Defence - passive and active measures
Next: Schrödinger’s Army
The core theme of this substack is to develop a model for decentralised society consisting of as independent as possible “cells” at different scales. At minimum municipalities or regions that can themselves generate energy, produce food, medicine, products and maintain infrastructure if the outside world turns pear shaped.
After looking at quite a few of individual vertical industries, its time to start putting the legos together,
One specific aspect that often is overlooked, is defence. Also decentralised communities need to figure out ways to protect them. It is still a fairly focused topic and is a good starting point.
Security and defence of a decentralised society needs to follow a different path than centralised models. Centralised models are good at concentrating power and have bigger budgets to invest, but the concentration aspects are also their Achille’s heel – single points of failure.
We start here by presenting passive and active measures before going into what we call Schrödinger’s Army that is bot passive and active concept. But more on that next week.
Passive Measures
Let’s go through some passive defence mechanisms – ways to avoid threats by making bad actions difficult or impossible.
Onion Rater
The onion rater is an excellent tool for personalising content in social media and filtering out bots and other synthetic parts of it. Simply said its an algorithms where my personal network (family, friends) is given much more weight in prioritising content than what bots and unknown persons think is important.,
Many will naturally denounce this as creating a filter bubble and no doubt there will always people who are eager to be inspired and learn new ideas from automated computer programs and they naturally will tap to the unfiltered social media content as of today (i.e., filtered by the social media company to maximise their profits). Onion rater does not have to be the one that rules them all, but an option.
Pseudonyms and Avatars
Keystone open-source code and designs are central to the workings of the future. The developers and designers will be targets by adversary nations and criminals employed by them (using criminals in the middle allows the autocratic nations to deny responsibility). The aim is to break into their machines so that compromising code can at some point be injected without them realising it.
When developer’s use pseudonyms, the targets become ghosts, harder to hit. Pseudonyms are yet another form of decentralisation because real identities are global.
Same is true on social media where real and wannabe online micro-dictators flock together and seek to silence people who have opinions they do not agree with. Pseudonyms protect against real world cancel attempts.
This will lead to everyone having multiple pseudonyms for different contexts and a separate set of work pseudonyms and one where they appear with own name. The work pseudonyms fit well into a world of remote work where you never meet physically.
From time to time people probably want to change pseudonyms that are tied to a particular context. How to do this and take the reputation over to the new identity? If a new pseudonym is created with same reputation score, it is obvious who that is. A better approach is that all people who want to switch over a done together in monthly “rebirth” event and either some noise is added to score or score is moved oved over in a set of instalments over a longer period.
Avatars are a similar solution for real time video calls. Video filters will replace own face and voice with an avatar that can be a historical figure, comics superhero or villain or simply a synthesised one.
Not all is roses and sunshine however. Due to this technology, it won’t be possible to distinguish real people from a synthesised person. In future a politician can be present in hundreds of online rallies at the same time. We might one day even have candidates that are constructed in a data center. Such person might rein for a long time. I’ll leave it as an exercise for the gentle reader to think of all the implications.
Hack-resistant Hardware
Hardware ‘firewalls’ are a concept of adding physical part to the design that make lethal or serious errors impossible. Therac-25 is a well-known example where a radiation therapy machine had a software error that rarely would administer a lethal dose. It was involved at least in six incidents. An earlier model had the same error but it had hardware interlocks that masked their software defects. After detection the manufacturer introduced a hardware single-pulse shutdown circuit, that prevented overdosing by detecting an unsafe level of radiation and halting beam output after one pulse of high energy and current.
When software controls the world, all devices will need some form of mechanical or electrical solution to prevent serious damage when (not if) a malicious actor has broken into the machine. Software makes every product flexible but every product needs physical changes to make it inflexible again to a degree.
Having a physical firewall is not enough, devices need to find out independently when someone is trying to misuse them. When malicious code is trying for example to switch a relay rapidly on and off to break it, the physical firewall will prevent this. The physical part needs to have an attached sensor that detects the action of the firewall feature and reports this to an upper-level system. This givens indication that the main control logic has been contaminated. The monitoring needs to be passive and independent from the main logic with as much difference as possible (different processor architecture, separate power source if possible, etc.)
Non-jammable Positioning
Spoofing satellite-based positioning systems like GPS is not very difficult and products to do this are available. Quantum gravitational navigation is a passive positioning system that cannot be spoofed. A topic for research so that low-cost solutions could enter common use.
Toughening up Internet Protocols
Internet protocols are notoriously insecure because they were designed at a time when Internet was a domain of a few scientists. There are secure solutions like DNSSEC for securing the domain name system, but no one wants to be the first to implement such mechanisms because benefits happen only when all implement it.
Mitigation would be easy by say with an EU level regulation.
Personal Body Mosquito
Centralised security mechanism will not be able to meet all the threats of future. It will be possible to build yourself harmful devices with cheap manufacturing tools like 3D printers and to use cheap drones to deliver harmful payloads even from far away.
The same technologies can also be used to build personalised safety solutions. One such concept is a small drone that flies around you all the time recording everything. If you ever get assaulted it will at least take images of the perpetrators and call the police so they can easily be caught. Or if I get pick pocketed, the artist will be on video. Like a body guard but small and always available.
This is the personal body mosquito.
As a corollary, perhaps tender human interactions will start in the future with the romantic statement: “shall we give our mosquitos a moment of rest?”.
Citizens’ Right to Audit the Government
Citizens’ should have right to allow themselves or 3rd parties to audit all data and decisions related to their case to find errors. This allows independent organisations to build programs that check and validate that the decision follows the law.
Just the fact that this right exists, prevents misconduct, and the active use of the right allows them to be corrected.
Active Measures
Next: what active measures we can do to make decentralised world more resilient.
Bugs Bounties
The idea with bugs bounties is that we pay independent 3rd parties rewards whenever they find a bug in some technical system. Today bugs bounties are relatively common in software world where private companies offer them from time to time to test their products.
Without such a system, the only buyers in the markets would be bad actors offering monetary reward for finding faults. Bugs bounties are a good way to focus own interests to tinker to a positive goal and earn money at the same time.
Nothing prevents societies from using small slice of tax money to offer bugs bounties in a more general way towards finding serious issues with any technical system.
Fraud Corps
Small frauds are beneficial on society level as they makes people aware that not everything can be trusted. The betrayed will share experiences to friends and on social media making communities more risk aware.Fraud Corps does small mischiefs but returns any lost money back to targets in order to raise awareness.
It also creates and maintains honeypots to learn the latest and greatest acts of online fraud artists.
Flying Toasters on Security Cameras
Here is one approach that Fraud Corps could also do to raise awareness.
Most security monitoring today is remote via cameras. Machine learning systems today have the capability to alter video feed in real time. This allows autocratic nations where cameras are made to have such system automatically in all units.
What could this allow?
Its possible for example to have some persons removed from video feeds when they wear a jacket with right pattern. Special agents could then walk freely industrial premises and not be seen remotely, effectively being invisible.
Or someone can be added to video feed to discredit them or replace the face with someone else.
To mitigate, societies need to purchase security cameras from friendly sources and preferably from multiple suppliers.
Most software contains errors that allow unauthorised access. We can assume also video cameras do. This allows Fraud Corps to put our own software there as well. To highlight the fragility of bits with a small visualisations as example.
Why not add flying toasters or add Louis XIV of France with full ensemble doing the floss in the background?
Safety investigation authority
Like in aviation, where an investigation is launched and recommendations made, any hazardous incident should be followed by an committee that goes to the root cause and comes up with proposals for improvement.
Standardised Test Suites and Test Environments
In the software world there are number of automated test suites to find bugs in various products. The teams that write these packages could be allocated a portion of bugs bounties if they have been used to discover some vulnerability.
Another testing measure that is nowadays common among the web3 crowd, is to deploy so called test networks. Test networks are identical in functionality to production networks but allow deployments where no real customer money is at stake.
Hack Back Labs
Industrial espionage – stealing private enterprises assets to speed up own development activities or selling to willing customers - is a profitable industry. The most advanced teams have excellent funding from national budgets as some nations see this as a way to gain industrial advantage.
Hack back labs is a concept turning this on its head. Core idea is to gain access to perpetrators systems in order to understand who they, how they operate and what they have. Having this information, you then you decide what you do with it.
Simplest is to run honeypots and see what the penetrators are looking for. More advanced approach is to place interesting looking documents there with exploit containing code to gain access to their systems.
More advanced is acquire penetration toolsets . You could purchase them or identify organisations selling penetration tools and try to gain access into their systems for advanced tools sans payment.
With access, you to repossess stolen trade secrets and intellectual property.
The follow up depends on the purpose. One approach would be to turn the assets for global good. You could release stoled IPR openly so that entrepreneurs in emerging markets -or anywhere - could use these designs and leap frog in terms of technology close to their most advanced competitors.
Since the results are already widely disseminated in the case of state-sponsored industrial espionage, so no real harm is done.
The original owners of the designs would be compensated by raising the customs of goods from the offending nations and using this additional income as compensation.
Some uplifting of existing legal frameworks may be needed to optimise the benefits of this concept.
All of this could also be funded by an autonomous, decentralised fund, not just a national effort.
Mischief as An Occupation
Bugs bounties, hack-in labs and Fraud Corps are part of the defence mechanisms of a digital society. The core idea that we actively attack against ourselves at low volume to detect vulnerabilities and fix them before they get widely misused. The people finding these are given a finders’ fee.
This is a way where people who like a little bit of mischief can focus their energies on making the world a better place. Mischief can be a reputable occupation.
Physical structures need different type of testing as we cannot experiment with real building or rotating motors in production.
What would be done is to set part of bugs bounties – say 15 % - for real world tests. Anyone could claim there is an issue and propose testing method, perhaps requiring simulation or building some physical test model. The most merited testers – Mischief Alumni – would then vote whether they think the experiment is worth it.
Next: Schrödinger’s Army