• On Un-Designing the Cryptographic Utopia

    by  • February 4, 2012 • Everything Else • 2 Comments

    Utopia. No-place. We can and must do better than this.

    1. Because the Media are owned by Corporations who we wish to Police using the power of the State which they have Suborned using the gutter press and requiring political advertising in elections.
    2. Because the Internet Service Providers are Tightly Aligned with Copyright Holders who are tightly aligned with the Media who Suborn the State as above.
    3. Because with current technology, one must choose between Freedom of Speech (including the ability to repeat previous utterances, which may or may not be Copyrighted) and Enforceable Copyright. We do not know how to do both.
    4. Because Anonymous Free Speech is a critical part of Democratic Participation in Contested Societies, which is all of them if you are (for example) politically radical or queer in ways which are oppressed.

    So let’s nail down a few basics. In the previous post on the ethics and pragmatics of cryptography I fleshed out some of the political background. Now let’s have a think about system design in terms of things such a system MUST do, and things it MUST NOT do, as well as a few desirables.

    Let’s start with a few very basic notions.

    1. We’d like to build infrastructure which worked like HTTP or (better!) NNTP or SSH or even GIT – useful, extensible, general, logically deep but simple to implement – protocols and platforms, not applications if you like.
    2. We’d like to support four primitive operations:
      1. Create
      2. Read
      3. Update
      4. Delete, and two additional operations
      5. Link/Reference and
      6. Blacklist

      I will explain Blacklist in a moment.

    3. As noted, anonymous free speech is necessary for political reasons, and is our primary goal in this matter.

    So now let’s talk about identity. There are only two real kinds of identity: biometrics and biographies. These expose us in totally different ways: biometrics put a name to a face on the street. Biographies allow association of a single fact (“car license place XXXYYYZZZ”) with the rest of our story. The worse case is Biometrics tied to our Biographies which allows the merest sight of our face to be correlated to everything about us in the files, including errors, omissions and politically-motivated hate speech. CheapID addresses with problem with an axe: it forcibly separates Biography and Biometrics, gives one to your Nation State government, and the other to the United Nations, and uses Sheer Evil to protect the cryptography which prevents the two colluding.

    Right now, The State mainly identifies us using Biographies. Credit ratings etc. are also Biographies. It’s worth noting that under current law you don’t own facts about you, you can’t make people (a company) forget what they know about you, and these profiles are casually interlinked to form pervasive information resources about us. They may know us better than we know ourselves in some areas, say spending habits.

    So let us consider a few more points of background.

    1. We have some customary rights, such as more or less everything you can do with a pencil and paper is legal.
    2. Computers and public key cryptography are a bit different from pencils and paper in that they implement very efficient mass duplication and some other interesting atomic operations like digital signatures.
    3. In most cases, digital messaging is going to require using the machines of people we do not control to carry our traffic, whether they are peer intermediaries or internet service providers.

    Now, that heavy thud noise is the absolute obviousness of our problem: if the person (company) carrying our traffic wants us to shut up about something, only the power of the State can compel them not to censor or silence us. Without State oversight, anybody can simply refuse to carry the traffic of a person they do not like, or refuse to carry conversation of a topic they do not approve of. Private, individual rights afforded to intermediaries, their right to control their own equipment, turns into their right to silence your voice without even a hint of technical irony. In the same way that you can choose either Copyright in its current forms or Free Speech, but cannot prevent those with Free Speech from repeating what another has said before them, you must choose between each individual’s Freedom to control their own computers, and each individual’s right to have their message carried by third parties who might have other priorities, ideological objections, or real-world costs.

    We are beginning to frame the problem, are we not?

    A node on a network chooses to Repeat my Speech to relay the message to my friends.

    I choose to Repeat a piece of Speech by Lada Gaga to my friend, and this is now copyright infringement.

    You can’t get copying out of the network, and this is why it’s a choice between Free Speech and Copyright.

    But the problem is that my right not to Repeat your speech turns into censorship. This is why we have exquisitely heavy laws around censorship, discrimination and other forms of favouritism in many aspects of the workplace.

    What do you choose to carry, in some sense, defines you.

    So the first thing we have to do is to Blind Intermediaries. We can’t make them responsible for the content they carry – you’re going to replicate my Political Free Speech whether you like it or not, because I’m not going to tell you what you are carrying, and this removes the possibility of content-based censorship from our intermediate parties, including ISPs. Note how carefully and precisely we are constructing this: this is about fundamental technical and social forces inter-relate. We’re building this up from atomic operations because it’s like lego, not like a legal system!

    So let’s talk about Blacklisting. You can’t Blacklist what you can’t see. On the other hand, you don’t have to Blacklist what you can’t see. Common carrier / good neighbour type provisions allow us to carry each-other’s encrypted traffic as a social courtesy, protected from our neighbour’s weirdness or illegality. All messages are encrypted from end-to-end by default.

    So what of Publishing, of Speech? I originate a Message. You wish to see the Message. You have the key to decrypt the Message. Intermediaries may or may not have this key. So now we have one Atomic Operation still – messages which we may-or-may-not have keys for. This is a very similar general conclusion to that reached by Freenet, at least in it’s earlier incarnations, and by Self-certifying File Systems.

    So let’s boil it down one more step. A Message is encrypted with a Key. You obtain the Key in the body of another Message. The Key is in-some-way tied to mechanisms for retrieving the Message (hashes, indexes, self-certifying file systems and so on.) You have a network of readable Messages to which one has Keys, and (potentially) a set of Messages to which one does not have Keys. This is a very simple construct. Authorship may or may not be required to carry a message, and can be asserted by a digital signature. Public notaries can deal with the problem of people stripping off one signature from a Message and replacing it with another (i.e. digital signatures prove that a Key is willing to sign a document, not that they created it.)

    Message distribution protocols may vary – there’s an absolute mess of methods of moving files around on a network, with different properties in terms of latency, accessibility, queuing and fifty other things. As long as the messages stay encrypted until they hit a key, it really doesn’t matter how they move around. This is a fundamental error made by many efforts in this direction so far: unifying Delivery and Key Management and often Identity Management in a single system. Actually these functions can be separated into a set of subsystems which interface and overlap, message retrieval vs. decryption vs. identity architectures.

    So let’s pick apart Identity. Two basic approaches: biometrics and biographies. Two simple approaches: take a state-owned ID like a passport, assuming that you live in a State with strong identity architecture, and encase the State ID in a container constructed using Shamir’s Secret Sharing. Use an introducer network to store the shares as a precondition of entry to the network. You can also use a Non-State biographical or biometric profile to store this information. So then you basically get introduced to the network, you get your first set of keys, and then you connect to the system as a whole one link at a time. You can view it as a file system, you can view it as the web, you can view it as Dropbox, you can view it as Freenet – the underlying cryptographic architecture is the same.

    So let’s talk about what we’re talking about: replacing the file system, both on your PC, and distributed in various forms, with something which is cryptographically sensitive to the world we operate in. You could think of this in brute-force forms like whole disk encryption, but that’s pretty much working in the same single-computer-at-a-time monolithic paradigm which also produces our fragility in hardware terms and necessitates the Cloud and various kinds of decentralized systems. Possibly TAHOE-LAFS has a lot of these features, albeit pointed in a slightly different direction. The Capability-Based Operating System folks, in their thinking about filesystems and similar, have likely already cracked a lot of this. The crux of it is that there’s a lot of technology, at at least the level of sophistication required to build a genuinely politically useful tool-set, but because these systems have been built as applications rather than infrastructure, because they’ve been built as programs rather than services, because the political structures haven’t been clearly designed in a specific way (with Freenet as a possible exception) we haven’t seen the jump to scale.

    Introduction to a network with identity (in some form) escrowed using Secret Sharing.

    Publication into some form of storage grid, which could use a variety of technologies depending on whether you’re pushing a 50kb email-type communication to a single recipient, or a 5gb archive to 78,000 people. Moving files around is a transparent process, it doesn’t affect the fundamental publishing architecture, and the case-hardened viscously secure untraceable server architectures follow as-needed. Even one’s personal file system could have these attributes, with files from other people being stored encrypted with a key-ring for access – in short, a cache of a much larger system – if we wanted to go in the general metacomputer direction.

    Now, within this general speculative framework, four items.

    Firstly, you can blacklist known-evil files and transactions, and if there are signatures (and many systems may require a signature to play) you can track back up to something resembling a subpoena against a network of people holding shares of the identity split with Secret Sharing. Community accountability for child porn and/or copyright infringement and/or storage of classified data depending on community standards. Consistent refusal to honor subpoenas (court generated, community generated – these are policy issues) results in forks, subnets splitting and similar.

    Secondly, you can store the local files, move them into a remote storage grid, distribute them via decentralized server architectures or what-have-you without disturbing the cryptographic enclosures. This is important: we’re discussing a new way of thinking about files, and dropping these new objects into existing or new storage systems should work transparently.

    Thirdly, we can step out of the domain of solving one problem at a time. We need decentralized cache-and-storage architectures, we need backup, we need cloud metacomputing and these things don’t need to be provided by Amazon because, well, we’ve got a ton more compute power than they do and most of us have hundreds of gigs empty in one place or another. This is a property rights and security issue, and the right combination of simple architectures and politically sophisticated implementations of crypto can make that entire resource usable. The only obstacle is the copyright lobby, and there’s a pretty simple approach to that: acknowledge that we secure the GPL and Wikipedia using Copyright and Hollywood secures their movies using Copyright. We need to renegotiate the legal framework around Copyright but, for now, let us consider using our own community enforcement mechanisms (see first point) to make a network which is clean to some appropriate level. Community policing of copyright on a private network is a very reasonable approach to building new infrastructure, and if we can’t manage this, we’re going to have the State down our neck for the foreseeable future. A partionable network – clean networks and renegade subdomains – is entirely plausible.

    Finally, let’s think about this in terms of historical trends. Computing goes through a well-understood cycle, Sutherland’s Wheel of Reincarnation where systems swing between centralized and decentralized, parallel and serial, hardware and software. As each layer becomes more sophisticated, it acts as a platform for the alternate strategy – Amazon’s datacenters are centralized parallel supercomputers. So are google’s. In fact, the world is dominated by parallel supercomputer companies, although we use terms like cluster and data center. But it’s all the same kinds of thinking that were pioneered in the Transputer age.

    To build a genuinely Free parallel supercomputer – something which belongs to all of us and none of us, which ships our bits when we get massive traffic spikes on our HTML 5 videos, backs up our files, crunches our data and generally manages our “cloud” needs without simply handing the next round of computer development to the corporate powers without a fight.

    This is a much bigger issue than just file sharing. It is about freedom of speech, of unpopular speech, of political speech in jurisdictions where what you may have to say is illegal or even more dangerous. The implementation for the current control structures is corporate control of the information technology backbone, both at the wire level, and at the scale of the large scale parallel supercomputer clusters which currently only exist in the hands of corporations.

    So that’s the game plan. Metacomputer infrastructure for the internet, out of corporate control, using crypto to manage the policy issues by making people accountable to their peers in a manner akin to jury trial, including handing people to the State for things like CP.

    This constitutes lifting the core functions of the “internet” – right down to structures like DNS – right out of corporate control, and therefore government control in most cases.

    It’s vastly harder to patch the existing system with layers of crypto and retrofit than to figure out three or four fundamental primitives – identity, files-and-distribution, key management, distribution-and-queues. Building applications on top of those primitives to reimplement various applications we currently have on the internet (email, twitter, the web) may be vastly easier and more productive than attempting to build a single new system which is built on top of the politically naive internet infrastructure we have to hand.

    A handful of well-designed cryptographic primitives from which a proper, politically sophisticated digital backbone could be built. This is a non-trivial undertaking, but it’s one which will be much easier started on the right foot.

    Think of the original design processes for Unix. Now imagine we’re working at internet-scale in a politically contested environment on untrusted networks.

    Game on.

    flattr this!


    Vinay Gupta is a consultant on disaster relief and risk management.


    2 Responses to On Un-Designing the Cryptographic Utopia

    1. Pingback: The Bucky-Gandhi Design Institution › Taking a crack at a practical system (introducing the ESCROWNYN)

    2. Pingback: The Bucky-Gandhi Design Institution › Taking a crack at a practical system (introducing the ESCROWNYM)

    Leave a Reply

    Your email address will not be published. Required fields are marked *