From 3f3f2d269297841c4ddf9bedc528290af72fe0f4 Mon Sep 17 00:00:00 2001 From: Thomas Walker Lynch Date: Sat, 16 May 2026 15:09:04 +0000 Subject: [PATCH] . --- document/A2.html | 587 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 468 insertions(+), 119 deletions(-) diff --git a/document/A2.html b/document/A2.html index 94e8872..56779e2 100644 --- a/document/A2.html +++ b/document/A2.html @@ -1,4 +1,33 @@ @@ -24,7 +53,7 @@

Introduction

- Not long ago, there was no Internet, and a computer was typically installed in a physically secured facility. It is still the case today that ultimately computer security is built upon conventional security. This is something that Kevin Mitnick understood well and took advantage of. Kevin went so far as to dumpster-dive for passwords. He once walked into a building, into a manager's office, and copied information from an unattended terminal. We see conventional security issues today with lost phones, harvested ATM pins, and credit card theft. + Not long ago, there was no Internet, and a computer was typically installed in a room. During that computer security epoch, the facilities security was also the computer's security. It is still the case today that ultimately computer security is built upon conventional security. This is something that Kevin Mitnick understood well and took advantage of. Kevin went so far as to dumpster-dive for passwords. He once walked into a building, into a manager's office, and copied information from an unattended terminal. We see conventional security issues today with lost phones, harvested ATM pins, and credit card theft, etc.

@@ -32,10 +61,15 @@

- If a user could not reproduce one or both of his username and password, the user could not do any work on the computer, no matter how important or urgent that work was. The fear of being blocked from working caused many users to favor easy to remember passwords, or to write them down and place them into easily accessible places, such as next to a terminal. Thus began the ritual of administrators blaming users for not being more careful, when in fact the system was designed for failure. The typical reaction when the system fails? Force users to make harder to remember passwords. + If a user could not reproduce one or both, the user could not do any work on the computer, no matter how important or urgent that work was. The fear of being blocked from working caused many users to favor easy to remember passwords, or to write them down and place them into easily accessible places, such as next to a terminal. Thus began the ritual of administrators blaming users for not being more careful, when in fact the system was designed for failure. The typical reaction when the system fails? Force users to make harder to remember passwords. + The lost password problem led to the need for vulnerable password replacement policies.

-

The lost password problem led to the need for password replacement policies. Thus after an attacker bypassed conventional security, the would-be cybercriminal, informally called a hacker, would attempt to either: abuse the password replacement policy, find a way around logging in perhaps due to a software defect, or obtain a password. Common methods for obtaining a password were to be involved in a project and be given one, bribe or trick an a person involved in a project to share it, guess it, or steal it. Thus began the game of modern cybersecurity. +

Thus after an attacker bypassed conventional security, the would-be cybercriminal, informally called a hacker, would attempt to either: abuse the password replacement policy, find a way around logging in perhaps due to a software defect, or obtain a password. Common methods for obtaining a password were to be involved in a project and be given one, bribe or trick a person involved in a project to share it, guess it, or steal it. +

+ +

+ Thus began the game of modern cybersecurity.

@@ -43,11 +77,11 @@

- Due to data isolation, once an attacker broke into an account, the question would become one of how to break into other accounts on the same machine. Often this would entail breaking into an account with elevated permissions. Techniques included finding data that was not properly protected, or taking advantage of flaws in the system of authentication or isolation. These are known as exploits. Flaws could be due to human error in leaving sensitive data open to be read, or it could be due to finding a bug in the architecture or implementation. + Due to data isolation, once an attacker broke into an account, the question would become one of how to break into other accounts on the same machine. Often this would entail breaking into an account with elevated permissions. Techniques included finding data that was not properly protected, or taking advantage of flaws in the system. These are known as exploits. Flaws could be due to human error in leaving sensitive data open to be read, or it could be due to finding a bug in the operating system or other privileged software.

- Then computers started talking with each other over telephone lines using screechy voices. This brought with it all the problems of distant communications that had been known from long before computers, going back to the early days of the telegraph and Marconi radio. Wired Internet has similar properties to telegraph lines and radio, while cell communication is radio. + Then computers started talking with each other over telephone lines using screechy voices. This brought with it all the problems of distant communications that had been known from long before computers, going back to the early days of the telegraph and Marconi radio. Wired Internet has similar properties to telegraph lines and radio, while cell communication is radio. The Internet was not originally designed to be secure, so today it has been patched to keep communications private through the extensive use of public key cryptography. Whether ultimately this is a good approach remains to be seen.

@@ -59,23 +93,22 @@

- The Christmas Tree hack appears to be novel in three aspects, firstly that the damage was indirect. Instead of deleting or stealing data, it denied computer services to the company. Secondly, the damage was not intentional. The student who wrote it intended it to be cute. Thirdly, it required human participation to spread as a person had to open it, but this was not much of a problem, as who doesn't want to open a Christmas card from a friend during the holiday season? + The Christmas Tree worm appears to be novel in three aspects, firstly that the damage was indirect. Instead of deleting or stealing data, it denied computer services to the company. Secondly, the damage was not intentional. The student who wrote it apparently considered it to be innocent mischief. Thirdly, it required human participation to spread as a person had to open it, but this was not much of a problem, as who doesn't want to open a Christmas card from a friend during the holiday season?

- When such damage can be caused by accident, is the fault that of the person who caused it, or of the design of the software? Should we be thankful to be alerted to the software's faults? White Hat hackers are those who hack so as to find exploits before bad actors do. But then who is wearing a White Hat, and who is not? Legislation has been passed to make computer hacking without permission illegal independent of who did it or why, though a person would expect the issues raised here to affect the discretionary use of enforcement and judicial efforts. + When such damage can be caused by accident, is the fault that of the person who caused it, or of the design of the software? Should we be thankful to be made aware of the software's vulnerabilities? White Hat hackers are those who hack so as to find exploits before bad actors do. But then who is wearing a White Hat, and who is not? Legislation has been passed to make computer hacking without permission illegal independent of who did it or why, though a person would expect the issues raised here to affect the discretionary use of enforcement and judicial efforts.

- +

On this latter point, should legislation be used as an attempt to fix what are essentially technical problems? If legislation becomes an effective liability shield for industry, then there is no longer incentive to design secure computers. That in turn would lead to a population of computers as a whole becoming vulnerable. In such a situation problems would happen at scale all at once when more audacious hackers come on the scene, instead of happening little by little.

-

Industry faces many hurdles when securing their products. One of the bigger ones is that of coordination and standards, which often must result in open software. Government input is effective in this arena. I'm reminded of Constantine telling the Christian hordes to unify and compelling leaders to come to agreement at the conference of Nicea in 325. +

Who called the first telephone? Who will communicate with a server that has a new security protocol? Industry faces many hurdles when securing their products. One of the bigger ones is that of coordination and creation of standards agreed upon by a diverse set of players. This is a place where government imperatives for creating open standards can move things in the right direction.

-

- New forces have intensified and popularized the cybersecurity problem. These include the fact that there is a global Internet that was not designed to be secure, that e-commerce has become popular, and that the world economy has moved to an intellectual property basis so there is stiff competition among global companies and among the state institutions of the various countries. There still exist students such as the Christmas Card author who create mischief, the disgruntled employee, or the would-be thief. In addition there are now entire departments of state hackers and multinational organized crime groups involved. There are now teams of scammers in India, and complete companies of hackers for theft and profit in Turkey, and other places. There was a do-it-yourself software package for sale in Nigeria for scamming people. They enter Europe and the US, not through airports, but via the Internet. + New forces have intensified the cybersecurity problem. These have emerged due to the existence of a global Internet that was not designed to be secure, the existence of honeypots such as government databases, the prevalence of e-commerce, and the macro trend of the economy shifting to an intellectual property basis. In this latter case there is now stiff competition among global companies and among the state institutions of the various countries to know what each other are up to. There still exist students such as the Christmas Card author who create mischief, the disgruntled employee, or the would-be thief. However, in addition there are now entire departments of state hackers and multinational organized crime groups involved. As examples, there are teams of scammers functioning like call centers in India, and companies specializing in hacking for profit in Turkey. There was a do-it-yourself be-a-scammer software package for sale in Nigeria. State sponsored hackers from North Korea stole bitcoin from a major hub. A building of Russians were busy adding fuel to controversies in social media in comment sections. They enter Europe and the U.S, not through airports, but via the Internet.

@@ -91,14 +124,14 @@

- This brings us back to the question of the role of legislation. As noted above, government is most effective through gathering the parties and promoting standards. On the other hand, how effective can it be to bring a group of foxes together and ask them to adopt standards for protecting chicken coops? Clearly, legislation must define the goal, build in penalties for not achieving it, and require the inclusion of a diverse set of parties in standardization efforts. + This brings us back to the question of the role of legislation. As noted above, government is most effective through gathering the parties together and promoting standards. On the other hand, how effective can it be to bring a group of foxes together and ask them to adopt standards for protecting chicken coops? Clearly, legislation must define the goal, build in penalties for not achieving it, and require the inclusion of a diverse set of parties in standardization efforts.

E-commerce already brought us a credit card infrastructure. Pornography sites, for example, already limit access through credit card verification. However social media sites, such as Facebook, fear that if they place their services behind a pay wall, it will negatively impact their business.

-

It would not work to have young users to identify. What would have to be done is for all users to identify, then those who identify and are too young, or those who do not identify would be treated differently from those who identify are old enough. Registration would happen once, resulting in an old person certification token placed in the user's wallet, or even better from the point of view of industry, the token would identify the user. Presumably the wallet would be automatically queried via public key cryptography when visiting any website. +

It would not work to have young users self identify. What would have to be done is for all users to identify, then those who identify and are too young, or those who do not identify, would be treated differently from those who identify and are old enough. Registration would happen once per device, resulting in an 'this is an old person' certification token being placed in the user's wallet, or even better from the point of view of industry, the token would identify the user, then could be used to key databases for storing and retrieving advertising or other profile information on the user. Presumably the wallet would be automatically queried via public key cryptography when visiting any website.

In summary, we desire to be productive and have a good experience when computing and when online. With this goal in mind, cybersecurity professionals have developed a security stack consisting of the following layers (the first item being the base): @@ -127,7 +160,7 @@ Because sometimes security measures are misconceived, layers overlap, and technology changes quickly, some of the features found on the security stack will be security theater, defined as being measures taken that look protective, satisfy a checklist, or create an impression of safety, but do little to address the underlying threat. Examples include password rotation policies that force users to invent forgettable passwords, CAPTCHAs that waste seconds of human life while machines sail past, and identity checks that verify nothing but a credit card number stolen from the same dark web they claim to fight.

-

The stack is straining under the weight; when things do not go right, the productivity loss has become palpable. This is most apparent to those on the outskirts of our system, the very people who need help to engage, but they are being pushed away. We need simplification, not more layers. Yet, more layers are being called for. +

As a reader will learn from this white paper, the stack is straining under the weight; when things do not go right, the productivity loss has become palpable. This is most apparent to those on the outskirts of our system, the very people who need help to engage, but they are being pushed away. We need simplification, not more layers. Yet, more layers are being called for. As discussed later in this paper, there is a better alternative course.

The garden of golden flowers

@@ -170,11 +203,11 @@

Observed qualities of golden flower gardens

For a group to innovate, the contributors must feel comfortable to speak. -Groups can follow neutral rules of order; however when even a mild amount of intimidation is applied, the required chemistry will be suppressed. Intimidation can be physical coercion, censorship, social pressures, rewards or punishments for certain outcomes, or even something as simple as desiring to be somewhere else. +Groups can follow neutral rules of order; however when even a mild amount of intimidation is applied, the required chemistry will be suppressed. Intimidation can be physical coercion, censorship, social pressures, rewards or punishments for certain outcomes, attendees desiring to be elsewhere, or something as simple as subtle diversions being injected into discussions.

- In addition the following qualities tend to be present in productive groups. These are not requirements, but lacking any one of them drastically lowers the probability of success. + The following qualities tend to be present in productive groups. These are not requirements, but lacking any one of them drastically lowers the probability of success.

    @@ -187,7 +220,7 @@ Groups can follow neutral rules of order; however when even a mild amount of int
  1. - culture of sincere intent The group’s prevailing mood is that of a genuine desire to reach a better place. This is an emergent property of the group as a whole. A few cynics might even be a positive influence by bringing counterpoint and promoting discussion, while a gadfly, or even a bad-faith actor, if not too overbearing, can be worked around. + culture of sincere intent The group’s prevailing mood is that of a genuine desire to reach a better place. This is an emergent property of the group as a whole, and not required of all members. As examples, a cynic who does not set the tone might be a positive influence by bringing counterpoint and promoting discussion, while a gadfly, or even a bad-faith actor, if not too overbearing, can be worked around.
  2. @@ -200,7 +233,7 @@ Groups can follow neutral rules of order; however when even a mild amount of int

-A strange property of our universe is that it is often more difficult to find a solution to a problem, than it is to recognize that a proposed solution works. It is harder to reach into a pile, pull out a peg, and search the board for the right hole, than it is to see that the peg does or does not fit. A well known property of mathematical proofs is that it is more difficult to find a new one, than it is to walk through and check each step. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance. +A strange property of our universe is that it is often more difficult to find a solution to a problem, than it is to recognize that a proposed solution works. It is a pattern matching problem that takes some concentration when holding a peg to figure out which hole it should go into, and sometimes the person with the peg gets it wrong, and tries again. In contrast the peg either goes into the hole or it doesn't, some wiggling and rotation might be involved, but it is not a mental puzzle to be solved. A well known property of mathematical proofs is that it is more difficult to find a new one, than it is to walk through and check each step. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance. For the peg in the hole example, the success metric is that the peg drops in. For the proof example the success metric is that that every step is found to be sound.

A voting procedure is not a success metric. With voting a count is made of group members’ individual opinions of whether a proposal should be selected. Each member applies their own criteria, which can be subjective. Sometimes a success metric cannot be found or agreed on, and voting might be the best option for the group, but not having a predefined success metric reduces the probability that the group will form a garden of golden flowers. @@ -220,7 +253,7 @@ Such attacks can prevent any or all individuals from participating, deny them ac

-

Cases of security doing harm

+

Cases of security used to harm people

Unenlightened cybersecurity policies can do as much damage to the group dynamic as hackers. This section provides real world examples.

@@ -233,10 +266,10 @@ Such attacks can prevent any or all individuals from participating, deny them ac

Consider the case of an international bank on the east coast that advertises on their home page that they offer accounts to any American anywhere in the world. This makes good sense as many of their customers are in the military, military people are all over the world, and often times family members do the banking.

-

As noted in the introduction, many organized attacks come over the Internet from foreign countries, so some government servers, and company servers will reduce the threat exposure by blocking international traffic. The IT experts at said international bank were doing this exact thing. So one department advertised, ‘from anywhere’ while the IT department had simultaneously blacklisted some countries. Let us call this ‘Snafu 1’. +

As noted in the introduction, many organized attacks come over the Internet from foreign countries, so some government servers, and company servers, will reduce the threat exposure by blocking international traffic. The IT experts at said international bank were doing this exact thing. So one department advertised, ‘from anywhere’ while the IT department had simultaneously blacklisted some countries. Let us call this ‘Snafu 1’.

-

Sara, an American in a foreign country went to the site, and finding she was blocked, opened a VPN, then signed up for an account. She reasoned that perhaps they required VPN use, as how else would ‘Americans anywhere’ make sense? +

Sara, an American in a foreign country went to the site, and finding she was blocked, opened a VPN, then filled out an application for an account. She reasoned that perhaps they required VPN use, as how else would ‘Americans anywhere’ make sense?

But in fact, the bank did not support VPN access, quite the contrary. Let us call this ‘Snafu 2’. Upon logging in again to see the status of her application, the VPN use set off a security alert. She was asked to call to establish her identity. @@ -260,32 +293,36 @@ Such attacks can prevent any or all individuals from participating, deny them ac

- As a result of the KYC report, Sara’s brokerage sent notice saying they were terminating her account. They returned the funds to the linked account. The broker thought it the most prudent thing to do, as her identity was in question. When she asked why, they said, "by law we are not allowed to say." That is the telltale of a KYC report, as it is true, banks are supposed to keep records on clients and share them with other financial institutions, and they are by law not allowed to tell the clients what is in them. One by one, at other places where Sara had financial accounts, the companies asked her to update her information. + As a result of the KYC report, Sara’s brokerage sent notice saying they were terminating her account. They returned the funds to the linked account. The broker thought it the most prudent thing to do, as her identity was in question. When she asked why, they said, "by law we are not allowed to say." That is the telltale of a KYC report, as it is true, banks are supposed to keep records on clients and share them with other financial institutions, and they are by law not allowed to tell the clients what is in them. One by one, the other companies where Sara had financial accounts asked her to update her information.

-

I take as the moral of this story that lawmakers have not taken into account that human beings are realizing the dictates of their legislation, and human beings have good days and bad days. Also, each person was blessed by God with different talents. In some cases a person who was gifted with an analytical mind and went into security was not also gifted with high social IQ. All people, even those still recovering from childhood traumas, have jobs to pay the bills. And all this is modulated by corporate dynamics, which by themselves can be hard on people. +

Sara's experience demonstrates that lawmakers have not taken into account the fact that human beings are realizing the dictates of their legislation, and human beings have good days and bad days. Also, each person was blessed by God with different talents. In some cases a person who was gifted with an analytical mind and went into security was not also gifted with high social IQ. All people, even those still recovering from childhood traumas, have jobs to pay the bills. And all this is modulated by corporate dynamics, which by themselves can be hard on people.

-

In addition financial institutions now have a contradictory mission. On the one hand they serve customers and investors as a banking entity. On the other hand our government is forcing each of them to be a police agency. The natural result is an organization that does not do either well. +

In addition financial institutions now have a contradictory mission. On the one hand they serve customers and investors as a banking entity. On the other hand our government is forcing each of them to be a police agency, and as such to view customers with suspicion. The natural result is an organization that does not fulfill either mission well.

- The story of Sara is not an isolated incident. Many organizations, in their efforts to protect their systems, inadvertently block legitimate participants, damage trust, and damage golden garden dynamics. + Sara's experience is not an isolated incident. Many organizations, in their efforts to provide security are inadvertently blocking legitimate participants, damaging trust, and as a net effect, suppressing the required properties of having a golden garden.

GitHub’s "Too Many Requests" block

-GitHub is the premier meeting place for collaborating programmers, where they get together, ply their trade, improve by learning from each other, and often produce group intelligence level innovative software, and solutions to problems. GitHub is owned and maintained by Microsoft. +GitHub is the premier meeting place for collaborating programmers, where they get together, ply their trade, improve by learning from each other, and often produce group intelligence level innovative software. GitHub is owned and maintained by Microsoft. +

+ +

+ For over a year, GitHub users around the world reported seeing "Too Many Requests" errors during normal, low-volume browsing. Some users experienced attempting to following a link or opening a page, with no pattern of abuse, and yet still being blocked. There was no message saying "you’ve been blocked," so it was unclear to users what was happening. In fact, roughly half a percent of suspicious-fingerprint requests were blocked, and those blocks were absolute. There was no appeal, no explanation, no recourse, only a wall.

- For over a year, GitHub users around the world reported seeing "Too Many Requests" errors during normal, low-volume browsing. A person might follow a link or open a page, with no pattern of abuse, and still be blocked. Engineers later discovered the cause. Temporary abuse-mitigation rules that had been added during past emergencies were left in place long after the threats subsided. These rules used composite fingerprinting signals. During a crisis the signals were accurate, but over time they began matching completely legitimate logged-out users. Roughly half a percent of suspicious-fingerprint requests were blocked, and those blocks were absolute. There was no appeal, no explanation, only a wall. GitHub later apologized, noting that emergency controls "don’t age well as threat patterns evolve and legitimate tools and usage change." +Engineers later discovered the cause. Temporary abuse-mitigation rules that had been added during past emergencies were left in place long after the threats subsided. These rules used composite fingerprinting signals, and over time they began matching completely legitimate logged-out users.

- In terms of the garden, every blocked user was a seed that never sprouted. Some were open-source contributors, others researchers, students, or citizens accessing public code. The protections were silent and invisible, there was no message saying "you’ve been blocked," only an error. This is exactly the kind of sludge that pushes legitimate participants out of the commons, and it happens because security was deployed as a fire-and-forget switch, not a tended garden. The qualities of shared minimal basis of understanding and the comfort to speak were undercut: people couldn’t even enter the garden, let alone speak. And this happened on Microsoft’s watch, we aren’t talking about startup struggling to find resources. + In terms of the garden, every blocked user was a seed that never sprouted. Some were open-source contributors, others researchers, students, or citizens accessing public code.

The Bendigo Bank VPN lockout

@@ -298,8 +335,6 @@ GitHub is the premier meeting place for collaborating programmers, where they ge This is a perfect parallel to Sara’s experience. A legitimate customer using a privacy tool was treated as a criminal, subjected to Kafkaesque demands, and ultimately driven away. The bank’s security posture ‘VPN equals suspicious’, therefore ‘VPN equals guilty’ is the opposite of cultivation. It didn’t protect the garden; it salted the soil for anyone who values their privacy. The bank created security theater (virus scan, statutory declaration) that had no actual security value, purely to shift burden and liability. The culture of sincere intent was replaced with suspicion-by-default, and the comfort to speak was crushed.

-

There is another face mismatch case of a perfectly healthy man who works in high-tech not being recognized by ID.me, being initially rejected, and then not allowed to contact a human being there due a requirement of being recognized first, continuing over an 8 year period. The deadlock was finally broken only through the intervention of a Congresswoman.

-

When the face doesn’t fit

@@ -310,7 +345,10 @@ GitHub is the premier meeting place for collaborating programmers, where they ge This is security by blunt instrument excluding people on the fringes. Literally a camera that decides who looks human enough to participate. The garden loses more than diversity of awareness profiles; it loses entire populations. The facial recognition system was deployed with no consideration for edge cases, no fallback, no human override that respected dignity. It’s the security equivalent of a fence with no gate. And it’s not a hypothetical: real people are being told by machines that their faces don’t qualify. This destroys diversity and comfort to speak before a conversation even begins.

-

The harm done by byzantine security

+

There is another face mismatch case of a perfectly healthy man who works in high-tech not being recognized by ID.me, being initially rejected, and then not allowed to contact a human being there due a requirement of being recognized first, continuing over an 8 year period. The deadlock was finally broken only through the intervention of a Congresswoman.

+ + +

Byzantine security

The people of the Eastern Roman Empire called themselves Romans. The label "Byzantine" was applied retroactively in 1557 by the German historian Hieronymus Wolf. He needed a term to describe an empire that, over a thousand years, had mutated into a system defined by an impenetrable, suffocating labyrinth of administrative bureaucracy. Today, the word "Byzantine" describes a system so excessively complicated that it becomes hostile to the people navigating it. @@ -329,12 +367,17 @@ GitHub is the premier meeting place for collaborating programmers, where they ge

- When an administration uses extreme complexity, every citizen is inevitably in violation of a rule. What government and the technology industry is building today is the digital equivalent. As the security stack grows to eleven layers and beyond, it creates an architecture of Byzantine security. This is defined as a defensive framework so layered with opaque policies, automated compliance checks, and overlapping authentication demands that it ceases to be a protective barrier and becomes a mechanism of systemic exclusion. + When an administration uses extreme complexity, every citizen is inevitably in violation of a rule. What government and the technology industry is building today is the digital equivalent. As the security stack grows to eleven layers and beyond, it creates an architecture of byzantine security. This is defined as a defensive framework so layered with opaque policies, automated compliance checks, and overlapping authentication demands that it ceases to be a protective barrier and becomes a mechanism of systemic exclusion. +

+ +

+ As systems become more complex they keep out everybody, hence the architects of byzantine security systems can, and do, brag having kept out the bad guys. Further, bureaucrats who work for years within a byzantine system become to sole purveys of knowledge, and they are empowered by this.

- The negative consequence of Byzantine security is the creation of a digital underclass. Those who cannot perfectly navigate the eleven layers of the stack are pushed to the outskirts of the network. They are silently exiled, their accounts locked, and their communications severed. When a system prioritizes an impenetrable checklist of security theater over human usability, it methodically sterilizes the network, deliberately cutting off the very group intelligence that makes the system valuable in the first place. + The negative consequence of byzantine security is the creation of a digital underclass. Those who cannot perfectly navigate the eleven layers of the stack are pushed to the outskirts of the network. They are silently exiled as their accounts are locked, and their communications with the system are severed. When a system prioritizes an impenetrable checklist of security theater over human usability, it methodically sterilizes the network, deliberately cutting off the very group intelligence that makes the system valuable in the first place.

+

How experts think about safety

Linear risk

@@ -347,7 +390,7 @@ GitHub is the premier meeting place for collaborating programmers, where they ge

- Here ti is the probability of the event and ci is the cost. As an example, consider that there is a 0.2 probability that a person forgot their password, and it will cost 900 seconds to recover it. (Here 0.2 is 20%, 1 out of 5 times). There is a 0.1 probability that a person made a typo in the user name which results in 45 seconds of time to figure out. There is a 0.3 probability that a person will type the password wrong, costing 15 seconds. There is a 0.05 probability that a person will get the password wrong 3 times and be locked out for a day, and thus a 0.65 chance that they type it correctly, taking 5 seconds to log in. + Here ti is the probability of the event and ci is the cost. As an example, consider that there is a 0.2 probability that a person forgot their password, and it will cost 900 seconds to recover it. (Here 0.2 is 20%, 1 out of 5 times). There is a 0.1 probability that a person made a typo in the user name which results in 45 seconds of time to figure out. There is a 0.3 probability that a person will type the password wrong, costing 15 seconds. There is a 0.05 probability that a person will get the password wrong 3 times and be locked out for a day, and thus leaving a 0.65 chance that they type it correctly, taking 5 seconds to log in.

@@ -366,11 +409,11 @@ GitHub is the premier meeting place for collaborating programmers, where they ge

- Cybersecurity engineers almost always base their cost estimates on the normal mode time, here 5 seconds, rather than the actual expected cost, here 4334 seconds. + Cybersecurity engineers almost always base their cost estimates on the normal mode time, here 5 seconds, rather than the actual expected cost, here 4334 seconds. This gives decision makers a skewed picture of the actual situation.

- If this login model is implemented across millions of people, a person would hope the company is protecting more than the aggregate login cost per user, otherwise they are costing users more than the value they hold on the system. However, as normal mode times are being used, this is what is happening. + If this login model is implemented across millions of people, a person would hope the company is protecting more than the aggregate login cost per user, otherwise they are costing users more than the value they hold on the system. And indeed as normal mode times are being used, they are indeed costing users time and money.

Catastrophic failure

@@ -379,29 +422,29 @@ GitHub is the premier meeting place for collaborating programmers, where they ge

- P = 1 - Π (1 - p(ti)) + C = 1 - Π (1 - ti)

- Here p(ti) again represents the probability that a specific failure ti could happen. P is then the probability that the system will fail due to any one of the independent parts ti failing. The symbol Π means to take the product. + Here ti again represents the probability that a specific failure ti could happen. C is then the probability that the system will have a catastrophic failure due to any one of the independent parts ti failing. The symbol Π means to take the product.

- As an example, consider a small business where a Wi-Fi password gets guessed with probability p(t1) = 0.02, the manager clicks a scam email with probability p(t2) = 0.10, and a thief sneaks into the back room with probability p(t3) = 0.01. + As an example, consider a small business where a Wi-Fi password gets guessed with probability t1 = 0.02, the manager clicks a scam email with probability t2 = 0.10, and a thief sneaks into the back room with probability t3 = 0.01.

- P = 1 - (1 - 0.02)(1 - 0.10)(1 - 0.01) - P = 0.13 + C = 1 - (1 - 0.02)(1 - 0.10)(1 - 0.01) + C = 0.13

There is a 13% probability that the system will be compromised. That is far higher than would normally be tolerated for a catastrophic risk. Here the biggest contributor was the human variable.

- This is called the failure equation. Notice that it scales exponentially with the number of terms, making it disproportionately more difficult to drive the total failure rate down as systems grow more complex. For a small, simple computer system it is possible to reach P = 0, but even then it is exceedingly difficult and expensive to do so, and in most cases few experts would believe it had actually been achieved. When it comes to security, small and simple is not only beautiful, it is the only hope. + This is known as the failure equation, and what we did here is called failure analysis. Notice that the equation scales exponentially with the number of product terms, making it disproportionately more difficult to drive the probability of system failure into very law numbers as the system grows more complex. For a small, simple computer system it is possible to reach C = 0, but this is exceedingly difficult and expensive to do, and in most cases few experts would believe it had actually been achieved. When it comes to security, small and simple is not only beautiful, it is the only hope.

- The scenario of small and simple is unlikely to be found for a system that serves the general public. Most security engineers simply implement existing protocols. Those protocols use algorithms that we assume to be formally proven to be correct, although that is often not the case, and it is certainly not the case for common algorithms used on the Internet. Even for correct security protocols that are correctly implemented, hackers have consistently found physical ways to vary timing, monitor power consumption, or grind the tops off chips to break into systems. + A stack of 11 interacting complex security protocols is neither small nor simple. Most systems engineers pull existing software off the shelf and stack it up. Those protocols use algorithms that we assume to be formally proven to be correct, although that is often not the case, and it is certainly not the case for common algorithms used with the Internet. Even for correct security protocols that are correctly implemented, hackers have consistently found creative ways to get around them, in cases by varying timing, monitoring power consumption, or grinding the tops off chips.

The role of perspective

@@ -409,7 +452,7 @@ GitHub is the premier meeting place for collaborating programmers, where they ge It is typical that fraud cases act as linear risk failures from a credit card company's point of view, as they statically plan for some fraud to occur every year. However, those exact same risks are viewed as a catastrophic failure from the individual card holder's point of view. The entire purpose of insurance is to put card holders into the same boat as their card companies.

- Computer security is almost always treated as an uninsured catastrophic risk situation. There is typically no contract with users, and legally there sometimes can be no contract, to make up for losses after a security lapse. + Computer security is almost always treated as an uninsured catastrophic risk situation. There is typically no contract with users to make up for losses after a security lapse.

Dynamic risk profiles

@@ -417,14 +460,6 @@ GitHub is the premier meeting place for collaborating programmers, where they ge In computer security, a single failure acts as a contagion rather than an isolated event; it spreads like a disease. It is assumed that once an attacker has figured out a way in, the attacker will scale that solution mechanically or sell it on the dark web. Consequently, once a failure occurs, the catastrophic failure equation changes, with a near 100% probability of repeat for the failure term.

-

The security paradox

-

- Most security systems are breakable or bypassable in the face of extreme innovation and effort. Once broken, an organization starts adding layers of friction on its way to the Marianas Trench. -

-

- Good-intentioned users do not expend effort to break systems. In contrast, bad actors do. Thus, the trend over time is for security to severely hurt the productivity of good people, while bad actors make use of hard-won know-how to easily bypass it. -

-

Emergent properties from secure systems

The Marianas Trench paradigm

@@ -462,65 +497,94 @@ GitHub is the premier meeting place for collaborating programmers, where they ge Security fixes are often difficult to apply because an insecure system has a high probability of having become compromised. Patching a system that has a backdoor installed on it will result in a patched system with a backdoor. If data has been stolen, no patch can take the stolen data out of the hands of those who took it. Furthermore, customer support can typically do little or nothing, as security features often cannot be turned off.

-

Engineers build things, leaders provide vision

- -

The biometric fallacy

+

The security paradox

- The startup Pay By Touch incinerated $130 million on the premise that fingerprints are passwords. Yet sounding like a cool tech was enough to command a lot of funding. + Most security systems are breakable or bypassable in the face of extreme innovation and effort applied over a long period of time. Also, with time, built in bugs tend to be discovered, and new ones tend to accidentally inserted with updates.

- The physical reality: A person leaves their "password" on every water glass, door handle, and table they touch. Security engineers design to specifications and can lose sight of the forest for the trees. They can build a mathematically perfect verification algorithm while remaining structurally blind to the physical reality that the "secret" is being left on a restaurant table. Leaders provide common sense vision. If a person is a leader, they should not be afraid to ask questions about the base metrics of performance and expect answers that they understand. + Good-intentioned users do not expend effort to break systems. In contrast, bad actors do.

-

The technician's crouch

-

- In 1996, at a presentation to the SBC board, a man proposed a smartphone technology investment. One of the board members invited their "tech guy" to "interpret." Feeling his expertise was being challenged, the technician argued defensively that phone switches were the future and smartphones were a fad, merely because switches were what he understood. Two years later, the switch-centric giants like Nortel went into bankruptcy, and the world moved to the smartphone. +

Consequently the trend over time is for security to severely hurt the productivity of good people, while bad actors make use of hard-won know-how to easily bypass it.

-

- Technicians optimize for the survival of their current tools and silos. They are rarely big-picture visionaries. Lawmakers must trust their common-sense judgment, and expect entrenched technology interests to propose further entrenchment. The goal is structural architectural integrity for the economy, rather than adding more layers that make life difficult for a person. + +

The primrose path

+ +

When an security fails for an organization, the tendency is to add weight or complexity to that same protocol. The new additions then must be secured. This process eventually leads to the Mariana Trench, which is at the end of the primrose path.

+ +

Consider the example from the introduction. Users reasonably chose simple memorable passwords so they wouldn't chance the high cost of forgetting a password and being blocked from working. Then instead of questioning the protocol, security engineers responded by adding password check filters that forced users to use even longer harder to remember passwords. When, that that didn't work out well, password managers were added. But that created the issue of securing the password manager. This usually involves public key cryptography, and special operating system features. These features then must be tested and maintained. But how is the maintenance to be done? If anyone can post an update to a password manager, then the password manager will not be secure. Hence, there must be a secure update system with special features for sensitive software. But the updates system is part of a larger problem of administering a network of computers. Grab a thread at any part of that chain, and pull on it, and the whole of it becomes unraveled.

-

The coming security apocalypse

-

The writing on the wall: public key cryptography is doomed

+

Where is the commonsense?

+ +

The biometric fallacy

- All security today is built over communications that are secured by public key cryptography. There is no formal proof for any public key cryptography algorithm in use today that demonstrates at a computation theoretical level it actually works. + The startup Pay By Touch incinerated $130 million on the premise that fingerprints are passwords. Sounding like a cool tech was enough to command a lot of funding, and more came after that.

-

- Thus, catastrophic failure could arrive at any hour, and then all security on the Internet, current ID schemes, bitcoin, etc. would be broken. This lack of proof problem speaks to public key cryptography at the most fundamental level, and thus applies to existing hardware, software, and systems. + +

If a fingerprint is a password, then a person leaves their "password" on every water glass, door handle, and table they touch. How is was that supposed to work?

-

- The above analysis is the situation today independent of quantum computing. That is another kettle of fish. When quantum computing comes online, Shor’s algorithm will break all of public key cryptography, proven or not. What are legislators planning to do, take police authority over all quantum computers? + +

I hope readers will think about this, especially the non-technical among you. There is expensive important lesson here. There is a place for commonsense in security discussions. Investors and legislators alike should not fear asking commonsense questions, and getting answers back that they can understand.

-

Biometrics are security theater

+

Ok, so fingerprints are not a great idea, so we should move to faces? +

+ +

Building to spec versus envisioning the future

- Fingerprints are left on door knobs and glasses. A fingerprint cannot be used as a secure password. Our faces are shown in public and in modern times are captured by cameras in buildings, on street corners, through the front windshield when we drive under traffic cameras, and by anyone who gets within a few hundred meters and can take a snapshot. + In 1996, at a presentation to the SBC board, a man proposed a smartphone technology investment. One of the board members invited their "tech guy" to "interpret." Feeling his expertise was being challenged, the technician argued defensively that phone switches were the future and smartphones were a fad, merely because switches were what he understood. Two years later, the switch-centric giants like Nortel went into bankruptcy, and the world moved to the smartphone.

- Generative AI is already a reality and a practical technology. With generative AI a signal with a life-like model can be created and given to a computer in place of a camera output. Today there is no long-term secure biometric system. + Technicians know how to build to spec, the good ones are good at it. Of course everyone reads the tech sections of news, and see a lot of exciting things coming. However, that does not make them into big-picture visionaries. Lawmakers must trust their common-sense judgment, and expect entrenched technology interests to propose further entrenchment. The goal is structural architectural integrity for the economy, rather than adding more layers that make life difficult for a person.

-

Why do we want to ID computer users

+ + +

The coming security apocolypse

+ +

Public key cryptography: a house built on sand

+

+ Almost all security today is built over communications that are secured by public key cryptography, specifically relying on algorithms like RSA and Elliptic Curve Cryptography (ECC). However, there is a unadvertised disturbing fact: there is no formal computation-theoretic proof that these systems actually work. +

+

+ These legacy systems rely on trapdoor functions—mathematical operations that are easy to perform in one direction but assumed to be impossibly hard to reverse without a key. Yet, there is no proof that a computationally reasonable inverse function (a polynomial time algorithm) does not exist for these specific problems. The security of the global digital economy rests entirely on the assumption that because no one has publicly found a fast way to reverse these functions, that no such method exists. If a person, or a state intelligence agency, discovers such a mathematical shortcut, the trapdoor vanishes, and then ssh, bitcoin, network privacy, are instantly broken. +

+

+ This catastrophic fragility exists independent of quantum computing. However, when large-scale quantum computing comes online, Shor’s algorithm will mathematically annihilate the integer factorization and discrete logarithm problems that underpin RSA and ECC. While the industry is attempting a massive, highly vulnerable migration to Post-Quantum Cryptography (such as hash-based or lattice-based algorithms) to survive Shor's algorithm, the transition itself introduces immense new attack vectors and maintenance burdens to an already overloaded security stack. +

+ +

Biometrics are security theater

+ +

+ The fundamental architectural error of biometric security is treating a public biological identifier as a private cryptographic key. A password is a secret; a face or a fingerprint is a public broadcast. We leave our fingerprints on every doorknob and glass we touch. Our faces are captured continuously by security cameras, traffic systems, and anyone with a smartphone who walks within fifty meters of us. Using a public attribute to lock a private system is the definition of security theater. +

+ +

+ Unlike a password, which is mathematically deterministic—meaning it is entirely correct or entirely incorrect—biometric authentication is probabilistic. The hardware takes a noisy biological sample and makes a statistical guess as to whether it matches a stored template within an acceptable confidence interval. Because it is a guess, the system will inevitably generate false negatives. When a deterministic password fails, a person can type it again. When a probabilistic biometric system decides a person does not match their own face—as happens frequently to people with facial differences or aging features—it creates an unresolvable administrative deadlock. The person is digitally exiled by an algorithm making a bad guess. +

+ +

+ The technology industry claims that sensors will improve to fix these error rates, sometimes proposing invasive alternatives like retina scans to guarantee identity. However, this ignores the fatal structural flaw of remote authentication. Over the Internet, a server does not authenticate a physical face or a physical eye; it authenticates a digital signal sent from a remote device. +

+ +

+ Generative AI has already rendered this security paradigm obsolete. An attacker does not need to resort to physical violence to steal a fingerprint or an eyeball. With practical, off-the-shelf generative AI, a highly accurate, life-like synthetic model can be created and injected directly into the data stream, acting as a virtual camera or a virtual fingerprint reader. The server receives a mathematically perfect biometric signal, bypassing the physical sensor entirely. Consequently, there is no long-term viability for any remote biometric security system. +

+ + + +

Why we want to ID people

Policing money

A product of the 1970s War on Drugs. To stop the outflow of illicit payments, the state began monitoring the movement of value. This transformed the bank from a private vault into a state monitoring station. All money being transferred had to have a name attached to it.

-

Citizenship-based taxation (CBT)

-

- The United States is one of only two nations that utilizes Citizenship-Based Taxation (CBT) instead of Residency-Based Taxation (RBT). Because the IRS must track every dollar a citizen touches globally, the US is the lead architect of the global financial "Phone Home" system. This requires every bank on the planet to report on American dealings (FATCA). -

-

- This structural requirement is the hidden driver for an interoperable, global digital ID. Every dollar holder is now a suspected of being a money launderer, a drug dealer, or a tax-evading "sneak." In a CBT world, the source and identity of the money are more important to the state than the payment itself. We secure the portal to pay taxes, not because the account holder wants to prevent others from paying his or her taxes, but rather because the government needs to know where the money came from. -

- -

Individual revenue taxation

- +

Database stability

-

At the critical point before instability

-

Earlier in this white paper, I mentioned the Stasi, who had files on one third of East German citizens. Civics teachers used to present that fact as though it were horrific, but it is child's play relative to the amount of documentation we are keeping on U.S. citizens today. +

Our civics teachers lamented that the East German Stasi had files on a third of all citizens. That is child's play relative to the amount of documentation we are keeping on U.S. citizens today.

@@ -584,6 +648,12 @@ GitHub is the premier meeting place for collaborating programmers, where they ge Corporate submissions, quarterly/annual financial filings. Publicly exposes the financial footprints and corporate affiliations of executives and major shareholders. + + Fusion Centers (DHS / Local / Private) + Suspicious Activity Reports (SARs), social media scraping, ALPR (license plate) logs, and bridged commercial data. + The ultimate "Aggregation Sinkhole." Operates in a jurisdictional gray area to fuse local policing with federal intelligence, transforming unverified legal behavior into permanent, shared threat profiles. + +

@@ -636,7 +706,29 @@ GitHub is the premier meeting place for collaborating programmers, where they ge

- Monotonic failure: each database is a honeypot, and once data is stolen, the damage cannot be undone. The KYC/Fraud database point is particularly chilling for a Congressional briefing because it highlights a system where the citizen has zero due process, they are judged, convicted, and digitally exiled by a black box they have zero permission to look inside. + Note, that each of these databases is a honeypot, and once data is stolen, the damage cannot be undone. The KYC/Fraud database point is particularly chilling because it highlights a system where the citizen has zero due process. A bureaucrat can judge, convict, and digitally exile a person using a database that the person has zero permission to look inside. +

+ +

Citizenship-based taxation (CBT)

+

+ The United States is one of only two nations that utilizes Citizenship-Based Taxation (CBT) instead of Residency-Based Taxation (RBT). Because the IRS must track every dollar a citizen touches globally, the U.S. is the lead architect of the global financial "Phone Home" system. This requires every bank on the planet to report on American dealings (FATCA). +

+

+ This structural requirement is the hidden driver for an interoperable, global digital ID. Every dollar holder is now a suspected of being a money launderer, a drug dealer, or a tax-evading "sneak." In a CBT world, the source and identity of the money are more important to the state than the payment itself. We secure the portal to pay taxes, not because the account holder wants to prevent others from paying his or her taxes, but rather because the government needs to know where the money came from. +

+ +

Individual revenue taxation

+ +

For a nation to tax an citizens' and residents' income, they must be able to verify what that income is. Initially this was done by having companies and contracting entities to report salaries and contract amounts to the IRS, a copy of that report is sent to the individual, and the individual must also send his copy to the IRS, so that the IRS can also verify the sent the report. +

+ +

Now that the government polices money, they are able to see financial transactions at banks. In theory this could replace the old system, but instead both are done. Any descrepencies are then used as signals for triggering audits. +

+ +

Each person is then given a tax account. This tax account is accessible online. The digital ID then ties all of this together. Note that the each individual has a social security number, and those numbers are used to key database records, but they lack the security and privacy required to be used as an ID. +

+ +

The next step for this system appears to be that of central bank digital currencies, where every transaction is an SQL command on a database. The government would then, in theory, have awareness of all transactions, and the capability to force their own transactions.

International scammers

@@ -644,9 +736,73 @@ GitHub is the premier meeting place for collaborating programmers, where they ge Though we police money internationally, to the great consternation of out of jurisdiction banks, many of whom will no longer serve Americans, quizzically we take no enforcement action on international scammers who steal from our senior citizens through phone calls and spam mail. Russian hackers who were found creating conflict on the Internet. By IDing those on the Internet, we can deny access and prevent bad actors from entering the ecosystem in the first place.

-

Current ID efforts

+

Public no longer means public

+ +

When a person logs into a server, the user name, prior provided credit card information if any, and user preferences determine how the server will interact with the user. But this is not the complete picture, rather how does a server decide who is allowed to sign up for an account in the first place? +

+ +

Up to this point in time commercial servers on the Internet have been open to the public, with few refinements to this. A person goes to Google, does a search, finds a server offering the services he or she wants, clicks the link, then opens an account. Within the limits of paid tiers of services, once opened, any account presents the same dashboard and options as any other account. +

+ +

+ Profiling for targeted advertising is one of the refinements. In this case, different people are shown different ads based on their profiles. A shopping site might lead off with different entry points into their catalog. The catalog will be the same for everyone, but they want to help you find things in it more easily. This is accomplished by profiling users and selling that data to data brokers, who then collate the data, and selling it back to marketing firms who generate targeted ads. +

+ +

+ Another refinement is for regions. A person who travels often probably doesn't even like this refinement, but sites accessed from different regions might come up in different languages, have different currency settings, and have region specific catalogs. This is accomplished by checking the IP address of the client who accesses the server, and then looking that IP address in a geolocation database. +

+ +

+ The next step down the primrose path was to use the features for automatically selecting a clients region to enforce regional taxation laws on clients. This is important now that so much commerce has moved to the Internet. Another factor is that heavily indebted nations are highly concerned not to miss out on taxes as they need the revenue. Hence, many commercial servers will enforce the use of only credit cards and contact information that matches the region setting. Thus, a exchange student in France will be blocked from paying for a gift for his mother in the United States if he tries to pay for it with a U.S. credit card. PayPal will not allow a person with a U.S. telephone number to use a French credit card to buy boots from specialist boot maker in Columbia. Etc. +

+ +

We are now being asked to take this one step further. We want websites to differentiate service depending on the age of the person who requests an account, separately from the credit card system.

+ +

The fear: digital authoritarianism

+ +

+ Historically, authoritarian regimes maintained control through physical violence and the direct intimidation of the individual. In a society where participation in the economy, discourse, and basic civic life is gated by digital systems, control can instead be achieved entirely in the digital domain. +

+ +

+ Digital identity and centralized infrastructure provide the state, and its corporate proxies, the power of digital exile. An observer can already see the precursors to this phenomenon in recent history, where infrastructural chokepoints were used to enforce compliance and silence dissent. +

+ +

+ Consider the freezing of bank accounts during the Canadian trucker protests. This event demonstrated a centralized authority using the digital financial infrastructure to deny people the ability to participate in the economy. Similarly, in the United States, Operation Choke Point saw the Department of Justice pressure financial institutions to cut off services to specific, entirely legal industries that the administration found politically unfavorable. Banks, fearing regulatory audits, closed the accounts of these businesses, enforcing a digital exile without legislative due process. +

-

Base categorizations of ID technology

+

+ Crucially, this power is also exercised directly by corporate entities through digital domination. In 2022, PayPal introduced an update to its Acceptable Use Policy that explicitly granted the company permission to debit $2,500 directly from a user's account if the company determined a person was spreading misinformation. Though retracted after public backlash, it demonstrates the technical capability and the corporate willingness to automatically penalize speech using financial infrastructure. +

+ +

+ This corporate gatekeeping extends to complete financial excommunication. In 2023, British politician Nigel Farage had his accounts closed by Coutts bank. Internal documents later revealed the institution closed his accounts because his political views did not align with their "corporate values", a concept not normally associated with corporations. A high-profile individual was financially exiled by a centralized institution specifically because of his social and political speech. +

+ +

+ This raises a fundamental question. Is authoritarianism abhorrent merely because of the use of violence? Or is the totalizing level of control it exerts the true danger, and violence an abhorrent means? Now there is a new means. As a person adds layers to the security stack, the architecture risks facilitating a digital authoritarianism. As with its violent analog, it covers the garden of golden flowers with a killing frost. +

+ + + +

Evolution of ID technology

+

+ Based on concepts of bureaucracy, mandated expense, and the biometric fallacy, we are looking at Dante's 7 Levels of ID Heck: +

+ + +

Current digital ID efforts

+ +

Technonlogy catagories

@@ -682,7 +838,7 @@ GitHub is the premier meeting place for collaborating programmers, where they ge
-

State sanctioned ID efforts

+

State sanctioned efforts

@@ -744,49 +900,249 @@ GitHub is the premier meeting place for collaborating programmers, where they ge - +
Apple/Google Wallets (mDL)US (General)U.S. (General) Public Key (SE) The Mandated Shackle. Gives Silicon Valley monopoly control. Vulnerable to supply chain hardware attacks.
-

A house built on sand

- Every one of these technologies collapses under the scenario where identity is proven via credential data that can be observed and duplicated, because any system relying on a replicable digital signal structurally fails to distinguish a legitimate human being from a perfect mathematical or physical simulation. + Proponents of these initiatives routinely assure the public that the data will be secured by advanced encryption and strict access controls. However, architectural history proves that when a state centralizes identity, it creates an irresistible honeypot. Catastrophic failure has occurred in virtually every jurisdiction attempting to mandate digital IDs:

+ + + + +

Proposed legislation

- Even Public Key Infrastructure (PKI) falls victim to this structural failure because it merely replaces a physical secret with a mathematical one, while still transmitting the proof across the same channel as the data. Possession does not equal identity: A public key system proves that a person possesses a private key; it does not prove who that person is. If an attacker uses a memory injection to scrape a private key or intercepts the signing process, the resulting bit-stream is mathematically perfect. + The following bills represent the current trajectory of federally funded digital identity infrastructure, alongside legislative counter-efforts. When viewed through the lens of architectural security and historical failure, these proposals highlight the ongoing tension between expanding the security stack and preserving civil liberties.

+ +

Expanding the infrastructure

+ +

The Stop Identity Fraud and Identity Theft Act (H.R. 7270)

+ + + + + +

Improving Digital Identity Act (S. 884 / H.R. 4258)

+ + +

Emerging Digital Identity Ecosystem Report Act (H.R. 1925 / H.R. 8658)

+ + +

Counter-Legislation: Limiting the security stack

- The server has no capability to distinguish between the rightful owner and a thief because the "signal" of identity is merely another string of data bundled with the transaction. Because current architectures mix control signals and data, a person's "identity" becomes observable to the system itself. If the math can be seen, it can be simulated. + Not all legislation seeks to deepen the Marianas Trench paradigm. A counter-movement has emerged that aligns closely with the principles of structural elimination of security dependencies:

-

Evolution of ID technology

+

Biometric ID Database Ban (H.R. 3693)

+ + +

Safeguarding Personal Information Act (S. 2769)

+ + + +

The elephant in the room

+

- Based on concepts of bureaucracy, mandated expense, and the biometric fallacy, we are looking at Dante's 7 Levels of ID Heck: + Mandatory digital ID initiatives, such as H.R. 7270, would require the use of NIST-compliant Mobile Driver's Licenses (mDLs). A mobile driver's license is a digital representation of a state-issued identification document. At the architectural level, mDLs strictly require the use of a smartphone or a similar commercially produced smart device, effectively compelling citizens to carry and use microwave-linked cell phones. +

+ +

+ The identity data is stored within the device's secure hardware and transmitted to verifiers via active network protocols such as NFC or Bluetooth. The deployment of mDLs relies almost entirely on the digital wallet ecosystems controlled by Apple and Google. This outsources the foundational infrastructure of state identification to two private corporations, granting them unprecedented gatekeeping authority.

+ +

+ If such an initiative is successful, it would mark the first time Congress has ordered the entire U.S. population to buy a physical product from commercial suppliers simply to participate in society. As established earlier in this paper, significant questions remain regarding the architectural effectiveness of this technology, and legislators should not hold back from asking commonsense questions about it. Furthermore, the architectural reality of a mobile digital ID requires the device to continuously broadcast its location to cell networks. Mandating this technology is functionally equivalent to legally requiring every citizen to carry an active geo-tracking beacon—a profound physical vulnerability considering that commercial geo-tracking data is actively exploited by criminals for stalking and kidnappings. +

+ +

+ However, as severe as these civil liberty and physical security implications are, they are perhaps not the most disturbing part of the initiative. +

+ +

+ By law, the FDA was compelled to defer the study of the health effects of microwaves to the FCC, an action codified in the Telecommunications Act of 1996. The FCC is staffed by engineers rather than medical experts. Consequently, they approached biology as an engineering problem. They set a safety limit for microwave exposure designed exclusively to prevent heating an adult human brain by more than one-tenth of a degree Celsius. The underlying regulatory assumption is that microwaves solely cook tissue; therefore, limiting thermal output solves the safety problem. +

+ +

+ The observation that the FCC is a captured agency is a matter of recent legal record. In 2021, the US Court of Appeals for the DC Circuit ruled against the FCC (Environmental Health Trust v. FCC). The court found that the FCC's 2019 decision to retain its 1996 safety limits without adequately reviewing the thousands of pages of scientific evidence regarding non-thermal biological effects was "arbitrary and capricious." The court essentially stated that the FCC was ignoring the science to maintain the status quo. +

+ +

+ Microwave health effects have been discussed and debated since shortly after the invention of radar in WWII. The Soviets published early findings of biological harm. Because radar uses microwaves and was considered a critical military technology, the U.S. Navy replied that they did not see the problem. +

+ +

+ Today, there are thousands of studies showing biological effects, countered by industry responses claiming they do not exist. Significant studies establishing non-thermal mechanisms include: +

+ -

Current legislation

- The following bills represent the current trajectory of federally funded digital identity infrastructure: + Industry does not possess a strong track record when conducting studies on the safety of its own products. To understand the danger of blindly trusting corporate safety assurances, a person only needs to review the historical record of institutional deception:

+ -

A better way forward: the reasoning technology plan

+

+ A 2018 investigative report in The Nation, titled "How Big Wireless Made Us Think That Cell Phones Are Safe," detailed a vast cover-up by the telecommunications industry. Society appears to be witnessing the exact same pattern again. The industry first duels in the journals, then attacks the researchers, and finally targets anyone who complains. +

+ +

+ Here is a partial list of researchers who have reported being professionally targeted after publishing findings critical of microwave safety: +

+ + + +

+ An industry-sponsored study reported in IEEE Spectrum tested the reaction of people seeing or not seeing microwave devices, concluding that symptoms were psychosomatic. However, the study deliberately ignored the mechanics of operant conditioning, and failed to consider the results from prior studies showing endocrine and cellular damage. +

+ +

+ Rather than wading exclusively into the technical literature, a person can observe practical demonstrations of these biological effects. In one demonstration by the engineering channel "Tech Ingredients", the presenter was operating a high-powered microwave test rig and momentarily forgot how to spell the word "front" while exposed to the field. In another recorded experiment, Danish school students demonstrated that cress seeds planted in a Faraday cage with a transmitting Wi-Fi router completely failed to grow compared to the control group. +

+ +

+ Reflecting on this pattern of institutional deception brings to mind the famous quote from President George W. Bush: "There's an old saying in Tennessee, I know it's in Texas, probably in Tennessee, that says, fool me once, shame on, .. shame on you ah ah .. Fool me, you can't get fooled again." +

+ +

+ Yet, legislators are currently on the cusp of making it functionally mandatory that every citizen carry and use a microwave-emitting cell phone. +

+ +

Conclusion

+ +

+ I hope this white paper has made it clear to legislators that though technical people are very smart at what they do, they have repeatedly missed sight of the forest for the trees. Non-technically minded leaders should not be afraid to ask commonsense questions, and should expect to be given answers that make sense. Please do not follow the technologists down the primrose path, and instead work to preserve the garden of golden flowers. +

+ + +

Suggestions

+ +

I write these suggestions not due to a political agenda, but from the point of view of achieving computer security. +

+ +

The most reliable way to make a system secure, is to remove the need for it to be secure. As we go down the list of reasons that digital ID is desired, how many of those can be removed? Lets throw around some ideas.

+ + + +

We are currently charting a course for the byzantine ending of American civilization, but there is time to change course. We must simplify. Incentives are more powerful than regulations.

@@ -801,19 +1157,11 @@ GitHub is the premier meeting place for collaborating programmers, where they ge
  • Reasoning Technology ID technology, RTID: Existing models force lawmakers into a false choice between massive surveillance honeypots or zero utility. Reasoning Technology has developed a foundational identity architecture that shatters this dichotomy. It works in the presence of quantum technology, works in the presence of strong AI, works without special hardware features, has minimal productivity impact, and is maintainable.
    • -

    Appendices

    -

    Appendix A: "Microwaves are candy" and the corporate track record

    -

    - The current RF/Microwave regulations entirely ignore cellular and neurological damage. When told that wireless signals are entirely safe, look at the historical track record of corporate industry assurances: X-Rays, Leaded Gasoline, Thalidomide, Asbestos, Tobacco, PFAS, and Glyphosate. The FDA must conduct and rely upon conflict-free studies. -

    -

    Appendix B: The Aadhaar tragedy

    -

    - India's Aadhaar system is the ultimate realization of Stage 4. A centralized biometric database that has suffered massive data leaks and routinely excludes the poorest citizens because their manual labor has worn off their fingerprints. -

    +

    Appendices

    -

    Appendix C: The history of "secure" cryptographic backdoors

    +

    Appendix A: The history of "secure" cryptographic backdoors

    + -- 2.20.1