Signing Devices from the Past to Future
Citizens should own, permanently, digital signing devices that allow us the power to prove our identities absolutely, and to sign and/or encrypt a document such as a ballot or a transaction.
Signing or authentication can never be achieved on somebody else’s hardware because obviously, their device might steal your password, snoop your document, etc.
Your signing device must be a monolithic thing with its own screen and pinpad (perhaps, similar to a cellphone.) It must allow the owner to receive, view and respond at least, with answers such as yes/no, 1,2,3,4, etc. The signing keys would be a gazillion bits, and would be encoded in the device in a region of silicon having no wiring or function to be changed from outside. The Screen and the Pinpad would be part of this unchangeable region of silicon. (Don’t let “engineers” tell you it can’t be done.)
Thereafter, the signing device might be valuable to anyone who stole it and who knows the code for unlocking it. Of course it might be worthless. Depending on the reputation of the signing key for honoring its contracts, over the past few years.
When citizens can assert their real identity over networks, it will be a different world. The barrier to this sort of device are not technical, but political and economic: every telecom company, software company, bank, government, etc. are dead set against it since they derive advantage from highly powerful computing and authentication within centralized systems. They derive no such control when the citizen is sovereign over our own computing devices.
The devolution of digital identity from central servers is inevitable. It allows persistent identity and reputation beyond the limits of one’s (pathetically small) circle of physical acquaintences. Humanity today would starve, without it slarge corporate enterprises. Today we are utterly helpless even for small exchanges, without paper and plastic money, and the banking, legal, and LawEnforcement “way” of doing things. We don’t get what we deserve. Half or more of our life’s economic resources are taken from us without accountability. The percentage varies — doesn’t it! The sum of all citizens is zero, counting winners and losers.
I’ve come to conclude there can never be adequate security on user-programmable PCs or hand-helds. It is impossible to use a computer to sign checks for example, if any hacker can cruise in, and steal your signature apparatus.
Software, hardware and network providers have such an overwhelming conflict of interest, I believe that identity as well as secure communications will have to come from a device *owned by the user*, probably including at least a PIN pad and screen within the trusted device.
There are obviously, some barriers to reform of today’s identity and authentication paradigm. I’m just going to recite three obvious things (you can skip:)
1. Some of today’s leading companies in financial services, software, telecommunications and media will be harmed financially by any devolution of authentication and reputation out of their control.
2. The power of government will also be affected i.e. some effects on the ability to collect taxes, and surveil communications would result if the freedoms we have in real space are allowed over distances. e.g. the natural ability to exchange currency or things of value, or to have private conversations.
3. Certain actors in those sectors, work actively to undermine privacy and security over networks. They fill the media with disinformation about hackers, stolen money, drugs, laundering, terrorists, etc. to protect the existing banking system, and actively undermine the usefulness of networks, fill them with SPAM and undermine the security and sovereignty of the user in many computing, network and radio hardware components.
Users will probably learn easily enough, that such a device contains not only a mere digital ID, but that it allows them to accumulate a reputation in the eyes of other people and institutions which is quite valuable, financially. As any valuable thing, they will positively safeguard it.
Accordingly, what is missing is the intellectual work of developing P2P reputation frameworks, in coordination with design of the handheld devices. The semiconductor industry will certainly produce the thing if there’s a market. A chicken and egg problem, compounded by an extreme disruption and cannibalization of other, larger markets.
The basic use case is sending a screenful of data (i.e. a contract) into the screen of the device for signature, as described in the MeT Peer to peer scenarios (ignore the telco “operator” scenarios.). The consortium spent megabucks, on UI standards for use of the screen on the TD so that the user would recognize the “Trusted Device” mode when it was presented by different manufacturers.
If PCs, phones, palms etc. are ever to be secure their content must be flowed thru a VPN or something, controlled by the user. How this is ever going to happen is beyond my expertise. I would like to see the handheld trusted device have two ports: LAN and WAN, for signing, encryption etc. and this has to be fairly idiot proof. As with the TD, the private keys would be created and managed in a security element and private keys would never leave the handheld device…
Here is how it might work in an ARAP cloud, when fully mature,
with robot settlement routers, “between your phone and mine:”At a Garage Sale:
He says, “ok I’ll buy it.” Turns on his Studly brand, signing device,
and and enters his 5-digit PIN code. BZZT He gets a little
nervous. If he keys it wrong 2 more times, his device will
erase its keys and certificates. He gets it right.He enters Local Currency LC$900 in his Studly. Points at the
product and snaps a .jpg picture, and presses SIGN.
(creating a legally binding, digitally signed promise to
pay. Perhaps, including the URI of his last-resort settlement provider
usu. a bank)She points her hippocrit at his device and scoops up the
promissory note. in 35 milliseconds it goes out over the
arapcloud, lookin for a home… 6 seconds later her SMS
beeps … — … A digitally signed receipt from her hairdresser
thanking her for her payment of LC$900 and her new balance
has been reduced to 32,100.At the same second, his Studly beeps.. a note from his
employer, that cc900 has been deducted from this week’s
paycheck, requesting signature to release (since he is a
belts and suspenders type of guy.. he setup his deducts
for immed confirm. every time…. )No bank. No server. No middleman. Just an open marketplace
of settlement routers, mostly robots, mostly free, operated by
all of us.Todd.
