From b2242ca135f7c9fb475127008e27e61781058229 Mon Sep 17 00:00:00 2001 From: Thomas Walker Lynch Date: Sun, 17 May 2026 12:51:41 +0000 Subject: [PATCH] . --- document/A2.html | 228 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 159 insertions(+), 69 deletions(-) diff --git a/document/A2.html b/document/A2.html index b84ee8b..a404678 100644 --- a/document/A2.html +++ b/document/A2.html @@ -210,7 +210,7 @@ Groups can follow neutral rules of order; however when even a mild amount of int

-A strange property of our universe is that it is often more difficult to find a solution to a problem, than it is to recognize that a proposed solution works. It is a pattern matching problem that takes some concentration when holding a peg to figure out which hole it should go into, and sometimes the person with the peg gets it wrong, and tries again. In contrast the peg either goes into the hole or it doesn't, some wiggling and rotation might be involved, but it is not a mental puzzle to be solved. A well known property of mathematical proofs is that it is more difficult to find a new one, than it is to walk through and check each step. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance. For the peg in the hole example, the success metric is that the peg drops in. For the proof example the success metric is that that every step is found to be sound. + A fundamental asymmetry in problem-solving is that finding a novel solution requires significantly more cognitive effort than verifying a proposed solution works. Take for example, it is a pattern-matching problem requiring concentration when holding to figure out which hole to place a peg into, and sometimes the person holding the peg evaluates incorrectly and tries again. In contrast, the peg either drops into the hole or it does not; verifying the fit requires almost zero effort. In contrast the peg either goes into the hole or it doesn't, some wiggling and rotation might be involved, but the test for success is not a mental puzzle to be solved. In general, a well known property of mathematical proofs is that they are more difficult to find, than they are to walk through and check. The former is a creative process, while the latter is a mechanical exercise. This is why it is often possible to define a success metric in advance.

A voting procedure is not a success metric. With voting a count is made of group members’ individual opinions of whether a proposal should be selected. Each member applies their own criteria, which can be subjective. Sometimes a success metric cannot be found or agreed on, and voting might be the best option for the group, but not having a predefined success metric reduces the probability that the group will form a garden of golden flowers. @@ -504,8 +504,8 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

If a fingerprint is a password, then a person leaves their "password" on every water glass, door handle, and table they touch. How was that supposed to work?

-

I hope readers will think about this, especially the non-technical among you. There is expensive important lesson here. There is a place for commonsense in security discussions. Investors and legislators alike should not fear asking commonsense questions, and getting answers back that they can understand. -

+

This failure provides an expensive lesson: commonsense belongs in security discussions. Legislators and investors must ask foundational questions and demand intelligible answers. +

Ok, so fingerprints are not a great idea, so we should move to faces?

@@ -515,7 +515,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had In 1996, at a presentation to the SBC board, a man proposed a smartphone technology investment. One of the board members invited their "tech guy" to "interpret." Feeling his expertise was being challenged, the technician argued defensively that phone switches were the future and smartphones were a fad, merely because switches were what he understood. Two years later, the switch-centric giants like Nortel went into bankruptcy, and the world moved to the smartphone.

- Technicians know how to build to spec, the good ones are good at it. Of course everyone reads the tech sections of news, and see a lot of exciting things coming. However, that does not make them into big-picture visionaries. Lawmakers must trust their common-sense judgment, and expect entrenched technology interests to propose further entrenchment. The goal is structural architectural integrity for the economy, rather than adding more layers that make life difficult for a person. + Technicians know how to build to spec, the good ones are good at it. Of course everyone reads the tech sections of news, and see a lot of exciting things coming. However, that does not make them into big-picture visionaries. Lawmakers must trust their common-sense judgment, and expect entrenched technology interests to propose further entrenchment.

@@ -544,7 +544,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

- The technology industry claims that sensors will improve to fix these error rates, sometimes proposing invasive alternatives like retina scans to guarantee identity. However, this ignores the fatal structural flaw of remote authentication. Over the Internet, a server does not authenticate a physical face or a physical eye; it authenticates a digital signal sent from a remote device. + The technology industry claims that sensors will improve to fix these error rates, sometimes proposing invasive alternatives like retina scans to guarantee identity. However, this ignores the fatal flaw of remote authentication. Over the Internet, a server does not authenticate a physical face or a physical eye; it authenticates a digital signal sent from a remote device.

@@ -555,31 +555,31 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

Why we want digital ID

-

About ID

+

About ID

We must distinguish between two types of identification that serve entirely different purposes. The first type functions to locate information about a person on a ledger such as a database. It is like a player's number in sports. The second type of ID serves to confirm that the person has given a correct ID of the first type.

- We will call this first type of ID the unique number ID, or unique name ID. Within a bureaucratic context, the a unique number ID serves as the label on a folder. In computer science context, this will key into a database. Generally it locates something related to the person the ID is referring to. Because it - locates information about a person, each person must have a different unique number ID, so we say that each such ID is unique. + We will call this first type of ID the unique number ID, or unique name ID. Within a bureaucratic context, a unique number ID serves as the label on a folder. In a computer science context, this will key into a database. Generally, it locates something related to the person the ID is referring to. Because it locates information about a person, each person must have a different unique number ID, so we say that each such ID is unique.

We will call the second type of ID the proof ID. A proof ID proves that the person who provided a unique number ID really does own that unique number ID. Given two people, say A and B, the proof ID prevents person A from using person B's unique number ID, and vice versa. Put in stronger terms, if the proof ID functions well, then A will not be able to steal the identity of B, or vice versa.

-

We see these two types of ID when logging into a computer. First a user gives a unique name ID, which in this context is called a username. This locates the account. Then a proves he or she owns the account by providing the proof ID in the form of a password. In the case that a more sophisticated login method is used, such as ssh, the proof ID is performed by exchanging cyrptographic keys +

+ We see these two types of ID when logging into a computer. First, a user gives a unique name ID, which in this context is called a username. This locates the account. Then a user proves he or she owns the account by providing the proof ID in the form of a password. In the case that a more sophisticated login method is used, such as ssh, the proof ID is performed by exchanging cryptographic keys.

-

- Many organizations don't seem to be clear on these two distinct uses of ID. It is common for an organization to expect things from a unique number ID that it lacks the capacity to do, such as serving as proof of identity. Using unique number ID as a proof ID is typically vulnerable due to two reasons, a regular and dense ID space, and poor privacy of the numbers. When unique number IDs are issued in series, then an attacker can follow the pattern. If the space of unique number IDs is dense, then any guess will be an actual ID. Unique number IDs are typically used at face value, thus when typed or used over the phone, that text or spoken number is literally the ID. These attributes are fine when a unique number ID is used as a locators, but lead to high probability of catastrophic failure when used as identity proof. -

+

+ Many organizations do not seem to be clear on these two distinct uses of ID. It is common for an organization to expect things from a unique number ID that it lacks the capacity to do, such as serving as proof of identity. Using a unique number ID as a proof ID is typically vulnerable due to two reasons: a regular and dense ID space, and poor privacy of the numbers. When unique number IDs are issued in series, an attacker can follow the pattern. If the space of unique number IDs is dense, then any guess will be an actual ID. Unique number IDs are typically used at face value, thus when typed or used over the phone, that text or spoken number is literally the ID. These attributes are fine when a unique number ID is used as a locator, but lead to a high probability of catastrophic failure when used as identity proof. +

-

- A good example of a unique number ID that is often misused as a proof ID is the social security number. The are issued in series, the space is dense, and the number is the ID. Furthermore they appear in clear text in many honeypot databases. Over time, government and private entities began requesting the SSN as a proof ID to verify identity. Congress has passed some legislation to protect Social Security numbers from being made public, which could be construed to protect their use as proof ID; however this is security theater, for the reasons outlined above, and because that water already left the dam. Most notably, Section 7 of the Privacy Act of 1974 explicitly makes it unlawful for federal, state, and local government agencies to deny a person any right, benefit, or privilege because of a refusal to disclose their Social Security Number. Apparently it is to be kept secret to preserve its value as a proof ID? -

+

+ A good example of a unique number ID that is often misused as a proof ID is the Social Security Number. They are issued in series, the space is dense, and the number is the ID. Furthermore, they appear in clear text in many honeypot databases. Over time, government and private entities began requesting the SSN as a proof ID to verify identity. Congress has passed some legislation to protect Social Security numbers from being made public, which could be construed to protect their use as a proof ID; however, this is security theater, for the reasons outlined above, and because that water already left the dam. Most notably, Section 7 of the Privacy Act of 1974 explicitly makes it unlawful for federal, state, and local government agencies to deny a person any right, benefit, or privilege because of a refusal to disclose their Social Security Number. Apparently, it is to be kept secret to preserve its value as a proof ID? +

Policing money

@@ -719,21 +719,25 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had The United States is one of only two nations that utilizes Citizenship-Based Taxation (CBT) instead of Residency-Based Taxation (RBT). Because the IRS must track every dollar a citizen touches globally, the U.S. is the lead architect of the global financial "Phone Home" system. This requires every bank on the planet to report on American dealings (FATCA).

- This structural requirement is the hidden driver for an interoperable, global digital ID. Every dollar holder is now a suspected of being a money launderer, a drug dealer, or a tax-evading "sneak." In a CBT world, the source and identity of the money are more important to the state than the payment itself. We secure the portal to pay taxes, not because the account holder wants to prevent others from paying his or her taxes, but rather because the government needs to know where the money came from. + This global tracking mandate is the hidden driver for an interoperable, global digital ID. Every dollar holder is now suspected of being a money launderer, a drug dealer, or a tax-evading "sneak." In a CBT world, the source and identity of the money are more important to the state than the payment itself. We secure the portal to pay taxes, not because the account holder wants to prevent others from paying his or her taxes, but rather because the government needs to know where the money came from.

-

Individual revenue taxation

+

Individual revenue taxation

-

For a nation to tax an citizens' and residents' income, they must be able to verify what that income is. Initially this was done by having companies and contracting entities to report salaries and contract amounts to the IRS, a copy of that report is sent to the individual, and the individual must also send his copy to the IRS, so that the IRS can also verify the sent the report. +

+ For a nation to tax the income of its citizens and residents, it must be able to verify what that income is. Initially, this was done by requiring companies and contracting entities to report salaries and contract amounts to the IRS. A copy of that report is sent to the individual, and the individual must also send their copy to the IRS, allowing the agency to cross-verify the reports.

-

Now that the government polices money, they are able to see financial transactions at banks. In theory this could replace the old system, but instead both are done. Any discrepancies are then used as signals for triggering audits. +

+ Now that the government polices money, it is able to monitor financial transactions at banks. In theory, this could replace the old system, but instead, both are done. Any discrepancies are then used as signals for triggering audits.

-

Each person is then given a tax account. This tax account is accessible online. The digital ID then ties all of this together. Note that the each individual has a social security number, and those numbers are used to key database records, but they lack the security and privacy required to be used as an ID. +

+ Each person is then given a tax account. This tax account is accessible online. The digital ID then ties all of this together. Note that each individual has a Social Security Number, and those numbers are used to key database records, but they lack the security and privacy required to be used as a secure ID.

-

The next step for this system appears to be that of central bank digital currencies, where every transaction is an SQL command on a database. The government would then, in theory, have awareness of all transactions, and the capability to force their own transactions. +

+ The architectural trajectory of this system appears to be heading to central bank digital currencies (CBDCs), where every transaction functions as a direct query on a state database. In such a paradigm, the government gains absolute visibility into all transactions and the capability to unilaterally execute or block transfers.

International scammers

@@ -813,7 +817,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had Category Technologies Used - The Structural Flaw + The Flaw @@ -850,7 +854,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had Initiative Name Jurisdiction Core Technology - The Structural Failure + The Failure @@ -967,7 +971,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had

Counter-Legislation: Limiting the security stack

- Not all legislation seeks to deepen the Marianas Trench paradigm. A counter-movement has emerged that aligns closely with the principles of structural elimination of security dependencies: + Not all legislation seeks to deepen the Marianas Trench paradigm. A counter-movement has emerged that aligns closely with the principles of elimination of security dependencies:

Biometric ID Database Ban (H.R. 3693)

@@ -981,7 +985,7 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had @@ -1111,64 +1115,86 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had Yet, legislators are currently on the cusp of making it functionally mandatory that every citizen carry and use a microwave-emitting cell phone.

-

Making the security situation better

+

Making the security situation better

-

This is not a standalone chapter. The things stated here are carefully built upon the material that comes before it. This is a white paper on security and this chapter discusses how to reduce the risk equations given in How experts think about risk. Any resemblance to someone's political platform is a coincidence, unless that platform used the reasoning of better cybersecurity. - -

Don't create situations that require security in the first place

+

+ The recommendations in this chapter derive strictly from the mathematical implications of the catastrophic risk equations detailed in How experts think about safety. To reduce the probability of catastrophic failure, an architecture must eliminate the dependencies that demand complex security in the first place. +

-

The most powerful thing we can do to make computer ID more practical is to diminish the need for it in the first place. The chapter Why we want digital ID lists the reasons for ID, so lets discuss those. +

Don't create situations that require security in the first place

+

+ The most powerful thing we can do to make computer ID more practical is to diminish the need for it in the first place. The chapter Why we want digital ID lists the reasons for ID, so let us discuss those. +

Databases

Countering the honey pot effect

- In 1937, Nikolai Yezhov, the head of the Soviet secret police issued NKVD Order No. 00447. This directive established explicit quotas for the execution or imprisonment of citizens in every geographic district of the Soviet Union. To fulfill these arbitrary numerical targets, local authorities utilized centralized municipal records, census lists, and employment files to efficiently locate and process victims. Obviously, this sort of thing would destroy the garden of golden flowers and group intelligence effects. + In 1937, Nikolai Yezhov, the head of the Soviet secret police, issued NKVD Order No. 00447. This directive established explicit quotas for the execution or imprisonment of citizens in every geographic district of the Soviet Union. To fulfill these arbitrary numerical targets, local authorities utilized centralized municipal records, census lists, and employment files to efficiently locate and process victims. This is an extreme example of how data found databases could repurposed to assert control and to destroy the garden of golden flowers.

- From a security point of view, databases are honeypots for those who desire power over people, be they despots or cybersecurity attackers looking for money. The simplest way to thwart this effect is to not have the honeypot in the first place. Hence, the security expert's first question, which databases are not required? The second question, among those that are required, can they be made to have more focused purpose? Can the number of records and fields be reduced? Are citizens really so interesting? + From a security point of view, databases are honeypots for those who desire power over people, be they despots or cybersecurity attackers looking for money. The simplest way to thwart this effect is to not have the honeypot in the first place. Hence, the security expert's first question: which databases are not required? The second question, among those that are required: can they be made to have a more focused purpose? Can the number of records and fields be reduced? Are citizens really so interesting?

Making databases coherent

-

The obvious thing that offers itself here is to disentangle the two meanings of ID for the Social Security number, and to then make it available as a unique number ID for any use, but never to be used as a proof ID. Note section About ID. +

+ The obvious thing that offers itself here is to disentangle the two meanings of ID for the Social Security Number, and to then make it available as a unique number ID for any use, but never to be used as a proof ID. Note section About ID.

-

Though a drawback of a Social Security Number as a unique number ID, currently, as that people it currently does not expire. Thus when a immigrant comes to the U.S., they are starting fresh, while citizens must carry the weight of their record for an entire lifetime. It might make sense to reassign the number at specific ages limits that correspond to known development thresholds, such as 6, 18, 36, 64. Or alternatively possibly ordered by a judge.

+

+ Though a drawback of a Social Security Number as a unique number ID is that currently it does not expire. Thus when an immigrant comes to the U.S., they are starting fresh, while citizens must carry the weight of their record for an entire lifetime. It might make sense to reassign the number at specific age limits that correspond to known development thresholds, such as 6, 18, 36, 64. Or alternatively, possibly ordered by a judge. +

-

Alternatively, there could be a new issuing of unique number IDs specifically for this purpose. Another interesting variation would be to have various services that represent groups, similar to group insurance. The people in groups would then earn a reputation, as do people in group insurance policies.

+

+ Alternatively, there could be a new issuing of unique number IDs specifically for this purpose. Another interesting variation would be to have various services that represent groups, similar to group insurance. The people in groups would then earn a reputation, as do people in group insurance policies. +

-

ID need for Individual Revenue Taxation

-

As explained in the Catastrophic failureThat security becomes disproportionally more manageable when the problem is made smaller. For income tax there is an obvious way to do this. Money flows in a circle. We tax it both when it is a salary or contract payment when it enters people's pockets, and when it enters a company as revenue. It is the same money going all the way around. +

+ As demonstrated in the Catastrophic failure section, security becomes disproportionately more manageable when the problem domain is made smaller. For income tax, there is an obvious simplification. Money flows in a circular economy. Currently, the state taxes it both when it enters an individual's pocket as a salary or contract payment, and when it enters a company as revenue. It is the same money going all the way around.

- + Circular flow of money -

There are approximately 161 million tax payers, but only 6.7 million companies. The security and enforcement problems would be a magnitude less complex, if we collected tax at the point in the circle where it entered companies.

+

+ There are approximately 161 million taxpayers, but only 6.7 million companies. The security and enforcement problems would be a magnitude less complex if we collected tax at the point in the circle where it entered companies. +

-

The reduced complexity manifests dramatically on the enforcement side. Whoever thought it was a good idea to pull grandmothers and the lesser able among us into complex accounting problems, audits, and penalties? On the other hand, the very reason corporations were formed was to formalize their financials and liability. They already engage professional accountants. They already have fiduciary duties.

+

+ The reduced complexity manifests dramatically on the enforcement side. Whoever thought it was a good idea to pull grandmothers and the lesser able among us into complex accounting problems, audits, and penalties? On the other hand, the very reason corporations were formed was to formalize their financials and liability. They already engage professional accountants. They already have fiduciary duties. +

Citizenship-based taxation

-

Only two countries in the world use citizenship based taxation, the United States and Eritrea. I understand it was introduced in the Civil War out of fear that Americans would move to Canada to avoid paying for the war. However, it has caused problems in that when Americans move to other countries, they use services in those other countries, so those other countries tax all residents, including Americans. This leads to a double taxation problem for Americans. So as to alleviate the double taxation problem the U.S. has entered into treaties so that Americans need not pay U.S. tax when paying tax in a foreign country. +

+ Only two countries in the world use citizenship-based taxation: the United States and Eritrea. I understand it was introduced in the Civil War out of fear that Americans would move to Canada to avoid paying for the war. However, it has caused problems in that when Americans move to other countries, they use services in those other countries, so those other countries tax all residents, including Americans. This leads to a double taxation problem for Americans. So as to alleviate the double taxation problem, the U.S. has entered into treaties so that Americans need not pay U.S. tax when paying tax in a foreign country.

-

Said tax treaties create a defacto residence based tax. From the point of view of reducing complexity so that computer security is tractiable, the commonsense solution here would be to move to a residence based tax and eliminate the paperwork burden.

+

+ Said tax treaties create a de facto residence-based tax. From the point of view of reducing complexity so that computer security is tractable, the commonsense solution here would be to move to a residence-based tax and eliminate the paperwork burden entirely. +

Policing money

-

The primary point of policing money can be moved to the same point as for taxation. In addition international movements would have to be corporate and commercial accounts. They pretty much already are, as everything goes through banks. However, the burden on banks would be greatly reduced, as only commercial accounts would require transaction reporting. This would again reduce the data to be sifted through by a magnitude. +

+ The primary point of policing money can be moved to the same point as for taxation. In addition, international movements would have to be corporate and commercial accounts. They pretty much already are, as everything goes through banks. However, the burden on banks would be greatly reduced, as only commercial accounts would require transaction reporting. This would again reduce the data to be sifted through by a magnitude.

Proof ID

-

The above does not address issue from the sections International scammers, and Public no longer means public. Reasoning Technology, and others have proposals for this. The NIST mDLs for example. If you are interested in hearing more about the Reasoning Technology intellectual property, please contact me. -

+

+ The proposals above address systemic vulnerabilities by eliminating the need for vast identity infrastructure. However, this does not address the issues raised in the sections regarding international scammers and the loss of public access. For these specific challenges, a secure proof ID is still required. While initiatives like NIST mDLs attempt to fill this gap, they carry the severe architectural flaws discussed earlier. +

+ +

+ Reasoning Technology has developed a foundational identity architecture, RTID, that shatters the false choice between massive surveillance honeypots and zero utility. It functions securely in the presence of quantum technology and strong AI, requires no mandated hardware capital expense from the citizen, and exerts minimal productivity impact. I would welcome the opportunity to provide a technical briefing on how architectures like RTID can secure our digital infrastructure without sacrificing the garden of golden flowers. +

+

Appendices

@@ -1176,33 +1202,97 @@ Engineers later discovered the cause. Temporary abuse-mitigation rules that had -

Appendix B

- - - - +

Appendix B: The NIST Mandate and Stated Federal Objectives

+

+ The CHIPS and Science Act of 2022 directed the National Institute of Standards and Technology (NIST) to launch new work to develop a framework of common definitions and voluntary guidance for digital identity management systems. This includes identity and attribute validation services provided by federal, state, and local governments. +

+

+ While work is underway at NIST to create this guidance, state and local agencies lack the resources to implement it. Proponents of federal intervention argue that if this does not change, it will take decades to harden deficiencies in the identity infrastructure. The legislative mandates and grant programs driving this infrastructure expansion typically cite the following objectives: +

+ +

+There is a paradox at the heart of contemporary cybersecurity legislation. The goals of protecting privacy and reducing vulnerability are sound. However, the prescribed technological solutions, specifically interoperable digital driver's licenses and centralized defenses against deepfakes, inevitably mandate the creation of the exact aggregation honeypots and byzantine security labyrinths that place the citizen at the greatest risk of digital exile. +

+ +

Bibliography

+ +

Introduction

+ + +

The garden of golden flowers

+ + +

How experts think about safety

+ + +

The coming security apocalypse

+ + +

Why we want digital ID

+ + +

Current digital ID efforts

+ + +

Proposed legislation

+ + +

The elephant in the room

+ + +

Making the security situation better

+ -- 2.20.1