ES
Are you worried.. basically this entire system depends on basically irrevocable key structures. Are you worried that the key structures would fall apart?
JA
Well the hashing, in terms of the naming part, going to patterns--it doesn't depend on the key structure at all. In terms of Bitcoin has its own key structure and that's an independent thing, there is all sorts of problems with it. Hackers can come in and steal keys etc. And the same problems that you have with cash. Armored vans are needed to protect the cash etc. And there are some enhancements you can use to try and remove the incentives one way or another. You can introduce a subcurrency with fixed periods of expense. So you retract for one week or one day and a merchant will accept or not accept.
ES
The average person does not understand that RSA was broken into an awful lot of private keys involving commerce were taken,
JA
Yes
ES
so...
JA
The public key structure is a tremendous problem, so in the same way that domain name structures are a tremendous problem. The browser based public key system that we have for authenticating what websites you are going to, it is awful. It is truly awful. The number of people that have been licensed to mint keys is so tremendous.. there's one got bankrupted and got bought up cheaply by Russian companies, you can a**ume, I have been told actually that VeriSign, by people who are in the know, although I am not yet willing to go on the public record, cause I only have one source, just between you and me, one source that says that VeriSign has actually given keys to the US government. Not all, but a particular key. That's a big problem with the way things are authenticated presently. There are some traditional alternative approaches, like PGP has a web of trust. I don't think those things really work. What I think does work is something close to what SSH does, and that's probably the way forward. Which is it is opportunistic key registration. So there is part of your interaction, the first time you interact, you register your key, and then if you have a few points of keying or some kind of flood network, then you can see that well lots of people have seen that key many times in the past.
ES
And one more technical question, and I think we should probably, Scott you were sort of...
SM
I'm ready! Ha ha ha.
ES
When we were sort of chatting initially we talked about my idea that powering, mobile phones being powered, is sort of changing society. A rough summary of your answer for everybody else is that people are very much the same and something big has to change their behaviour, and this might be one of them, and you said, you were very interested in someone building phone to phone encryption. Can you talk a little bit about, roughly, the architecture where you would have a broad open network and you have person to person encryption. What does that mean technically, how would it work, why is it important. That kind of stuff. I mean, I think people don't understand any of this area in my view.
JA
When we were dealing with Egypt we saw the Mubarak government cut off the internet and we saw only one - there was one ISP that quite few of us were involved in trying to keep its connections open, it had maybe 6% of the market. Eventually they cut.. eventually the Mubarak government also cut off the mobile phone system. And why is it that that can be done? People with mobile phones have a device that can communicate in a radio spectrum. In a city there is a high density... there is always, if you like, a path between one person and another person. That is there is always a continuous path of mobile phones, each one can in theory hear the radio of the other.
ES
You could form a peer to peer network.
JA
So in theory you could form a peer to peer network. Now the way most GSM phones are being constructed and others is that they receive on a different frequency to that which they transmit...
ES
Yes.
JA
...and that means that they cannot form peer to peer networks. They have to go through base stations. But we're seeing now that mobile phones are becoming more flexible in terms of base station programming. And they need to do this because they operate in different markets that have different frequencies. They have different forms of wireless output, and so ... and also, even if there is not sufficiently flexible mobile phones, we are seeing that in the mobile phone aspect, maybe WiMax is coming along which will give them greater radius for two way communications. But also it is getting very cheap to make your own base station. There is software now which will run a base station.
ES
Right, right.
JA
For you. So you can throw these things up and make your own networks with conventional mobile phones pretty quickly. In fact this is what is done to spy, to keep spying on mobile phones. You set up a fake base station. And there's vans now, you can buy these in bulk on the commercial spy market, to set up a van and intercept mobile phone calls. During these revolutionary periods the people involved in the revolution need to be able to communicate. They need to be able to communicate in order to plan quickly and also to communicate information about what is happening in their environment quickly so that they can dynamically adapt to it and produce the next strategy. Where you only have the security services being able to do this, and you turn the mobile phone system off, the security services have such an tremendous advantage compared to people that are trying to oppose them. If you have a system where individuals are able to communicate securely and robustly despite what security services are doing, then security services have to give more ground. It's not that the government is necessarily going to be overthrown, but rather they have to make more concessions.
ES
They have their networks. So your argument that even with these existing phones they modify them to have peer to peer encrypted tunnels for voice and data, presumably.
JA
Voice is a bit harder. What we did internally in this prototype I designed was a -- which only works for medium sized groups - so a peer to peer flood UDP-encrypted network -- UDP permits you to put lots and lots of cover traffic in cause you can send stuff to random internet hosts.
ES
Oh, so, oh, so that's clever, so that way you can't be blocked, right?
JA
Yeah.
ES
Because UDP is a single packet, right? So...
JA
Right, so you send it to random internet hosts and a random internet host doesn't respond, which is exactly the same thing as a host that is receiving stuff. And even structured... and using this you can do hole punching through firewalls and it means that normal at home people can use this. They don't need to have a server. And it is very light bandwidth, so you can put it on mobile phones as well. The k**er application is not lots of voice. Rather it is chat rooms. Small chatrooms of thirty to a hundred people -- that is what revolution movements need. They need it to be secure and they need it to be robust. The system I did was protocol independent. So yes, you've got your encapsulating thing, UDP or whatever, and in theory you could be pushing it over SMS you could be putting it over TCP, you could be pushing it over whatever. You could be using a mobile phone, you could be using a desktop or whatever. You can put that into one big mesh, so that all you need, even when the whole country is shut off you just need one satellite connection out and your internal network connects to the rest of the world.
ES
Yeah, yeah.
JA
And if you've got a good routing system. If it is a small network you can use flood, and thereby -- flood network takes every possible path therefore it must take the fastest possible path. Right? So a flood network always finds a way but doesn't scale to large quantities. But if you've got a good routing system you just need this one link out. And in Cairo, we had people who hacked Toyota in Cairo, and took over their satellite uplink, and used that to connect to this ISP that fed 6% of the market, and so that sort of thing was going on all this time. There was a hacker war in Egypt to try and keep this -- I don't like to call it radical, but this more independent ISP -- that provided 6% of the market, up and going. But it shouldn't have been so hard. It should have been the case that all you need to do is have one connection and then the most important information could get out. And if you look at, if this is equivalent to SMSs, I mean look how important Twitter is and how important SMS is. Actually, human beings are pretty good at encoding the most important thing that is happening into a short amount of data. There's not that many human beings. There just aren't that many. So with one pipe you can...
ES
It's not a bandwidth problem.
JA
It's not a bandwidth problem. So all you need is one pipe. And you can connect a country that is in a revolutionary state to the rest of the world. And points within that country just as important. Cities within that country. And it's not that hard a thing to do quite frankly.
ES
Scott, do you wanna?
SM
It's hard to stop! It's so interesting!
ES
I actually, I have like five hours more...
SM
I know! Because it's like one thing and then there's like more and...
ES
How would you architect this how would you architect that... I think my summary would be that this notion of a hash idea of the name is a very interesting one, because I had not linked it to Bitcoin, or that kind of approach, with scarcity. That's a new idea for me. Have you published that idea?
JA
I've published... not the link to Bitcoin, that paper that came out about coupling something to Bitcoin was just trying to address the DNS issue. But fortunately the guy who did it understood that... why just have quadtets? You know, why limit it to IP addresses? It's sort of natural in a way to make the thing so that it could go to any sort of expansion. But the idea for... that there should be this naming system and the importance of this naming system, the importance of preserving history and doing these scaffolds, and mapping out everything. Yeah, so that's on the site, under... I think it is part of one of the Hans Ulrich interview.
ES
I think we should study this quite a bit more so we generally understand it... so we might have a few more questions about it... The other comment I would make is that on the a**umption that what you are describing is going to happen someday is probable given that the incentive structure is...
JA
Well I've had these ideas several years but now I see other people are also getting into...
ES
Well there is enough people who are interested in solving the problem you are trying to solve. On the internet you see a lot of experiences. What I am thinking of is how would I attack it. How would I attack your idea. And I still think I would go after the signing and the key infrastructure. So if I can break the keys...
JA
There are different parts of the idea. So, if you publish some information or if you spread some information... this publishing thing is quite interesting as to whether when something has gone from not being published to being published its quite... interesting. So if you spread some information and you've got it well labeled, using a hash.
[chatter about food]
JA
That hash is important. It is something that has to spread in another way. So that is say by WikiLeaks signing the hash. But there is many ways for it to spread. I mean people could be swapping that hash in email. They could be telling each other on the telephone etcetera.
ES
You are saying that all of these systems are do not have a single point of attack, I can break down your HTTPS but you can still use the US postal service to send it, for example.
JA
Exactly, and you would know that you were getting the right thing, because of its naming it is completely accurate.
JC
I am just wondering, on the human side of this, you have such experience of the world you described earlier. I mean I had three hours sleep, so forgive me if I don't remember exactly what you said, but some combination of technical and altruistic people and what amounts to a kind of subculture that you've been in for some 15 years now.. So you know about how the subculture works. And that subculture needs to either I guess stay the same or expand in order to do the work that you are describing, and so since our book is about ten years away...
JA
It's dramatically expanded...
JC
What are the patterns there in terms of the people part, rather than the...?
JA
That's the most optimistic thing that is happening. The radicalization of internet educated youth. People who are receiving their values from the internet... and then as they find them to be compatible echoing them back. The echo back is now so strong that it drowns the original statements. Completely. The people I've dealt with from the 1960s radicals who helped liberate Greece and.. Salazar. They are saying that this moment in time is the most similar to what happened in this period of liberation movements in the 1960s, that they have seen.
JC
Do you see it scaling differently than it did in the 60s?
JA
And as far as what has entered into the West, because there are certain regions of the world I am not aware of, but as far as I am aware that -- and of course I wasn't alive in the 1960s -- but as far as I can tell, that statement is true. This is the political education of apolitical technical people. It is extraordinary, in the same way that the young...
LS
A-political? Do you mean one word?
JA
One word. People are going from... young people are going from apolitical to political. It is a very very interesting transition to see.
JC
How do you think... I mean this is your world why do you think that took place? I mean, why do you think it took place?
JA
Fast communication. Critical ma** of young people. Newer generation. And then some catalyzing events. The attack on us was a catalyzing event. And our defense... our success in defending was a catalyzing event. I don't know, do you remember the PGP case, and that grand jury with Zimmermann and so on?
ES
He had a lot of fun that with that.
JA
I wrote half a book on that. It was never published, because my cowriter went and had children.