please attempt to support the action of Engineering to restore adequate life support to all passengers, raise the shields, restore navigation and ensure our flightpath is safe.

A word of advice to our younger passengers. This is a generation ship. You were born on it, and most of you or all of you will die on it, eventually. For us to lose life support and become a meaningless husk without navigation, crewed only by a few passengers in isolated pockets of air is an unworthy end for emissaries of life.

Do not allow the old to bury the young.

The time has come to start working backwards from the future we choose, rather than simply managing our day-to-day affairs in fits of expediency. There is simply no point in being the most popular passenger on a morgue ship. It is necessary to clearly envisage a future in which life support has been restored to all passengers, and we are safely on our way into the future, together.

It is clear that with these goals in mind, practically all of our pre-existing expedient political structures are irrelevant. They simply do not have the necessary mandates to undertake the work at hand: a 4 year popularity contest cycle for leadership of a Deck Court is in no way a substitute for an efficient, functional ship’s crew.

Furthermore, an attempt to restore ship security by an assembly of deck courts has clearly failed to provide adequate support to Engineering and the remaining crew. A ship cannot be managed by consortia of feuding decks.

Were the spell broken, which blinds people to the fact we are standing on a ball of rock flying through space and time, covered in a precious sheen of green moss and transparent water, perhaps we could get our acts together and sort things out.

The reports from Engineering are excellent: they can fix this, given resources. However, the persistent mythology that the ship is a component in an alternate reality game where “good” and “evil” war for non-existent tokens called “souls” is making it extremely difficult to get solid attention and cooperation from passengers with the Crew and Engineering to stabilize life support, never mind navigation. If any of you are unsure about the actual operating conditions please look up during the hours of darkness into the infinite void in which we shine.

Our home is the stars, and if we survive, we will be there soon.

Acting Captain Gupta over and out.

This is Soap Guy. He makes soap. He doesn’t just make soap, he makes political soap. Soap so good it makes you question capitalism. Let me explain.

Alex Fradera gave me a bar of soap he’d made with his own two hands, after going to Soap School, and it was amazing. It was, to me, like the experience people have when they describe organic mangos fresh off the tree at the peak of ripeness. The soap was right. After you washed with it, hair and skin felt both clean and smooth and supple, not dried in the least. It was a life-changing bar of soap!

I said Alex, this soap… why?

And the answer is fascinating. Commercial soap – even from places like Lush – is not “whole soap.” At one point in the process they skim off the all-important moisturizing ingredients like glycerin and use them in the cosmetics trade at huge markups, leaving your skin dry and your wallet empty as you buy additional products from their supply chain. It’s like peeling all the good stuff out of food, and selling you empty corn syrup and vitamin pills. Whole soap, real soap, is like organic food for the skin. It’s an amazing thing, and you can tangibly feel the difference immediately.

Soap Guy’s name is Daniel Knight. He’s been doing this for years. He’s got personal friends down his supply chain, goes to Africa to buy shea butter and essential oils from people he knows personally. He makes the stuff himself, in his kitchen, and his sister is an industrial chemist. They really know what they’re doing, and they make great soap. You can go and visit them in Camden Market – they’re on the upstairs floor of Camden Lock, the big building by the water, it’s easy to find! The stall is inside on the gallery level, talk to Daniel, smell some soap and buy it.

You don’t hear me talk about things this way very often. But you really need to try this soap, and you need to understand just how much value is being taken out of our lives by money-grubbling industrial efficiency. To me, real soap is kind of a symbol of living right, in much the same way that organic food is for many people.

The difference is, it’s three quid a bar.

Treat yourself. Get down to Camden Market, and meet Daniel, who makes real soap.

(I am not affiliated with http://read-the-label.co.uk in any way, I just think they make great soap.

So what can I tell you? As you know, a hundred people wrote for the book. I wrote a couple of pieces, one or two other people wrote a couple of pieces, but it’s basically a hundred different perspectives. It’s shocking, jarring, powerful stuff. The common experience is that it’s so dense (the pieces are a page each, more or less) and the ideas so packed that after reading a couple of pieces you need to put it down and do something else while it assimilates. I feel like we might wait most of a year before decent reviews come out because it takes that long to assimilate it.

I waited. This is the hard part to explain. We had most of the material in place a year ago, and I had some grand ambitions. They were twofold. Firstly, I wanted to write a long sense-making introductory essay picking out common threads and deep ideas, spinning a coherent narrative from the pieces people had given us. Secondly, I wanted to run some workshops on the book, using the ideas in it as starting points for conventional futurism.

I failed in both of these, and that’s why you should read the book. Here’s the lesson: when you actually talk to people in depth about what they want in life, it’s not possible to approximate a useful truth from it. You blur it, you build categories, you can pretend the pieces join.

But when you read the source data, the world stops for a while. The experience is gazing at the world through a hundred different lenses, peering into hopes and fears, closely held, tightly expressed, beautifully composed in many cases, and slowly dawns the insight.

We have no idea where we are going or what is going on.

There’s the stuff we know about global warming and population and resource scarcity, that part of the future we understand. But there is a human factor beyond all that, something within us that you have to ask the right questions to see. I did not know, when I said “the future we deserve” that I’d hit on a key which empowered people to get in touch with their deepest hopes (and fears) for humanity and the world, and speak with authority for themselves and our race.

This book has soul.

It’s free. Please read it and pass it on.

And now a note about our authors. Thank you so much for writing such amazing things. I’m contacting people slowly, sort of relishing the opportunities to say “hey, it’s done!” and touch base, see how life has been. It’s been really good working with you. Together we’ve built something amazing, something that really touches people. These are your words, not mine! There will be a directory with short bios, twitter handles and so on soon. Please give us a chance to sort out the wiki namespace issues first, though!

I’ll write a little more about the crowdfunding side a little later, that’s a story in itself too. You are deeply appreciated, and gave me the time to do this.

And, dear reader, this is not a passive process. I’m going to build out some tools, basic, perhaps, but enough – to start a conversation where we can, perhaps, follow up these seeds of thought and expand on their theses and create real change on the basis of the ones we liked the most. Just exposing some of these ideas to a wider public may be enough to catalyse change in our sense of the possible. Join the process: read a book, let go of the old realities, and change the world.

Thank you all. I hope the next book, provisionally titled The Present We Have won’t take a year!

Blessed.

The bottom line is that learning a new perspective on life is difficult. It took the best part of two years of conversations to really shake out the core insights of collapsonomics, and those core insights have become key cultural generators of a variety of projects that the collapsonomics gang have undertaken, from urban regeneration through to large scale risk management and including one-step-removed projects like Dark Mountain and the Gupta State Failure Management Archive.

There’s simply no quick “start here” to absorb that model – we can write about it, but even a very good book on the subject (and one has not yet been written as of 2012!) is only a small part of the jarring shift from “wait, this is all going to be ok, right?” to “we’re mid-way through an unstoppable process of change, and this is how we should see and feel those fluxes.” We’re basically making a week in which people can come, unpack their sense of the present, and re-see themselves and their lives in light of the real situation.

That real situation is not simple. It’s not cut-and-dried economic analysis – we are not forecasters. Rather it’s about understanding the past, from the industrial revolution and colonialism, to the present, with infrastructure, trade and supply chain volatility as core parts of how the world works which we are trained not to see by the constant, brightly-lit, ever-available stream of products at every supermarket. Collapsonomics is about understanding that this bounty is vulnerable, that people like us all over the world have gone from having it to not (and sometimes back again!) and that, at a core level, our identities must be free of our roles within late-stage capitalism.

We must learn to be ourselves within and without this economic game, and our course is about that reality.

There will be three main areas that I’ll be focussing on, and I’ll take the risk of speaking for Dougald a little on this too. The first is modelling our critical infrastructure and supply chains – really seeing the water and the power and the food supply as systems, and understanding our personal technical and emotional relationships with them. Then there’s the social side of the economy (Dougald’s models of the social functions of money, and the transformation in society and wealth from the 15th or 17th century onwards.) Finally, the acceptance of loss and inevitable change as the price of not living with our heads in the sand, waiting for the end – rather, a continuous engagement with the rough seas of life, a falling-with the processes, rather than a harsh resistance to change. The idea is to teach you models which reflect the practicalities of life in an engineering sense, and the historic and cultural realities of the way people live to allow you do your own analysis of situations as they change and unfold around you. We are not tied to one way of seeing the future, so it’s important to show you how to feel the bones of the present and past, to enable you to do this for yourself every day as things move forward.

It’s only crushing to lose a Mercedes if you thought you deserved one.

So come to our workshop at Schumacher, get an intensive insight into how we do things, and learn all the things you could have learned down the pub with us, if only you’d been in London for the past few years, and had the time to spend. We’re not private and protective about this work, we teach it everywhere we go, but this is a time and place for extensive exposure for people who’ve followed us on the internet and want the face-to-face time to learn and absorb.

It’s the first time, we’re giving it our best shot, and we’ll hope to see you down there. Please sign up today if you’re coming!

Here’s the video we made discussing the course. See you there!

The new-new thing at EdgeRyders is that map. We’re building a map of what’s going on, where the sites and stories are which show the new peeking through the cracks in the old, where the action is.

You can sign up to edit the map. That’s actually pretty bold – we’re crowdsourcing a map of the New Europe and, indeed, the New World, and it’s a government-funded project.

Remarkable, isn’t it?

I’ve been rattling on a lot about EdgeRyders, trying to get people to participate, for a while. It’s hard to actually convey why it’s important, why it’s got to work, but I think I’ve figured out how to make the case in a new way.

EdgeRyders is an example of Government acting the way we’d like them to act. It should be encouraged.

The team are… well, I’m one of them. Alberto’s in the Italian Chumbawamba. Nadia brings an arc welding rig to lunch. Hubsters, anarchists, Candian-French, East European, of the system, in the system, anti-system all working side-by-side because…

And this is the part I haven’t been able to articulate until now…

Because the government of Europe is doing some of the things we always wanted government to do.

Imagine if the UK government had an official project to showcase and highlight the best and most interesting “new mainstream” (as Dougald Hine would call it.) Compare EdgeRyders to the NESTA list of Britain’s New Radicals, a hackneyed collection of genuinely interesting people chosen in the most boring possible way: “selected by a panel of expert judges”. The NESTA 50 is the self-replicating nature of the British establishment made manifest, old-establishment figures picking new-establishment figures, passing the torch of blessed authority and screening out anything that was too radical, didn’t look good, or would have made it too hard to get the blessing of their political leadership. Here’s the EdgeRyders coverage of Romanian anti-ACTA protests – on a Council of Europe funded web site, by god. Radicals?

This EdgeRyders thing is genuinely good work done by a government body. This is what I mean about “government acting the way we want it to act.”

But it’s a small project, it’s a tentative first step, but it’s important. A clear win will result in more of this kind of genuinely communicative, collaborative engagement. A middling result may result in same-old-same-old for the next five years, until another breakthrough occurs.

So I’m asking for a bit of civic engagement here. We’re all so used to crap government efforts online, with vague, half-hearted attempts to connect and understand what’s happening in the real world, with projects run by people who don’t give a damn.

This EdgeRyders business is different. It’s sort of like an Official Superstruct, an in-house Urgent Evoke – it’s a State-level actor waking up and saying “Internet? That’s where the cool people are?”

To make the point that we’re here and we’re willing to play, to make it clearly and unambiguously, to show support for the concept of open government collaboration at the European level, we need about ten times the amount of engagement we have now by the end of the project. If we had about 10,000 users, about the same size as Superstruct or Urgent Evoke, there would be another, and another, and another, and we might have found a way of getting our collective voice into play at the Council of Europe and beyond, in a fully internet-native way.

Ask not what the Internet can do for Europe, but what Europe can do for the Internet

To get there, what we need is democratic engagement outside of the voting booth – this is a chance to engage with government on our own ground, to tell our stories, to make examples known, to highlight resources – to shape the discourse, to make our voices heard.

It needs us to show up.

I’ve had a really good time the last two weekends attending The Event Leila Johnston’s talk series on absolutely catastrophic risks (think cosmic rays, supervolcanos and worse.) I did a talk called complexity kills on understanding risk and Simple Critical Infrastructure Maps.

Download the talk, slides and Dealing in Security. They are also embedded below.

The Gupta State Failure Management Archive has a lot more of this kind of thing. Download a copy, you never know when you might need it.

Dealing in Security – understanding vital services and how they keep you safe

Here are my slides.

(You may well want to read the two previous blog posts which go along with this one to understand the whole mindset behind this piece, but that’s about 6K words total, so… On Undesigning the Cryptographic Utopia and On the Ethics and Pragmatics of Cryptography)

So here’s a problem to solve: peer caching of HTML5 video objects. I’ve got a few of these: the #TRUTHandBEAUTY video archive. Suppose that the Jamais Cascio talk on solving global warming with Geoengineering goes viral? I’m hosting 500mb of files, multiplied by 80,000 viewers, that’s 40,000 gigabytes, 40 terabytes. I’m not sure than when Dreamhost says “unlimited” they mean 40 terabytes unlimited. So I could move them to Archive.org, but that file is CC-BY-SA-NC. Vimeo and Youtube and Blip won’t do such a long file, and advertise all over everything in some cases, so… let’s just say hosting this stuff myself is the current paradigm, and hoping that people who Slashdot also mirror.

Now, why is this a crypto problem? We can’t reasonably expect every human to make a legal assessment of every file they want to help host. It’s simply unreasonable: the transactional overhead of examining every file for Copyright and (by god) even Patent infringement is too great for Youtube and all the other Common Carrier services, like your ISP, and it’s too great for you and me. But not having savage lawyers fighting on our behalf, we have to try something different.

Question: is an encrypted file that I cannot read copyright infringement if another person downloads it and decrypts it into a copyrighted file on their machine? What if I have absolutely no idea about the contents? How far do we have to push this argument (say I’m only holding 1/8th of the bits?) before we wind up with a “no infringing files here, Officer” cache? We can legally design this. Google might even help.

So now I’ve got my 500mb .ogg file. I have a utility which cuts it into some set of known-safe sections. In my case it’s a .ogg which is OK to redistribute, but even if it was copyright infringing, it’s all OK for now because we’ve cut it into non-infringing lumps and stored them too. We’ve probably doubled our file size in the process, but we’re going to live with that problem for now. So your web browser is the next obstacle.

You download the .ogg – no problem. I’m getting hammered, rather than serving you the .ogg, I want to be able to serve you a redirect. I don’t just want to serve you the redirect, though, I want to serve you a metadata file which your browser turns into a “go git ‘em” strategy not unlike a politically sophisticated Bittorrent. Now this implies a browser plug-in or a proxy that sits on your machine and grabs URLs of the format http://cache.cache/

These are not evil pieces of software to write, particularly after Bittorrent, so let us continue down this path.

Let’s assume, for a moment, that caches are social and work like currency. I have 10 or 100 friends. They have web sites. They set up a subdomain, cache.yourname.com, and a robot sits there. If my site (and not somebody else’s site) pushes a file over there by HTTP with appropriate passwords, the cache robot takes a non-infringing set of files. On request it returns them by HTTP, as it would any other file, up to a preset limit between us which is likely based on your web host’s policy, your degree of good will towards me, and how much traffic you’ve seen so far.

If you’re particularly well-intentioned you have 10 or 100 friends, and if my file is really, really moving, you ping them and ask if they’d be willing to carry a slice of the file. And, after all, you have no idea what’s in it, and in fact whether it originated on my web site, or whether I was simply carrying a cache file for somebody else, and decided to spend a little of my capital with you by passing on this slice of popular content to you.

It’s a little like Bittorrent, with a couple of key differences.

1) You don’t know what you’re carrying because it’s hacked up into lumps (Freenet-ish)

2) The social network of people sharing cache responsibilities is hardcoded, it’s a social/trust network, rather than being the swarm of people currently downloading a file.

These are politically rather than technically important distinctions, and we’ll get to the reason for making them later.

So now we’ve got a METADATA format, and a simple protocol for moving LUMPs of files across the network to be served by cache robots. Robots presumably have half a dozen or so operations, roughly:

* catch a file
* ask a neighbouring node to cache a file
* serve a file (actually this is probably just HTTP via Apache or whatever)
* expire a file that we don’t want to serve any more
* manage bandwidth (“no more files this month”)
* communicate status to various humans and robots

Now, let’s discuss liability again.

Let’s say we’ve moved beyond mere copyright infringement, and we’re dealing with CP. So now we’re in a domain where even holding a chunk of something, and simply saying “got no idea, gov” is not enough – it’s morally repungant to be aiding and abetting in the distribution of CP, and even if we’ve got a technically legal system, these people can fuck right off. We want to put heads on poles here, and we’ll help the police to get the job done. So our fully-anon system where blocks are being pushed around an (encrypted) network all on their own suddenly isn’t good enough. It might be technically fine, within the limits of its lack of sophistication, but it’s politically inadequate. There’s a very basic atomic operation missing: get that motherfucker!

So let’s take a look at this again. I need to know who is distributing these files. But I must not know what’s in them, because I’m a Common Carrier and only carrying a chunk to protect myself from some kinds of liability.

This is a job for crypto. Specifically, this is a job for Secret Sharing and Digital Signatures. And possibly zero knowledge proofs. Now this is a proper-hard protocol design question, but let’s think through the political level first, then get technical.

* I’m hosting a non-infringing lump of something
* There’s a METADATA file which names all the lumps required to assemble FINAL file.
* The METADATA file includes a decryption key for this final file.

Now, what I need to know is that this METADATA file exists (or the lumps I’m holding are useless) and that it’s VALID (in some political sense). But I don’t want to see it, and I don’t want my ROBOT to see it, to avoid liability. In fact, I might even have a defensive-driving script which autorefuses to store both the METADATA file and a LUMP file.

So how’s about we don’t touch anything which doesn’t have a METADATA file with some kind of credentials. Ah, but we don’t want to see the METADATA, so what we need is a SIGNATURE or something like it for each lump.

“No, officer, I don’t know what this is – in fact I can’t know what this is, but I accepted it based on this credential, and since you’ve proven to me (by the digital signatures) that it’s actually CP, and you have a warrant, have… SOME INCRIMINATING DATA ON THE AUTHOR.”

Ok. Promising. So I have a list of known-good digital signatures, and I accept a LUMP which is signed as known-good by them, and if something goes wrong, I point at… hm… no. No good, because we’ve broken ANONYMITY as a goal state. Try again.

Now, ANONYMITY is a problem. I want to get these CP peddling mofos as much as you do. What I really want is PSEUDONYMITY and REASONABLE COURTS. I want stuff like SOURCE PROTECTION for journalists. I want to know, for sure, that if this person is evil me and my friends can reveal their identity in a legally binding form, but I don’t want to be pressured into doing that.

This is Zero Knowledge Proof territory, perhaps. So let’s examine a protocol.

=== PROTOCOL BEGINS ===
1) We meet, and I agree I’ll take a share of your Secret Identity.
2) I don’t want sole responsibility for this, no sir, so we’re doing this Jury Style – a committee of 12 of your peers, or 15 because this is the internet and people are flakes.
3) We’ve got two technical assets – Secret Sharing (e.g. gfshare or ssss in Ubuntu) and zero knowledge proofs.
4) Brute force: You take your passport, and you show it to the 12 of us. You then take your laptop and prepare the following.
4.1) a PNG of your passport, and a digitally signed legal document asking us to act as a JURY and turn it over to relevant authorities under a set of conditions (this akin to a legal escrow agreement, or a will)
4.2) This file split into 15 pieces, of which 12 enable recovery, or some similar scheme.
4.3) You prepare 100,000 sets of 15 files.
5) We agree on 99,999 sets of these files, and check (by recombining parts) that they, indeed, sum to your Identity. Ideally we’d like to do this in a clever way which prevents us seeing YOUR IDENTITY but still proves it was in there, but that’s a Hard Problem, so we’re going to accept that we’ve seen your identity.
6) If 99,999 files were legit, there is an extremely high probability that file 100,000 is legit. Again, consult the Zero Knowledge Proof literature for ways of doing this in a few dozen turns, not 100k turns, but we’re thinking this through in brute force terms.
7) I now have a share of your identity, which I have excellent reason to believe is you I can’t prove that it is you without 11/15 others helping me. We’ve locked your identity where we can’t get it (assuming that we really did delete those other shares…)
8 ) Everybody involved now signs each of these shares, blind signatures (i.e. of the hash, not the file) and signs your key with those blind signatures.
9) We have now legally and technically escrowed your identity – this committee of 15 people knows who this individual is, for sure, but only 12/15 of us in agreement can legally prove it
10) I can now take this document to escrow brokers of other kinds and use it to generate, for example, PSEUDONYMS (subsidiary keys) with any given of security or reliability.
11) Let’s call an identity like this an ESCROWNYM. An ESCROWNYM creates PSEUDONYMS, because the intermediary generating the PSEUDONYM keeps a copy of the ESCROWNYM document, possibly split in shares etc. as illustrated, and all legally binding like.
=== PROTOCOL ENDS ===

Congratulations. You’ve just re-invented Jury Trial, more or less.

Now let’s go back to our file hosting problem.

I REQUIRE any content that I am hosting to be backed by an ESCROWNYM which is backed by a Nation State passport. But because Nation States are being pathological bitches right now, most smart people prepare one of these ESCROWNYM documents backed by SIGNERS in 14 jurisdictions, including hard-to-navigate spaces like Iceland, Russia, Sweden, Palestine, South Africa and so on. And, of course, people signing these ESCROWNYM documents are actually often using ESCROWNYMs to sign them – we have an absolutely solid chain of legal responsibility here, to named individuals identified by their Nation State identity documents, but the overheads of FORCING these individuals to reveal the identity of a person behind such an ESCROWNYM are genuinely formidable.

But if I get a PSEUDONYM-signed file, tracked to a Known-Good ESCROWNYM (i.e. the pseudonym generated by a service I trust, such as a reputable City of London legal firm), I’m comfortable hosting it. Because IF it turns out that I’m hosting a share of a CP file, or nuclear bomb making instructions or something, I’m absolutely sure that either the Person Who Made This Data, or the Persons Protecting Them, can be made fully and legally transparent.

Now let’s stop and think about that for a moment, maybe take a breather.

=== breath ===

=== breath ===

=== breath ===

So I’m hosting a file on my machine. I’ve digitally signed it with a PSEUDONYM backed by an ESCROWNYM and now I’m getting slammed because the file is Very Popular. My network of buddies take the LUMPs of the file that I have prepared (and signed) and carry them, and people coming to my site get served a tiny METADATA file which tells them what the LUMPIDs are to reconstitute the file, and the decryption key. In the event that the file allows, for example, comments or modifications at a later date, the DECRYPTION KEY is actually a PUBLIC KEY, which can be used to decrypt the METADATA for future versions of the file.

Hm.

This isn’t really very technically sophisticated, is it?

You know, if we were just a bit more technically sophisticated, I bet we could generate PSEUDONYMS from an ESCROWNYM automatically. That’s something along the line of blind signatures, or some of that tricky Chaumian stuff which is typically used on digital cash. You sign my ESCROWNYM and, at the same time, 1000 PSUEDONYMS which you never ever see, not even for a moment. Yes, there’s tech for this, no, I don’t understand it well enough to know exactly what the edge on that envelope is – I’m a cryptographic applications designer, not a cryptographer or cryptologist, and there’s a big, big difference. Trust me on this: past a certain point, cryptosystems and algorithms are black boxes to me. But I can think about code and politics at the same time, and that is useful. Bear with my technical limits.

Now, what I’m proposing here is obviously a socially-networked anonymous publishing system with full legal and community accountability. PSEUDONYMS backtrack to ESCROWNYMs backtrack to IDENTITIES through a series of nestled processes. You can see a version of this thinking, assuming (ahem) trustworthy Nation State and International Organization actors in CheapID (which, let us remember, was produced for the Office of the Secretary of Defense with the US National Security Agency doing the technical oversight.)

But my faith in the Nation State’s trustworthiness has been shaken so much by #NDAA and the legalization of indefinite detention without trial in America that I’ve been forced to go back to the drawing board.

Don’t blame me: I’m trying to preserve the existing rights and freedoms of our societies, things we all voted on, things we all agreed, things that have been historically Known Good for hundred and hundreds of years in many cultures. This is not vagabondish Cryptoanarchy and end-running around taxes, this is right to a trial by jury in a digital domain in a situation where, alas, jury trials are being denied to people by their governments.

Now, do you understand my lines, and what it means when The State crosses them? I am FUCKING SERIOUS about the Free Society, and I’ll do what it takes to defend it.

Let those with ears hear me: civil rights, and the democracy that arises from them, stay, at the point of a sword if needs be. I am not easily provoked, but I know the history of the Holocaust, of Stalinism, of Maoism, of Pol Pot, and yes, of Vietnam and El Salvador and all the rest well enough to know one thing.

None of us are safe from a government which has breached Habeas Corpus and claimed a Global Jurisdiction. I did a pretty good analysis of this kind of Transnational Sovereignty stuff a few years ago (for the DoD), I know the terrain, and I believe I understand the Bush-Cheney-Rumsfeld-Rove-Feith type thinking behind it pretty well.

I’ve drawn a line in the sand here. I know how dangerous cryptography is: when they said “munitions” they meant it. I’ve stayed scrupulously clean, out of the field, for years, while friends of mine went off and did things like Wikileaks and Openleaks.

I don’t even use encryption in my personal life – I don’t use PGP, I don’t use GPG, I don’t use OTR, I try to avoid using Skype because I do not want any TLA (three letter agency) worrying about what’s on my mind. I keep all my shit in Gmail, for god’s sake.

But, seriously, this shit will not stand.

If I have to actually build prototypes, hell if I have to build a team with diverse skills and actually build a working system for a properly secure, legally and politically sophisticated global protected publishing system, I will. I’m hoping to inspire people younger, sharper and more technically capable than me to ask the right questions of the cryptographic applications they may be writing right now.

But if it comes to it, I think I’m smart enough to evade making most of the mistakes made by other attempts to solve this problem, and I’d point to the dents I’ve put in certain other intractable problems as evidence to that effect.

I don’t want to go down that path, I have many other things which call for my time, but I’m here for civil rights, and if I have to fight for them, I’m not going to make the mistake of bringing a knife to a gun fight.

If we have to take back the internet one byte at a time, line by line, network by network, wire by wire encrypting everything as we go, building new jurisdictions in which the antient Rule of Law is observed, so be it. We have agreed on these laws, they are in the Constitution of the United States of America, and no mere Law or President may abrogate them. They are in the laws of Great Britain. They are present in the Constitutions, Laws and Practices of nearly all countries.

We need to start building Jurisdictions which respect free speech, including political free speech, but do not violate other Common Law. We need to obey basic rules in these Jurisdictions to protect them from shutdown by the State on the basis of copyright infringement or similar crimes, including distribution of terrorist materials, CP and similar.

The internet is not going to police itself. If we do not do it, the State will, and right now, the State is in really serious danger of going right off the cliff into Fascism, at least in America.

There are rules. Governments must obey them, even the Americans. Liberty will not be lost.

Not on my watch.

1. Because the Media are owned by Corporations who we wish to Police using the power of the State which they have Suborned using the gutter press and requiring political advertising in elections.
2. Because the Internet Service Providers are Tightly Aligned with Copyright Holders who are tightly aligned with the Media who Suborn the State as above.
3. Because with current technology, one must choose between Freedom of Speech (including the ability to repeat previous utterances, which may or may not be Copyrighted) and Enforceable Copyright. We do not know how to do both.
4. Because Anonymous Free Speech is a critical part of Democratic Participation in Contested Societies, which is all of them if you are (for example) politically radical or queer in ways which are oppressed.

So let’s nail down a few basics. In the previous post on the ethics and pragmatics of cryptography I fleshed out some of the political background. Now let’s have a think about system design in terms of things such a system MUST do, and things it MUST NOT do, as well as a few desirables.

Let’s start with a few very basic notions.

1. We’d like to build infrastructure which worked like HTTP or (better!) NNTP or SSH or even GIT – useful, extensible, general, logically deep but simple to implement – protocols and platforms, not applications if you like.
2. We’d like to support four primitive operations:
   1. Create
   2. Read
   3. Update
   4. Delete, and two additional operations
   5. Link/Reference and
   6. Blacklist

   I will explain Blacklist in a moment.

3. As noted, anonymous free speech is necessary for political reasons, and is our primary goal in this matter.

So now let’s talk about identity. There are only two real kinds of identity: biometrics and biographies. These expose us in totally different ways: biometrics put a name to a face on the street. Biographies allow association of a single fact (“car license place XXXYYYZZZ”) with the rest of our story. The worse case is Biometrics tied to our Biographies which allows the merest sight of our face to be correlated to everything about us in the files, including errors, omissions and politically-motivated hate speech. CheapID addresses with problem with an axe: it forcibly separates Biography and Biometrics, gives one to your Nation State government, and the other to the United Nations, and uses Sheer Evil to protect the cryptography which prevents the two colluding.

Right now, The State mainly identifies us using Biographies. Credit ratings etc. are also Biographies. It’s worth noting that under current law you don’t own facts about you, you can’t make people (a company) forget what they know about you, and these profiles are casually interlinked to form pervasive information resources about us. They may know us better than we know ourselves in some areas, say spending habits.

So let us consider a few more points of background.

1. We have some customary rights, such as more or less everything you can do with a pencil and paper is legal.
2. Computers and public key cryptography are a bit different from pencils and paper in that they implement very efficient mass duplication and some other interesting atomic operations like digital signatures.
3. In most cases, digital messaging is going to require using the machines of people we do not control to carry our traffic, whether they are peer intermediaries or internet service providers.

Now, that heavy thud noise is the absolute obviousness of our problem: if the person (company) carrying our traffic wants us to shut up about something, only the power of the State can compel them not to censor or silence us. Without State oversight, anybody can simply refuse to carry the traffic of a person they do not like, or refuse to carry conversation of a topic they do not approve of. Private, individual rights afforded to intermediaries, their right to control their own equipment, turns into their right to silence your voice without even a hint of technical irony. In the same way that you can choose either Copyright in its current forms or Free Speech, but cannot prevent those with Free Speech from repeating what another has said before them, you must choose between each individual’s Freedom to control their own computers, and each individual’s right to have their message carried by third parties who might have other priorities, ideological objections, or real-world costs.

We are beginning to frame the problem, are we not?

A node on a network chooses to Repeat my Speech to relay the message to my friends.

I choose to Repeat a piece of Speech by Lada Gaga to my friend, and this is now copyright infringement.

You can’t get copying out of the network, and this is why it’s a choice between Free Speech and Copyright.

But the problem is that my right not to Repeat your speech turns into censorship. This is why we have exquisitely heavy laws around censorship, discrimination and other forms of favouritism in many aspects of the workplace.

What do you choose to carry, in some sense, defines you.

So the first thing we have to do is to Blind Intermediaries. We can’t make them responsible for the content they carry – you’re going to replicate my Political Free Speech whether you like it or not, because I’m not going to tell you what you are carrying, and this removes the possibility of content-based censorship from our intermediate parties, including ISPs. Note how carefully and precisely we are constructing this: this is about fundamental technical and social forces inter-relate. We’re building this up from atomic operations because it’s like lego, not like a legal system!

So let’s talk about Blacklisting. You can’t Blacklist what you can’t see. On the other hand, you don’t have to Blacklist what you can’t see. Common carrier / good neighbour type provisions allow us to carry each-other’s encrypted traffic as a social courtesy, protected from our neighbour’s weirdness or illegality. All messages are encrypted from end-to-end by default.

So what of Publishing, of Speech? I originate a Message. You wish to see the Message. You have the key to decrypt the Message. Intermediaries may or may not have this key. So now we have one Atomic Operation still – messages which we may-or-may-not have keys for. This is a very similar general conclusion to that reached by Freenet, at least in it’s earlier incarnations, and by Self-certifying File Systems.

So let’s boil it down one more step. A Message is encrypted with a Key. You obtain the Key in the body of another Message. The Key is in-some-way tied to mechanisms for retrieving the Message (hashes, indexes, self-certifying file systems and so on.) You have a network of readable Messages to which one has Keys, and (potentially) a set of Messages to which one does not have Keys. This is a very simple construct. Authorship may or may not be required to carry a message, and can be asserted by a digital signature. Public notaries can deal with the problem of people stripping off one signature from a Message and replacing it with another (i.e. digital signatures prove that a Key is willing to sign a document, not that they created it.)

Message distribution protocols may vary – there’s an absolute mess of methods of moving files around on a network, with different properties in terms of latency, accessibility, queuing and fifty other things. As long as the messages stay encrypted until they hit a key, it really doesn’t matter how they move around. This is a fundamental error made by many efforts in this direction so far: unifying Delivery and Key Management and often Identity Management in a single system. Actually these functions can be separated into a set of subsystems which interface and overlap, message retrieval vs. decryption vs. identity architectures.

So let’s pick apart Identity. Two basic approaches: biometrics and biographies. Two simple approaches: take a state-owned ID like a passport, assuming that you live in a State with strong identity architecture, and encase the State ID in a container constructed using Shamir’s Secret Sharing. Use an introducer network to store the shares as a precondition of entry to the network. You can also use a Non-State biographical or biometric profile to store this information. So then you basically get introduced to the network, you get your first set of keys, and then you connect to the system as a whole one link at a time. You can view it as a file system, you can view it as the web, you can view it as Dropbox, you can view it as Freenet – the underlying cryptographic architecture is the same.

So let’s talk about what we’re talking about: replacing the file system, both on your PC, and distributed in various forms, with something which is cryptographically sensitive to the world we operate in. You could think of this in brute-force forms like whole disk encryption, but that’s pretty much working in the same single-computer-at-a-time monolithic paradigm which also produces our fragility in hardware terms and necessitates the Cloud and various kinds of decentralized systems. Possibly TAHOE-LAFS has a lot of these features, albeit pointed in a slightly different direction. The Capability-Based Operating System folks, in their thinking about filesystems and similar, have likely already cracked a lot of this. The crux of it is that there’s a lot of technology, at at least the level of sophistication required to build a genuinely politically useful tool-set, but because these systems have been built as applications rather than infrastructure, because they’ve been built as programs rather than services, because the political structures haven’t been clearly designed in a specific way (with Freenet as a possible exception) we haven’t seen the jump to scale.

Introduction to a network with identity (in some form) escrowed using Secret Sharing.

Publication into some form of storage grid, which could use a variety of technologies depending on whether you’re pushing a 50kb email-type communication to a single recipient, or a 5gb archive to 78,000 people. Moving files around is a transparent process, it doesn’t affect the fundamental publishing architecture, and the case-hardened viscously secure untraceable server architectures follow as-needed. Even one’s personal file system could have these attributes, with files from other people being stored encrypted with a key-ring for access – in short, a cache of a much larger system – if we wanted to go in the general metacomputer direction.

Now, within this general speculative framework, four items.

Firstly, you can blacklist known-evil files and transactions, and if there are signatures (and many systems may require a signature to play) you can track back up to something resembling a subpoena against a network of people holding shares of the identity split with Secret Sharing. Community accountability for child porn and/or copyright infringement and/or storage of classified data depending on community standards. Consistent refusal to honor subpoenas (court generated, community generated – these are policy issues) results in forks, subnets splitting and similar.

Secondly, you can store the local files, move them into a remote storage grid, distribute them via decentralized server architectures or what-have-you without disturbing the cryptographic enclosures. This is important: we’re discussing a new way of thinking about files, and dropping these new objects into existing or new storage systems should work transparently.

Thirdly, we can step out of the domain of solving one problem at a time. We need decentralized cache-and-storage architectures, we need backup, we need cloud metacomputing and these things don’t need to be provided by Amazon because, well, we’ve got a ton more compute power than they do and most of us have hundreds of gigs empty in one place or another. This is a property rights and security issue, and the right combination of simple architectures and politically sophisticated implementations of crypto can make that entire resource usable. The only obstacle is the copyright lobby, and there’s a pretty simple approach to that: acknowledge that we secure the GPL and Wikipedia using Copyright and Hollywood secures their movies using Copyright. We need to renegotiate the legal framework around Copyright but, for now, let us consider using our own community enforcement mechanisms (see first point) to make a network which is clean to some appropriate level. Community policing of copyright on a private network is a very reasonable approach to building new infrastructure, and if we can’t manage this, we’re going to have the State down our neck for the foreseeable future. A partionable network – clean networks and renegade subdomains – is entirely plausible.

Finally, let’s think about this in terms of historical trends. Computing goes through a well-understood cycle, Sutherland’s Wheel of Reincarnation where systems swing between centralized and decentralized, parallel and serial, hardware and software. As each layer becomes more sophisticated, it acts as a platform for the alternate strategy – Amazon’s datacenters are centralized parallel supercomputers. So are google’s. In fact, the world is dominated by parallel supercomputer companies, although we use terms like cluster and data center. But it’s all the same kinds of thinking that were pioneered in the Transputer age.

To build a genuinely Free parallel supercomputer – something which belongs to all of us and none of us, which ships our bits when we get massive traffic spikes on our HTML 5 videos, backs up our files, crunches our data and generally manages our “cloud” needs without simply handing the next round of computer development to the corporate powers without a fight.

This is a much bigger issue than just file sharing. It is about freedom of speech, of unpopular speech, of political speech in jurisdictions where what you may have to say is illegal or even more dangerous. The implementation for the current control structures is corporate control of the information technology backbone, both at the wire level, and at the scale of the large scale parallel supercomputer clusters which currently only exist in the hands of corporations.

So that’s the game plan. Metacomputer infrastructure for the internet, out of corporate control, using crypto to manage the policy issues by making people accountable to their peers in a manner akin to jury trial, including handing people to the State for things like CP.

This constitutes lifting the core functions of the “internet” – right down to structures like DNS – right out of corporate control, and therefore government control in most cases.

It’s vastly harder to patch the existing system with layers of crypto and retrofit than to figure out three or four fundamental primitives – identity, files-and-distribution, key management, distribution-and-queues. Building applications on top of those primitives to reimplement various applications we currently have on the internet (email, twitter, the web) may be vastly easier and more productive than attempting to build a single new system which is built on top of the politically naive internet infrastructure we have to hand.

A handful of well-designed cryptographic primitives from which a proper, politically sophisticated digital backbone could be built. This is a non-trivial undertaking, but it’s one which will be much easier started on the right foot.

Think of the original design processes for Unix. Now imagine we’re working at internet-scale in a politically contested environment on untrusted networks.

Game on.