How do We Make Encryption More Accessible?

This post is about a program I wrote to publish public keys in gravatar images. You can try it (if you’ve got a gravatar account) here or look at the source here.

250 Hello, I am glad to meet you

When I was at university, discovering that I could easily have a conversation with the computer that managed mail was great fun. There were rules for our conversation of course, but they all seemed very civilized; I had to start by saying HELO, and it would give me some equally polite response. After that though, it quickly became obvious that it was a little too trusting. If I said that I was giving it mail from, or some lecturer or even some cute girl that my friend liked and that the mail was for my friend, it would just say Ok, Bye and then go ahead and deliver it.

It doesn’t take a genius to see that there’s quite a lot of potential for mischief there. Things have moved on a little since then, but probably less than you think. Email for most people is still not much more advanced than passing crumpled notes around a classroom. It has many of the same features – anyone on the path from the originator to the recipient can read it, the originator can pretend they never sent it if it turns out that their affection is not reciprocated, or worse, it’s easy for someone to forge one and create all kinds of opportunity for comedy. I suppose the main difference is that instead of it being a classroom, we’re talking about the world, and instead of it being about whether Emma likes Richard or not (she did), it’s about every aspect of our lives, including money, job, family, etc.

PRISM logo

This has been in peoples minds recently with news that various governments are logging every word, not just of email, but of everything we do online. This of course opens up even more potential for mischief. Normal individuals have already used the no fly list as a way of punishing people they didn’t like, but given the NSA and others, a few well placed forged emails might be easier than the phone calls and less risky.

Anyway, I’ve got some great news. A bunch of guys have been working on this, and they’ve come up with a really clever system that makes it basically impossible for anyone you didn’t intend to look your messages to read them. I was telling my Dad about it recently, and he found it hard to believe, but it’s just a bunch of maths, not even as complicated as you might expect and it more or less completely solves this problem.

There is of course a catch. The catch is that this scheme was invented independently at least twice in the 1970s, predates the use of the word ‘internet’ yet for some reason normal people are still using systems that are much less deserving of trust than they appear.

One of the problems is that of ‘key management’. You usually use a pair of computer ‘keys’ to enable this kind of security and you need a way to make one as available as possible, and the other as secret as possible. This is not really within the realm of possibility for normal humans, who regularly lose their physical keys or ‘hide’ them in obvious places despite the fact that they secure a majority of their worldly possessions. That’s a simple metal token that can easily be carried everywhere with you and is always around when you need it, and can’t be copied quickly without you noticing (generally speaking). The computer keys are harder to change if stolen, and easier to lose. Basically I shouldn’t be trusted with anything as precious as my own private key.

The next problem is that so few people are currently using any better system that it becomes difficult to find people to communicate with. This is probably partially because of the third problem:

The third problem is probably just software. There is no software that doesn’t make sending and receiving encrypted messages a massive pain. On top of that it’s hard (but not impossible) to enable important features like search on encrypted data.

I came up with a few ideas of my own to try to make this more reasonable. I wanted to use images with public keys embedded into them, so that when you see the image of someone in your address book, you also have the means to send them private messages, and possibly little seal images that are your private key, so you drag them onto data to sign the data. I think a much more visual, drag and drop system stands a much better chance of getting people using it. I also wanted to build on top of services that people already know about. Bitcoin is an encryption based currency system that lots of people are interested in, and Gravatar provides a sort of directory of email addresses to images.

The perfect system that I imagine is something that is easy enough to use for people who aren’t very technical, builds on top of things like Bitcoin and Gravatar, and probably provides a mail service that can’t read your stored history of emails but allows you to search them quickly and automatically encrypts messages to people or alternatively sends them a link that enables them to retreive the message over https. I didn’t create that, but I have created a proof of concept to show that some of these ideas are pretty doable. It’s still very rough and ready, so it’s not something for the non technical yet, but I think it shows one approach we could try using to bring private communications to everyone. You can try it (if you’ve got a gravatar account) here or look at the source here.

Money: Where it comes from and where it might go

Everyone eventually wonders why people use money when it doesn’t have any ‘intrinsic’ value. It can feel like a house of cards built over an abyss.

Of course the answer is that people want money because they think that other people want money. That means that the value of money is mainly speculative. You value it because you speculate that you’ll be able to offload it to someone else for something you actually want later.

It’s only mostly speculative though. There are two mechanisms by which it acquires a small amount of nonspeculative value which is then magnified by its usefulness.

Firstly, the government demands that individuals give it some of the money it has issued back in taxation. That means that there will always be at least some demand for money. You probably know already that the government is going to demand some of that money from you this year, so you know you need some. That tiny kernel of certainty (death and taxes) is enough to bootstrap it as a medium of exchange, which means that there’s more and more you can do with these tokens, which means that people value them more and more.

If that isn’t enough then the government has another trick up its sleeve – they will not provide the power of the justice system to enforce collection of a debt in anything except the government issued tokens when the debtor has offered to pay in that (that’s the meaning of legal tender). Ebay used to do something similar with paypal; they would insure transactions made with paypal against fraud to a higher value than those made in any other way. By using government issued money, you get to rely on extra government backing. And making sure you have a stock or income of government tokens is a way of protecting yourself against unreasonable demands by creditors.

It can go wrong though. The ability to trade and enforce debts and pay taxes in a currency is valuable in its own right, however if a government is too weak or corrupt or economically pressed to guarantee the payment of debts, or perceived to be increasing the supply of tokens too quickly causing the value of the money you have to fall quicker than it provides value or if it simply becomes too difficult for people to get hold of the government tokens (perhaps they’ve all gone to Germany), then they will start to create their own tokens.

Nevertheless, much of what people think of as money with intrinsic value isn’t in a very different position. Why would a normal person want gold? What can they do with it? The only reason I would want gold is if I believed that other people in the future would want gold which would allow me to swap it for something I really wanted. This is just as speculative as government issued money, assuming the government provides those selfsame two guarantees with gold, otherwise it could be even more speculative. The argument that it’s useful in electronics is valid, but only to the same extent that if the worst comes to the worst I can burn my government issued banknotes for heat. Ultimately, there are few currencies that can’t be converted into the base currency of the universe: joules.

Anything near the bottom of Maslow’s hierarchy is much less speculative. I can eat a hamburger to get rid of my hunger. That’s real, nonspeculative value right there. There’ll be time in anyone’s life where they’ll take a mess of pottage now over a hypothetical fortune in gold later. Indeed, the ancient currency unit ‘shekel’ was originally a measure of barley (180 standard grains). The first metal currencies were actually tokens which represented stored (and could be converted into) actual grain. Hygenie is an essential human need, so perhaps it’s not surprising that tide detergent is being used as currency amoung drug dealers in the US.

But who determines the distribution of the government tokens in society? Well there are a few ways. Obviously we got here from a system of barter, where you would swap one tangible good (a cow) for another tangible good (some gold or silver). When we eventually switched the gold and silver for intangible ‘money’, the government tokens were distributed to people according to how the gold and silver had previously been distributed. The original distribution was not completely fair, but it had a history of at least sometimes rewarding hard work and wealth creation. The government can also modify the distribution by giving people tokens in exchange for work hopefully benefitting the community (employing them), or by paying them interest on a bond or by disbursing some as welfare or grants, not to mention adjusting the amount it takes off different kinds of people in tax.

Some systems try to equate currency with labour. There are time banks where if you labour for an hour you are provided with 1 hours worth of tokens which you can then redeem against someone else prepared to labour for an hour. Since almost everything we want requires labour (either to acquire the raw materials or to work them), labour is in some ways the human equivalent of the joule; an energy based currency.

Early Chinese Tool MoneyIn China, I saw tool based money for the first time. Small trowel heads and knives were used as currency during the Zhou dynasty (although they ultimately became very stylised). Tools are labour multipliers. There’s a lot to recommend tool based money – you can actually use a tool to create wealth directly. Use the trowel to plant, and the knife to hunt or butcher. They can be stored easily and are durable. It seems that there are some people who could survive almost anywhere in the world given a decent machete. It’d be interesting to see what an economy based on survival tools would look like.

Naturally anyone thinking along these lines for the modern age will be considering the ultimate human tool; the computer. There are a number of computer based currencies, some backed by boring old gold (the USA has a history of jailing and shutting down e-gold operations, although pecunix seems to have survived better than many), some just a score in a computer that you can pay to have incremented (and increment others at the cost of decrementing your own). The popularity of these is driven by a distrust in the governments that control their currencies but also by the friction and pain that moving small amounts of money between individuals and sometimes across borders entails at the moment.

Amazingly corporations like Visa can charge an insane percentage on nearly every transaction in our economy. By requiring that merchants offer the same price to those paying with and without credit and debit cards, it means that anyone paying cash is subsidizing the cost to the merchant of everyone else that is paying by card. All this for something (debit) that in the age of the computer should be free.

In a more rational system, banks would be required to provide every current account with an incoming and an outgoing account number (so that there is no danger in sharing your incoming account number), and then an api that would allow me to push money from my account to some arbitrary account number. I imagine that every payment, whether giving a friend 50 cents or paying hundreds of dollars of electricity bill would become something like scanning the QR code of the receiving bank account with a mobile phone. And there’s no reason it should cost anything beyond a normal current account.

Interestingly, removing the 4% rent that the card companies charge would result in a massive stimulus to the economy at a time when it could really do with it. (Reducing VAT in the UK made a big difference and was smaller, and more painful to the government finances than this would be). Beyond the fact of the stimulus though, there are a million interesting business models that the internet is crying out to implement, but can’t because of the needless cost of transactions.

Some startup companies are struggling to address this already. Flattr is a nice idea, but takes a 10% cut, which I can’t countenance. Gittip seems more equitable.

One great hope is bitcoin. It’s decentralised, so there is no need to worry about governments undermining its value (although also of course there is no base value or justice system guaranteed by government either…), semi-anonymous (everyone knows the wallet ids that own the bitcoins, but they don’t know which human owns those ids without further investigation) so you don’t have to worry so much about intrusive marketeers (or governments) snooping into your transactions, and because it’s modern and thoroughly electronic, the transaction cost is vanishingly small.

There are two things I don’t like about bitcoin though. Firstly the initial distribution of coins. While with real currencies, the initial distribution was bootstrapped on top of centuries of barter, bitcoin has a concept of ‘mining’ which is guaranteed to get much harder over time until it ultimately becomes impossible. This means that the people who originally joined the network were easily able to amass millions of dollars worth of bitcoins for very little work, while now to ‘mine’ a single bitcoin requires an amount of computer power outside the reach of casual users. This kind of initial distribution is strikingly unfair and leaves a bad taste.

Secondly bitcoin is not backed by anything. You can’t redeem your bitcoin for anything except its speculative value – even the computer power that went into ‘mining’ it originally wasn’t actually solving a problem that is valued for anything except its effect on bitcoins. You can’t burn it for its joules or get back those computer cycles for something useful.

I would much prefer a system where all grid computing systems offer certificates to certify that you’ve done some useful work (electronic labour, perhaps on protein folding, or on some problem that other people would be prepared to pay the grid providers for). The issuing grid network could guarantee to redeem them for some percentage of the work that you’ve done, and then allow them to be freely exchanged. The decentralisation would come from the fact that anyone could run these grid computing networks, so there would be many authorities. That way the currency is backed by something, has a real value and furthermore is doing something more useful than just bringing closer the heat death of the universe.

A system like this could fix spam fairly neatly by adding a step to email exchange where a server receiving an email for delivery requires a small (e.g. 5 seconds worth) payment in certified grid computing work before passing the email on (potentially smaller or waived fees for mail signed by people you know). That way, to send a spam email to a large number of people would require a correspondingly large investment in solving useful problems, and anyone who can solve protein folding deserves to be able to send a few spam emails in my book.

Regardless of what kind of approach wins, we are being held back by lack of trust and transaction costs more appropriate for yesterdays world. Unless governments can move with the times and give us more value from our currencies, more and more alternatives will be tried and eventually one will stick.