Published
0 136 0
JC: Huh huh, huh huh huh ES: Hhm hm hm JC: Huh huh. Wow JA: Malaysia Today, run by a wonderful guy by the name of Raja Petra who, he has two arrest warrants out for him in Malaysia, he is based in London, but his servers can't survive in London, they are in Singapore and the United States. ES: But again, I get the, the, that's [indistinct] there are sites that participate in this? JA: Yes, we have some fourteen hundred, but those are... we have mirrors that are voluntary as well as ES: So they basically opt-in mirror sites. JA: They determine their own risks, we don't know anything about them, we can't guarantee that they are all trustworthy, etc, but they do increase the numbers. ES: You have been quoted in the press as saying that there is a much larger store of information that is encrypted and distributed. Is it distributed in those sorts of places? JA: No, that's an open... we openly distribute backups of... encrypted backups of materials that we view are highly sensitive that we are to publish in the coming year. ES: Got it. JA: Not as some people have said so that we have a "thermonuclear device" to use on our opponents. But rather so that there is very little possibility that that material, even if we are completely wiped out, will be taken from the historical record. ES: So, so and eventually you will reveal the key that is necessary to decrypt it. JA: No, ideally, we will never reveal the key. ES: I see. JA: Because there is things, like, so redactions sometimes need to be done on this material. ES: Sure. JA: So it's... our view is that the material is so significant that even if we released it as is, with no redactions, that the benefits would outweight the harms. But through redacting things we can get the harm down even more. ES: And I understand that. One more sort of tactical question for now. So, my simple explanation is that the tools will get better for an anonymous sender send to a distrustful recipient, and then this anonymous [noise] your describing. We will get to the point where the... a very large amount of people using such services for all sorts of reasons: truthful, lying, manipulation, what have you. The current technology used... basically, like FTP [indistinct] runners sent to you. Basically people will FTP something and then just sort of ship it to you. JA: No we have... we have lots of different paths. And that's quite deliberate. And we don't say which one is used more than which other one, because that means that investigative resources have to be spread across all possible paths. But they are from in-person, in the mail. Postal mail is still actually pretty good if you want to send anonymous stuff. Encrypt something to a key, if you think it might be intercepted on the way, send it from somewhere, it's still pretty good. Straight HTTPS uploads, although they are not actually sort of straight. But to the user it looks like they are straight. Behind the scenes all sorts of other stuff is going on. The biggest problem with computer security is not communication. It's end points. ES: Right. JA: And so dealing with end point attacks both on someone trying to send us information and more importantly if someone tries to send us information is themselves compromised, that's one compromise of one person. If our engine that receives information is compromised, that is a potential compromise of every person that is trying to send us material. ES: I guess I... I didn't ask my question quite right. If the... Is there some new technology which in your view would kind of materially change this simple model that I have about, of the vast increase of... JA: Yes! So I've... ES: So what are those technologies? JA: The most important one is naming things properly. If we are able to name some... a video file or a piece of text in a way that is intrinsically coupled to the information there, so that there is no ambiguity-- a hash is an example of this--but then there's variations, maybe you want one that human beings can actually remember. Then it permits this information to be spread in such a way where you don't have to trust the underlying networks. And you can flood it. ES: Why don't you have to trust the underlying networks? JA: Well because you can sign... you can sign the hashes. ES: You can sign the name as well as the content. JA: You can sign the hash. ES: You can sign the hash. JA: And that's the hash. If a name is like a hash. ES: So it's... it's unambiguous as to whether... JA: Yes. ES: You're basically saying you have a provable name... JA: Yeah. ES: As opposed to an alterable name. JA: And those sorts of mechanisms are evolving now. We have been using something like this internally, I've been writing a paper on it to try and make this a standard for everyone. But you can see they are actually evolving. If we look at magnet links... have you seen these? There is an enhancement of BitTorrent, which is a magnet link, and a magnet link is actually a hash. ES: Right right. JA: So it is hash addressing. It doesn't point to any particular server, rather there is a big hash tree.. a distributed hash, three over... I don't know how technical I should get... There is a big distributed hash tree over many millions of computers involved in thee hashtree, and many many entry points into this hashtree so it is very hard to censor. And the addressing for content is on the hash of the content. ES: Right so you are basically doing the hash as the address, and you do the addressing within the namespace to provide... so as long as you have a signed... JA: As long as you get the hash... ES: ...you can't hide it. JA: Well, there's a question as to you've got a name of something, you've got a hash, but what does that tell you. Nothing really, because it is not really human readable. So you need another mechanism to get the fact that that's important to you. ES: Sure. JA: And that is something like WikiLeaks signs that, and says that that is... ES: An interesting piece of information JA: ...an interesting piece of information, and we have verified that it is true. But that, once you feed that information into the system then it becomes very unclear how it got into the system. Well how do you get rid of it from the system? And if you do get rid of it, if someone does manage to get rid of it, you know for sure that it's been gotten rid of, because the hash doesn't resolve to anything anymore. Similarly, if someone were to modify it, the hash changes... JC: I was just gonna say, why wouldn't they just rename it, rather than... JA: They can't because the name is intrinsically coupled to the intellectual content. ES: I think the way to explain this... To summarise the technical idea is... take all the content in a document, come up with a number, so if the content is gone, the number doesn't match, show anything. And if the content has changed, the number doesn't compute right anymore. So it is an interesting property. JC: Mm hm. So... JA: So... ES: So how far are we from this type of system? JA: On the publishing end, the magnet links and so on are starting to come up. There's also a very nice little paper that I've seen in relation to Bitcoin, that... you know about Bitcoin? ES: No. JA: Okay, Bitcoin is something that evolved out of the cypherpunks a couple of years ago, and it is an alternative... it is a stateless currency. JC: Yeah, I was reading about this just yesterday. JA: And very important, actually. It has a few problems. But its innovations exceed its problems. Now there has been innovations along these lines in many different paths of digital currencies, anonymous, untraceable etc. People have been experimenting with over the past 20 years. The Bitcoin actually has the balance and incentives right, and that is why it is starting to take off. The different combination of these things. No central nodes. It is all point to point. One does not need to trust any central mint. If we look at traditional currencies such as gold, we can see that they have sort of interesting properties that make them valuable as a medium of exchange. Gold is divisible, it is easy to chop up, actually out of all metals it is the easiest to chop up into fine segments. You can test relatively easily whether it is true or whether it is fake. You can take chopped up segments and you can put them back together by melting the gold. So that is what makes it a good medium of exchange and it is also a good medium of value store, because you can take it and put it in the ground and it is not going to decay like apples or steaks. The problems with traditional digital currencies on the internet is that you have to trust the mint not to print too much of it. [laughter] JA: And the incentives for the mint to keep printing are pretty high actually, because you can print free money. That means you need some kind of regulation. And if you're gonna have regulation then who is going to enforce the regulation, now all of a sudden you have s**ed in the whole problem of the state into this issue, and political pushes here and there, and who can get control of the mint, push it one way or another, for particular purposes. Bitcoin instead has an algorithm where the anyone can create, anyone can be their own mint. They're basically just searching for collisions with hashes.. A simple way is... they are searching for a sequence of zero bits on the beginning of the thing. And you have to randomly search for, in order to do this. So there is a lot of computational work in order to do this. And each Bitcoin software that is distributed.. That work algorithmically increases as time goes by. So the difficulty in producing Bitcoins becomes harder and harder and harder as time goes by and it is built into the system. ES: Right, right. That's interesting. JA: Just like the difficulty in mining gold becomes harder and harder and harder and that is what makes people predict that there is not going to be a sudden amount of gold in the market, rather... ES: To enforce the scarcity... JA: Yeah, to enforce scarcity, and scarcity will go up as time goes by, and what does that mean for incentives in going into the Bitcoin system. That means that you should get into the Bitcoin system now. Early. You should be an early adopter. Because your Bitcoins are going to be worth a lot of money one day. So once you have a... and the Bitcoins are just... a Bitcoin address is just a big hash. It's a hash of a public key that you generate. So once you have this hash you can just advertise it to everyone, and people can send you Bitcoins, and there is people who have set up exchanges to convert from Bitcoin to US dollars and so on. And it solves a very interesting technical problem, which is how do you stop double spending? All digital material can be cloned, almost zero costs, so if you have currency as a digital string of numbers, how do you stop me... I want to buy this piece of pasta. [JA using lunch table objects] JA: Here is my digital currency and, now I take a copy of it. And now I want to buy your bit of egg. And then you go... and now I want to buy your radish! And you go, what? I've already got that! What's going on here? There's been some fraud! So there's a synchronization problem. Who now has the coin? So there is a point to point.. a spread network with all these problems, some points of the network being faster, some points of the network being slower, multiple paths of communication, how do you solve this synchronization issue about who has the currency? And so this is to mind actually the real technical innovation for Bitcoin, it has done this using some hashtrees and then a delay time, and then CPU work has to be done in order to move one thing to another so information can't spread too fast etc. OK, so, once you have a system of currency that is easy to use like that, then you can start to use it for things that you want to be scarce. What is the example of some things that we want to be scarce? Well, domain names. Names. We want names to be scarce. We want short names to be scarce, otherwise if they are not scarce, if it doesn't take work to get them, as soon as you have a nice naming system, some arsehole is going to come along and register every short name themselves. ES: Right. That's very interesting. JA: So this Bitcoin replacement for DNS is precisely what I wanted and what I was theorizing about, which is not a DNS system, but rather short names... short bit of text to long bit of text tuple registering service. Cause that is the abstraction of domain names and all these problems solved. Yes, you have some something that you want to register that is short, and you want to couple that to something that is unmemorable and longer. So for example, the first amendment, that phrase, the "US first amendment", is a very short phrase, but it expands to a longer bit of text. So you take the hash of this text, and now you have got something that is intrinsically coupled to that which is unmemorable. But then you can register "US First Amendment" coupled to the hash. And that then means you have a structure where you can tell whether something has been published or unpublished, you can... one piece of human intellectual information can cite another one in a way that... can't be manipulated, and if it is censored the censorship can be found out. And if one place is censored, well you can scour the entire world for this hash, and no matter where you find you know it is what you wanted precisely! ES: Right JA: So that, in theory, then permits human beings to build up an intellectual scaffold where every citation, every reference to some other part of human intellectual content, is precise, and can be discovered if it exists out there anywhere at all, and is not dependent on any particular organization. So as a way of publishing this seems to be the most censorship resistant manner of publishing possible, because it is not dependent on any particular mechanism of publishing. You can be publishing through the post, you can be publishing on conventional websites, you can be publishing using Bittorrent, whatever, but the naming is consistent. And same is for... publishing is also a matter of transferring, you can... all you then have to do is, if you want to transfer something anonymously to someone else, one particular person, you encrypt the information with their key, and you publish it.