Know 2019 Keynote

This time it’s war
Keynote address to Know 2019, Las Vegas, 25h March 2019.

[An edited version of this keynote appeared on Medium, 28th March 2019]

Know 2019 Las Vegas

I’ve said many times that we need an identity infrastructure that deals with the realities of this modern world, the world of the Nth industrial revolution (where N is 4, or 5, or something similar). As things go from bad to worse, we need this infrastructure be a government priority and we need the private and public sectors to come together to deliver it. And if they don’t want to, if you don’t want to, then you should be made to. I’m not standing here flattered to be asked to deliver this keynote because digital identity is about making life easier when you log in to your bank or to do your taxes. I’m here because it is far more important than that. Digital identity is vital national infrastructure

We don’t have long to get our act together and we are starting from scratch. In the UK we have no tradition of identity cards or national identification systems, or anything like it. To the British, national identification is “papers, please”: something associated with authoritarian tyrannies, France and wartime. And even in wartime, the idea of requiring people to hold some form of identification was regarded as so fundamentally incompatible with the customs and practices of Her Majesty’s subjects that the last British identity cards (from the first and second world wars, essentially) drew on what Jon Agar memorably labelled “parasitic vitality” from other systems such as conscription and food rationing. Identity infrastructure was created as a form of mobilisation against the enemies of the Realm and the chosen implementation, the identity card, was not an end in itself, but a means to support those other activities in to aid the war effort.

This dislike of identification as a State function is hardly unique to the United Kingdom. In America there are similarly strong opinions on the topic and the failure of the Australia Card back in 2007 stems, I think, from the same common law roots. These views of course stand in stark contrast to the views of almost all other nations of the world. The majority of people on Earth have some form of state identification and would find it impossible to navigate daily life without it. That doesn’t make the need to be identified by the state at all times either right or proper, by the way, but that’s a different discussion for another day.

If the development of national identity infrastructure is, however, only possible as part of a war effort… well, I have to tell you that we are at war. It’s just that this time we’re in a cyberwar and our identity infrastructure needs to support mobilisation across virtual and mundane realms. World War 3.0 has already started but a lot of people haven’t noticed because it’s in the matrix. There was no specific date when this war broke out and there is no conceivable Armistice Day on which it will end. Rather, as Bruce Schneier put it in his excellent book Click Here to Kill Everybody last year, cyberwar is the new normal.

(This will, unfortunately, make the war movies of the future rather dull. No more Dunkirk or Saving Private Ryan, no more The Dambusters or Enemy at Gate. Instead movies will be about solitary individuals sitting in dimly-lit bedsits typing lines of Perl or Solidity while eating tuna out of a can.)

The advent of cyberspace conflict is not because computers and communications technologies have only just reached the Armed Forces. Far from it: the very first computers were developed to compute ballistic trajectories and part of my young life was spent trying to work out how to use radio and satellite technologies to keep NATO systems connected after a first strike against command and control infrastructure, which is why talk of white noise jamming and direct-sequence spread spectrum transmission still gives me a shiver. But in those far-off days, the reason for knocking out the NATO’s IT infrastructure was so that you could then send tank columns through the Fulda Gap or drop the Spetsnatz into Downing Street. There were cyber aspects to war, but it wasn’t a cyberwar. Now it’s all out cyberwar and as historian Niall Ferguson said in his book The Square and The Tower, it’s war between networks.

(The early British response to this new state of affairs was comfortingly backward-looking. Back in 2013 there was a plan for the creation of a digital Home Guard made up from well-meaning volunteers to stand on the cyber-landing grounds to repel invasion.)

Now, I’m sure that behind the scenes the Department of Defense have been working around the clock to defend our payment systems and water supplies against foreign hackers but I do wonder if the insidious threat from the intersection of post-modernism and social media had as a high a priority? It should have done, because as it turned out the enemy stormed Facebook, not the Fulda Gap. We need a wall right enough, but we need it to around our data.

Marshall McLuhan saw this coming, just as he saw everything else coming. Way back in 1970, when the same Cold War that I played my part in was well under way, he wrote in Culture is our Business that “World War III is a guerrilla information war with no division between military and civilian participation”. Indeed. And as we are now beginning to understand, it is a war where quiet subversion of the enemy’s mental assets is as important as the destruction of their physical assets. Social media are creating entirely new opportunities for what The Economist referred to as “influence operations” (IO) and the manipulation of public opinion. We all understand why! In the future, “fake news” put together with the aid of artificial intelligence will be so realistic that even the best-resourced and most professional news organisation will be hard pressed to tell the difference between the real and the made-up sort.

Smart cyber-rebels will want to take over social media, just as rebel forces set off to capture the radio and TV stations first: not to shut them down, but to control them. The lack of identity infrastructure makes it easy for them: at least you could see when your favourite news reader had been replaced by a colonel in a flak jacket, but you’ve no idea who is feeding the “news” to your social media timeline. It’s probably not even people anymore. While writing these words I read of (yet another) complaint about social media companies doing nothing to control co-ordinated bot attacks. But how are they supposed to know who is a bot and who isn’t? Whether a troll army is controlled by enemies of the state or commercial interests? If an account is really that of a first-hand witness to some event or a spy manufacturing an event that never happened?

The need to tell “us” from “them”, real from fake, insiders from outsiders, attackers from defenders is critical and the lack of an identity infrastructure (as much as the creation of identity infrastructures that are too easy to subvert) leaves us open to manipulation. We need to create an effective infrastructure as a matter of urgency but it should not be framed in the context of a 20th-century bureaucracy responding to the urban anonymity of the industrial revolution by conceiving of people as index cards, but in a 21st-century context based on McLuhan’s notions of identity forged in relationships. We need to create an environment of ambient safety, where both security and privacy are strengthened, twin foundations for the structures we need to build to prevent chaos.

(America may or may not need a Space Force, but it most certainly needs a Cyberspace Force.)

So this is my challenge to you. This is a conference I take very seriously and an audience that I respect. I am looking to you to man the barricades. I want you to begin the process of assembling the infrastructure that we so desperately need, so that I can tell my e-mail package to ignore messages that say they came from bank but didn’t, my web browser to put a red border around “news” that does not come from a reputable, cross-checked source and set my phone to ignore tweets that come from bots rather than people.

If this all sounds over-dramatic: it isn’t. I think it is perfectly reasonable to interpret the current state of cyberspace in these terms because the foreseeable future is one of continuous cyberattack from both state and non-state actors and digital identity is a necessary building block of our key defences. I sincerely hope that over the next couple of days you will find new ideas, new ways of co-operating and perhaps even a new mission to protect and survive in this new era of amazing opportunities, astonishing threats and terrifying risks.

Thank you.

Feedback

Well, I’ve never appeared in a cartoon before (to the best of my knowledge) so my sincere thanks Richard Parry and “The Chaps” for their kind comment on this keynote. I should point out that I am well aware of the market failure around cybersecurity, but that’s a topic for another day!

Know 2019

 

The non-cartoon feedback was pretty good too!

And from the education day that preceeded the keynote…

Thanks y’all!

Crime of the (new) century

Here’s something that I’m surprised we don’t see more of. Pavel Lerner, the CEO of the cryptocurrency exchange Exmo Finance, has been released by kidnappers after the payment of a $1 million bitcoin ransom. According to the Financial Times, the Ukrainian interior minister specifically labelled the crime “bitcoin kidnapping and extortion”. I would have asked for Monero, rather than traceable bitcoins, but there you go.

Given the number of Bitcoin millionaires wandering around — I bump into them at every conference I go to these days — you would have imagined that the more enterprising and forward thinking members of the cosa nostra (the coder nostra, as I call them) were out in force. Stand around outside Consensus or Money2020 and bundle most anyone into a van and drive them off into the desert and you’re sure of a Bitcoin, Ripple, Ether or Bitcoin Cash payday. It’s a puzzle that this doesn’t happen all the time, although it’s entirely possible that it does and that I never get to hear about it because I’m not rich enough, just like those Silicon Valley sex parties.

So is kidnapping for cyber-ransom the defining crime of the 21st century? Actually, I suspect not. What if, rather than traditional money–related crimes such as kidnapping and extortion, there were much better crypto-crimes invented in parallel to the new forms of crypto-money made available by technology? Is there such a crime that is unique to this virtual world? Not a virtual shadow of a crime that has been around since year zero, but a wholly new crime for the virtual world? Actually, one such crime was invented many years ago. It’s the “assassination market” that I wrote about in “Before Babylon, Beyond Bitcoin“.

An assassination market is a prediction market where any party can place a bet (using anonymous crypto-currency through the TOR network) on the date of death of a given individual, and collect a payoff if they “guess” the date accurately. This would incentivise the assassination of specific individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject’s death.

Here’s how the market works. Someone runs a public book on the anticipated death dates of public figures. If I hate a pop star or politician, I place a bet on when they will die. When the person dies, who ever had the closest guess wins all of the money, less a cut for the house. Let’s say I bet a fiver that a specific TV personality is going to die at 9am on April Fool’s Day 2018. Other people hate this personality too and they put down bets as well. The more hated the person is, the more bets there will be.

April Fool’s Day comes around. There’s ten million quid bet on this particularly personality. I pay a hit man five million quid to murder the personality. Hurrah! I’ve won the bet, so I get the ten million quid and give half to the hit man. I don’t have to prove that I was responsible for the assassination to get the money and no-one can pin the crime on me because I paid the hitman in untraceable anonymous electronic cash as well: I’m just the lucky winner of the lottery. If someone else had bet 31st March and murdered the television personality themselves the day before, then it would only have cost me a fiver, and I would have regarded that as a fiver well spent.

This is a rather an old idea that originated, as far as I know, with Jim Bell, who back in 1995 wrote an essay on “assassination politics” that brought the idea to the popular (well, amongst a nerd subgroup) imagination. I suppose it was inevitable that the arrival of digital currency would stimulate thought experiments in this area and it was interesting to me then (and now) because it showed the potential for innovation around digital money even in the field of criminality. If I hire thugs to lure a cryptobaron to a hotel room and then beat him up to get a $1m in bitcoins from him (as actually happened in Japan recently), that’s just boring old extortion. If I use Craigslist to lure a HODLer to a street corner and then pull a gun on him and force him to transfer his bitcoins to me (as actually happened in New York back in 2015), that’s just boring old mugging.

 

Now, as I explained in the FT some years ago, Bitcoin is not a very good choice for this sort of cyber-criminality. It’s just not anonymous enough for really decent crimes or the darkest darknets. Hence my scepticism about the claims that Bitcoin’s long term value will be determined by malevolent money mischief. But as I explained to students at Winchester College last week, if there were to be an actually untraceable cryptocurrency then an assassination market is a much better bet for the coder nostra than the physically demanding felony of kidnapping.