(Jan 2015 update. Note this post is three years old: it was written a year before the Snowden revelations. But it has a more-or-less accurate threat model regarding the NSA’s technical capabilities and intentions, so the piece is not out of date.)
I have a knack for crypto. Actually, to be honest, I have a knack for Lego. My mind maps the things you can do with a simple set of tools/rules and then generates simple, easy ways of doing impressive things.
Good examples of this: the hexayurt or the Simple Critical Infrastructure Maps system. Applied to cryptographic applications, it resulted in CheapID and the infamous, lost PKI stockmarket software I wrote once and erased in fear.
Here’s our fundamental issue: there are (at least) three actors we need to consider in cryptographic applications design. They are The User, The Mafia and The State. Most cryptographic applications designers (CADs for now) are politically naive Libertarians, and make one of two errors.
- They confuse the User and the Mafia, or
- They conflate the Mafia and the State
This is a debate seen most clearly in electronic currency circles. It comes down to taxes. There are two models: this currency is for not paying taxes, because the government are basically a mafia that extracts taxation. Or this currency is not for paying taxes, because we don’t care if our users are organized crime or not, the government are worse.
These are subtly different models. To model the government as a Mafia is a different thing than to model the users as potentially containing Mafias that cannot be extracted from the system. One or other assumption percolates much CAD thinking.
I’ve been close to the Government. It’s not a mafia. I’ve been slightly less close to the Mafia. They’re not like users. There is a very clear need to create a system which:
- Protects users from the Government
- Protects users from the Mafia
- Protects users from each-other
- Does not protect The Mafia from The Government
Now, framing cryptographic applications politics in this way is enough to give most of the people involved in the field conniption fits. The apolitical simplifications made in cryptography and cryptology are actually of the “let us assume the horse is a sphere” variety, and when you build social systems around those kinds of mathematical constructs, inevitable failure results.
PGP’s web of trust had, at most, half a million users. Facebook’s web of trust has a billion and rising, while providing users absolutely no protection at all from anybody – they’re being predated by advertisers, by the State, and by each-other with no meaningful safeguards.
So let’s distinguish the Mafia and the State, briefly.
- Anybody can declare themselves The Mafia by establishing coercion in collaboration with others
- The State is a special instance of cooperative coercion which may have features like popular support, a criminal justice system with rules, or control of critical infrastructure like hospitals
- Many of the activities of the State continue with 100% transparency, unlike the Mafia which relies on secrecy to protect it form the State
- There are a plurality of States
Now this teases apart a useful distinction: the State should be able to operate transparently in (nearly) all circumstances. Mafias, more or less by definition, require secrecy to operate. One could possibly argue that a Mafia which is strong enough to operate Transparently is a State, but that’s a political argument with some fundamental weaknesses which I don’t care to make. My definition of the State is that the State is any entity which can retroactively grant immunity for crimes (cf. Weber’s “monopoly of force” model) but this is an aside.
We are now in a position of attempting to navigate our lives with a hostile State. Even if our own countries (hello Switzerland, hello Norway) are pretty decent, the US and its enormous technical monitoring apparatus watch us all through our cell phones and our internet connections. The panopticon is watching you read this blog post through your ISP, and it doesn’t really matter what The Law or Your Government says, because the web server is in America and they’re probably tapping the undersea cables globally anyway, at least for some traffic. The calculus of competing virtues argument for leaving America to heal after 9/11 changed with the signing of the NDAA which ratified the death of the American Constitution, moving the issues resulting from 9/11 from being a temporary breach to a permanent state of affairs.
In this environment, we must therefore examine maintaining our civil rights without passive (or occasionally active) support from the State.
Now, I want you to look at that construction carefully. We have, at least in America, agreed on a set of inviolable rights. These rights are not simply legal rights, they are Rights which define what can be legal. They are the Law above the Law, and graven in stone. The current US government is clearly acting illegally by asserting that it is free to murder its own citizens and hold people without trials, and there is no question that a technological implementation of basic civil rights like freedom of speech and freedom from unreasonable search and seizure simply maintains existing legal practices in a more complex operating environment. We are not talking about implementing cryptoanarchy or end-running around the right of the State to exist. Rather, we are discussing maintaining already socially and legally established rights in the face of a wayward government.
This is an extremely critical deviation from normal cryptographic applications developer practices. Most of the so-called cipherpunks wanted to implement a new political system called cryptoanarchy using software. That new political system is full of potential problems, and is untried. Defending an existing known-good political equilibrium using software is a fundamentally different enterprise.
Alice, Bob and Carol are about as sophisticated as the political constructs inside of most cryptographic applications get. The State is Carol, and the Users and the Mafia are Alice and Bob, with no distinction made. This is simply using the wrong level of abstraction to get the results you want.
CheapID hinges on a single political insight: the hatred of Nation State intelligence services for each-other could be used to protect citizens from all states. That insight is then used as a political factor in designing a global identity card standard. Many see this as madness, but at least we are addressing the questions at the right architectural level.
Finally, we must address the issue of secure endpoints. The smallest and cheapest system capable of resisting technical intrusion so your messages will not be read between the keyboard and your cryptographic application is a military base with three levels of doors, metal-box rooms mounted on springs, and guards watching each-other. The fantasy that consumer-grade laptops offer security is just that.
Now, with all this said, we need to start rethinking the mass deployment of cryptography to foil the thieves in the wires, and to protect the human and civil rights we all have. But we must implement what we know works, and not an untried and untested new political equilibrium, no matter how attractive, just because it’s what drops out of the code.
Code is law. Make law wisely.
You need a Jefferson at the Keyboard to Write the New Constitution, whether the language is C or English.