COVID-19, Blockchain, and the Global Startup Scene - Manifold Podcast #39

Steve and Corey talk to Kieren James-Lubin and Victor Wong of the blockchain technology startup, BlockApps. They begin with a discussion of the COVID-19 epidemic (~25m): lockdown, predictions of ICU overload, and helicopter money. Will personal contact tracking become the new normal? Transitioning to blockchain, a technology many view as viable even in times of widespread societal disruption, they give a basic explanation of the underlying cryptographic and consensus algorithms. Kieren and Victor explain how BlockApps was founded, its business model, and history as a startup. They conclude with a comparison of startup ecosystems in China, Silicon Valley, and NYC.

Recorded on March 18, 2020. Now (March 26) I feel we can make much stronger predictions about CV-19 in the US. We will definitely see overloaded health systems (ICUs) across a broad part of the country. It is already starting to happen in NYC. I will be surprised if the US can avoid tens of thousands of fatalities by early April (say, 14 days from today).

1:08 - Lockdown and ICU Overload COVID-19
5:22 - Singapore and Taiwan Response
17:28 - Government Intervention and Helicopter Money
22:13 - End of the Lockdown?

25:58 - How BlockApps got started
28:56 - Private & Public Key Cryptography and Digital Signatures
34:40 - Blockchain
46:05 - Enterprise Blockchains
1:03:37 - Elevator Pitch
1:24:58 - Global Startup Scene

Transcript

Kieren James-Lubin

Victor Wong


man·i·fold /ˈmanəˌfōld/ many and various.

In mathematics, a manifold is a topological space that locally resembles Euclidean space near each point.

Steve Hsu and Corey Washington have been friends for almost 30 years, and between them hold PhDs in Neuroscience, Philosophy, and Theoretical Physics. Join them for wide ranging and unfiltered conversations with leading writers, scientists, technologists, academics, entrepreneurs, investors, and more.

Steve Hsu is VP for Research and Professor of Theoretical Physics at Michigan State University. He is also a researcher in computational genomics and founder of several Silicon Valley startups, ranging from information security to biotech. Educated at Caltech and Berkeley, he was a Harvard Junior Fellow and held faculty positions at Yale and the University of Oregon before joining MSU.

Corey Washington is Director of Analytics in the Office of Research and Innovation at Michigan State University. He was educated at Amherst College and MIT before receiving a PhD in Philosophy from Stanford and a PhD in a Neuroscience from Columbia. He held faculty positions at the University Washington and the University of Maryland. Prior to MSU, Corey worked as a biotech consultant and is founder of a medical diagnostics startup.

How NSA Tracks You (Bill Binney)

Anyone who is paying attention knows that the Obama FBI/DOJ used massive government surveillance powers against the Trump team during and after the election. A FISA warrant on Carter Page (and Manafort and others?) was likely used to mine stored communications of other Trump team members. Hundreds of "mysterious" unmasking requests by Susan Rice, Samantha Powers, etc. were probably used to identify US individuals captured in this data.

I think it's entirely possible that Obama et al. thought they were doing the right (moral, patriotic) thing -- they really thought that Trump might be colluding with the Russians. But as a civil libertarian and rule of law kind of guy I want to see it all come to light. I have been against this kind of thing since GWB was president -- see this post from 2005!

My guess is that NSA is intercepting and storing big chunks of, perhaps almost all, US email traffic. They're getting almost all metadata from email and phone traffic, possibly much of the actual voice traffic converted to text using voice recognition. This used to be searchable only by a limited number of NSA people (although that number grew a lot over the years; see 2013 article and LOVEINT below), but now available to many different "intel" agencies in the government thanks to Obama.

Situation in 2013: https://www.npr.org/templates/story/story.php?storyId=207195207

(Note Title 1 FISA warrant grants capability to look at all associates of target... like the whole Trump team.)

Obama changes in 2016: https://www.nytimes.com/2016/02/26/us/politics/obama-administration-set-to-expand-sharing-of-data-that-nsa-intercepts.html

NYT: "The new system would permit analysts at other intelligence agencies to obtain direct access to raw information from the N.S.A.’s surveillance to evaluate for themselves. If they pull out phone calls or email to use for their own agency’s work, they would apply the privacy protections masking innocent Americans’ information... ” HA HA HA I guess that's what all the UNmasking was about...

More on NSA capabilities: https://en.wikipedia.org/wiki/LOVEINT (think how broad their coverage has to be for spooks to be able to spy on their wife or girlfriend)

See also FISA, EO 12333, Bulk Collection, and All That.

Wikipedia: William Edward Binney[3] is a former highly placed intelligence official with the United States National Security Agency (NSA)[4] turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency.

He was a high-profile critic of his former employers during the George W. Bush administration, and later criticized the NSA's data collection policies during the Barack Obama administration. 

From the transcript of Binney's talk:

07:45
ways that they basically collect data
07:48
first it's they use the corporations
07:50
that run the fiber-optic lines and they
07:53
get them to allow them to put taps on
07:55
them and I'll show you some of the taps
07:57
where they are and and if that doesn't
07:59
work they use the foreign government to
08:00
go at their own telecommunications
08:02
companies to do the similar thing and if
08:04
that doesn't work they'll tap the line
08:06
anywhere they can get to it and they
08:08
won't even know it you know the
08:09
government's know that communications
08:11
companies will even though they're
08:12
tapped so that's how they get into it
08:14
then I get into fiber lines and this is
08:17
this is a the prism program ...

that was published
08:30
out of the Snowden material and they've
08:32
all focused on prism well prism is
08:36
really the the minor program I mean the
08:40
major program is upstream that's where
08:42
they have the fiber-optic taps on
08:43
hundreds of places around in the world
08:45
that's where they're collecting off the
08:47
fiber lined all the data and storing it

2016 FISC reprimand of Obama administration. The court learned in October 2016 that analysts at the National Security Agency were conducting prohibited database searches “with much greater frequency than had previously been disclosed to the court.” The forbidden queries were searches of Upstream Data using US-person identifiers. The report makes clear that as of early 2017 NSA Inspector General did not even have a good handle on all the ways that improper queries could be made to the system. (Imagine Snowden-like sys admins with a variety of tools that can be used to access raw data.) Proposed remedies to the situation circa-2016/17 do not inspire confidence (please read the FISC document).

New kids on the blockchain

WSJ reports on institutional interest in blockchain technologies.

WSJ: Nasdaq OMX Group Inc. is testing a new use of the technology that underpins the digital currency bitcoin, in a bid to transform the trading of shares in private companies.

The experiment joins a slew of financial-industry forays into bitcoin-related technology. If the effort is deemed successful, Nasdaq wants to use so-called blockchain technology in its stock market, one of the world’s largest, and potentially shake up systems that have facilitated the trading of financial assets for decades. ...

The blockchain is maintained, updated and verified by a vast global network of independently owned computers known as “miners” that collectively work to prove the ledger’s authenticity.

In theory, this decentralized system for verifying information means transactions need no longer be channeled through banks, clearinghouses and other middlemen. Advocates say this “trustless” structure means direct transfers of ownership can occur over the blockchain almost instantaneously without the risk of default or manipulation by an intermediating third party.

One idea is that encrypted, digital representations of share certificates could be inserted into minute bitcoin transactions known as “Satoshis,” facilitating an immediate, verifiable transfer of stock ownership from seller to buyer.

Still, bitcoin-based settlement remains untested in the real world. Regulators worry about the anonymous status of the bitcoin miners that collectively manage the system. It is conceivable that bad actors might one day take over the mining network and destroy the integrity of its verification system, some say.

... Real-time settlement has been a goal of regulators and investors alike as it would reduce the risk of counterparty failure and free up billions of dollars of capital that is sidelined during that wait period.

Oliver Bussmann, chief investment officer of Swiss bank UBS AG, last year said the blockchain was the biggest disrupting force in the financial sector, meaning its success could potentially have far-reaching ramifications for banks, trading houses and others. His bank has since established a special blockchain lab to study uses of the technology.

Nasdaq named Fredrik Voss, a vice president, as its new “blockchain technology evangelist” to lead efforts to increase use of the technology.

See my earlier discussion Crypto-currencies, Bitcoin and Blockchain. For these kind of applications I think miners should not be the primary mechanism for blockchain verification. The bank / exchange should do it themselves and then post a large bounty (e.g., $50 million dollars) to any miner who finds an error in the publicly available blockchain. Of course, in these scenarios it would be nice to have more functionality than just transfers (which is all Bitcoin can do now). It would be trivial to encode options, derivatives contracts, conditional agreements, etc. in the blockchain. See Ethereum.

7. One interesting scenario is for a country (Singapore? Denmark?) or large financial entity (Goldman, JPM, Visa) to issue its own crypto currency, managing the blockchain itself but leaving it in the public domain so that third parties (including regulators) can verify transactions. Confidence in this kind of "Institutional Coin" (IC) would be high from the beginning. An IC with Ethereum-like capabilities could revolutionize the financial industry. In place of an opaque web of counterparty relationships leading to systemic risk, the IC blockchain would be easily audited by machine. Regulators would require that the IC authority know its customers, so pseudonymity would only be partial.

Crypto-currencies, Bitcoin and Blockchain

Photos from two meetings I attended last week.

Some general comments on crypto-currencies:

1. Bitcoin doesn't really solve any payment problems, unless of course you are a paranoid libertarian who hates "fiat" currencies. But why should you trust the Bitcoin Foundation any more than you trust a central bank? (See Bitcoin dynamics.)

2. Most potential users just want something that works and don't care at all about crypto magic.

3. The high volatility of Bitcoin makes it unattractive as a store of value, except for speculators looking for price appreciation. It's possible that confidence in and the liquidity of Bitcoin (or another crypto coin) will rise to the point that this problem is eliminated. At that point things will get much more interesting. However, it's not clear what the timescale is for this (but see point 7 below).

4. Blockchain processing is extremely inefficient and has a high cost overhead.

5. Ethereum, with its Turing-complete blockchain operations, does make possible low-cost derivative contracts, insurance, etc. But I have yet to hear a convincing case for a killer application. Gambling is an obvious use, but the US government has shown a strong inclination to pursue those involved with illegal online gambling.

6. Innovation in payment technologies is long overdue, but because of positive network effects it will probably be a big player like Apple or Google that finally changes the landscape.

7. One interesting scenario is for a country (Singapore? Denmark?) or large financial entity (Goldman, JPM, Visa) to issue its own crypto currency, managing the blockchain itself but leaving it in the public domain so that third parties (including regulators) can verify transactions. Confidence in this kind of "Institutional Coin" (IC) would be high from the beginning. An IC with Ethereum-like capabilities could revolutionize the financial industry. In place of an opaque web of counterparty relationships leading to systemic risk, the IC blockchain would be easily audited by machine. Regulators would require that the IC authority know its customers, so pseudonymity would only be partial.

Here's a good podcast on crypto-currencies for non-experts.

Wall Street journalists Paul Vigna and Michael J. Casey talk about cybermoney in The Age of Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. Vigna and Casey argue that digital currency is poised to launch a revolution that could reinvent traditional financial and social structures, and bring the world's billions of "unbanked" individuals into a new global economy.

Analogies between Analogies

As reported by Stan Ulam in Adventures of a Mathematician:

"A mathematician is a person who can find analogies between theorems; a better mathematician is one who can see analogies between proofs and the best mathematician can notice analogies between theories. One can imagine that the ultimate mathematician is one who can see analogies between analogies."  --Stefan Banach

See also Analogies between Analogies: The Mathematical Reports of S.M. Ulam and His Los Alamos Collaborators; esp. article 20 On the Notion of Analogy and Complexity in Some Constructive Mathematical Schemata.

I'll add my own comment:

The central problem of modern genomics is essentially cryptographic. The encryption scheme is the model relating phenotype to genotype, and the ciphertext--plaintext pairs are the genotypes and phenotypes. We will recover the schemes -- models which can predict phenotype from genotype -- once enough ciphertext and plaintext (data) is available for analysis.

We have programs (DNA code) and their outputs (organisms) to study; from this we deduce the programming language.

See also Alan Turing:

“There is a remarkably close parallel between the problems of the physicist and those of the cryptographer. The system on which a message is enciphered corresponds to the laws of the universe, the intercepted messages to the evidence available, the keys for a day or a message to important constants which have to be determined. The correspondence is very close, but the subject matter of cryptography is very easily dealt with by discrete machinery, physics not so easily.”

Bitcoin and the Blockchain

This looks like an interesting meeting. Maybe I'll see you there!

See also Ethereum.

O'Reilly: Bitcoin has spawned a lot of hype, a little apprehension, and plenty of confusion. But the blockchain behind bitcoin is a fundamental technological breakthrough. It has the potential to disrupt a wide range of industries and business practices—from fairly obvious potential financial services and retail industry disruptions to less apparent, but equally transformative, disruptions in areas such as micro-payments, contracts, and governmental services.

15 sessions will provide a coherent overview of the bitcoin and blockchain world, mapping out the challenges and opportunities, covering vital issues like cryptocurrency security and compliance, payments, venture capital, smart contracts, and the future of bitcoin.

Citizenfour and Sisu

NYBooks: ... In an interview about Citizenfour with the New Yorker reporter Jane Mayer, Snowden has said that his action seemed to him necessary because the American officials charged with the relevant oversight had abdicated their responsibility. He meant that President Obama, Attorney General Eric Holder, and the intelligence committees in the House of Representatives and the Senate had utterly failed to guard against extraordinary abuses of the public trust under the pretext of national security. Nor had they undertaken the proper work of setting limits to government spying on Americans consistent with the spirit of the First Amendment and the letter of the Fourth Amendment.

...Snowden is often called a “fanatic” or a “zealot,” a “techie” or a “geek,” by persons who want to cut him down to size. Usually these people have not listened to him beyond snippets lasting a few seconds on network news. But the chance to listen has been there for many months, in two short videos by Poitras on the website of The Guardian, and more recently in a full-length interview by the NBC anchorman Brian Williams. The temper and penetration of mind that one can discern in these interviews scarcely matches the description of fanatic or zealot, techie or geek.

An incidental strength of Citizenfour is that it will make such casual slanders harder to repeat. Nevertheless, they are likely to be repeated or anyway muttered in semiprivate by otherwise judicious persons who want to go on with their business head-down and not be bothered. It must be added that our past politics give no help in arriving at an apt description of Snowden and his action. The reason is that the world in which he worked is new. Perhaps one should think of him as a conscientious objector to the war on privacy — a respectful dissident who, having observed the repressive treatment endured by William Binney, Thomas Drake, and other recent whistle-blowers, does not recognize the constitutional right of the government to put him in prison indefinitely and bring him to trial for treason. ...

What seems most remarkable in that hotel room in Hong Kong is Snowden’s freedom from anxiety. He is fearful, yes ... He knows that he is at risk of being subjected to “rendition” or worse. But there is no theatrical exaggeration here, and no trace of self-absorption. He has made his commitment and that is that. ...

... [Snowden] realizes that if he keeps his identity a secret, the government will rally all its powers and those of the media to convert the treacherous and hidden leaker into the subject of the story. His intuition is that the best way to counter such a distraction will be to make the story personal right away, but to render the personal element dry and matter-of-fact. He will do this in the most unobtrusive and ordinary manner. He will simply admit that he is the person and spell out the few relevant facts about his life and work.

The undeclared subject of Citizenfour is integrity—the insistence by an individual that his life and the principle he lives by should be all of a piece.

Sisu is a Finnish term loosely translated into English as strength of will, determination, perseverance, and acting rationally in the face of adversity. However, the word is widely considered to lack a proper translation into any other language. Sisu contains a long-term element; it is not momentary courage, but the ability to sustain an action against the odds. Deciding on a course of action and then sticking to that decision against repeated failures is sisu. It is similar to equanimity, except the forbearance of sisu has a grimmer quality of stress management than the latter.

Pessimism of the Intellect, Optimism of the Will.

Bitcoin: the Chinese connection

Discussion of the Chinese role in the recent bubble (also, use of ASICs for mining) starting @15min or so. E-payment situation (Alipay, WeChat, etc.) in PRC described @24min.

Sinica podcast: ... Joined by Zennon Kapron, fintech expert, owner of the Shanghai consultancy Kapronasia, and recent author of the book Chomping at the Bitcoin, we delve into the driving forces behind the cryptocurrency revolution in China, as well as take a quick look at the various other kinds of innovation surfacing in China's online financial sector.

Ethereum

Did you miss out on the next big thing? :-)   See also Bitcoin dynamics.

Bitcoin dynamics

Good discussion of Bitcoin by Mark Andreesen in the Times Dealbook: Why Bitcoin matters. There are also good points made in the comments (see Reader Picks). For example:

... Bitcoin is arguably more like a commodity than a currency as it has no physical assets or central bank behind it. As a commodity should it not therefore be liable to be taxed for any capital gains/losses should the regulators define Bitcoin as a commodity, as in Finland recently? (The example of the guy buying a second-hand Tesla with Bitcoin raises the question, at what price did he originally purchase the Bitcoin? I'm sure the IRS would be 'investigating'.) To conclude, for the 'regular' guy there is very little advantage of getting involved with Bitcoin, apart from speculating on its price.

and

... Andreessen handwaves away the most important problem: there's no reason for anyone to want to hold bitcoins, particularly given the bitcoin-dollar rate volatility. He waves this away by saying that people can just conduct transactions in Bitcoin and then immediately convert the bitcoins into dollars, as though actual money is just transmuted into this special form while it's sent over the wire and then both parties cash out. Well and good; but if that's the case there has to be a market-maker out there. You need someone with a large dollar reserve who can convert dollars to bitcoins (and vice-versa), and who can even balance international currency flows. That's a valuable service; it's foolish to think it'll remain free forever.

Similarly, the math behind Bitcoin requires a huge amount of electricity and computing power to record current and future transactions. Right now that's covered by speculators who are basically paid in bitcoin seignorage; but any time you're consuming real resources and expecting to get them for free you're being either naive or dishonest.

And honestly, if we just wanted a new payment system, we could do that with far less technical and physical overhead than Bitcoin requires.

In short, I'm sure lots of people would love to have financial transactions be free. That doesn't mean they actually will be.

Has anyone worked out the equilibrium compensation required for miners to maintain the transaction record (this involves the cost of energy, etc.)? It seems that if there are lots of micro transactions the cost of maintaining the record might exceed the expected benefit to the miners. The volume of trades is in principle independent of the total amount of value in the system, so there seem to be bad regions of parameter space. I read the original Bitcoin paper a long time ago but haven't followed any of the theoretical developments since then. Don't forget: bits = carbon!  :-)

My question is partially addressed in the Bitcoin FAQ -- they reserve the right to charge transaction fees to help compensate miners. Who, exactly, is "they"?

Satoshi Nakamoto is ... Satoshi Nakamoto!

Newsweek breaks the story! This man has hundreds of millions of dollars in bitcoins :-)

The original proposal. I once did some modest internet sleuthing to figure out who "Satoshi Nakamoto" really was, but to no avail.

As usual, like the guy behind the World Wide Web (Berners-Lee), discovery of DNA structure (Crick), laser (Townes), atomic bomb, transistor (Shockley), electronic computer (Atanasoff et al.), etc., etc., Nakamoto is a ...

"You want to know about my amazing physicist brother?" says Arthur Nakamoto, Satoshi Nakamoto's youngest sibling, who works as director of quality assurance at Wavestream Corp., a maker of radio frequency amplifiers in San Dimas, Calif.

"He's a brilliant man. I'm just a humble engineer. He's very focused and eclectic in his way of thinking. Smart, intelligent, mathematics, engineering, computers. You name it, he can do it."

... Just after graduating college, Nakamoto went to work on defense and electronics communications for Hughes Aircraft in southern California. "That was just the beginning," says Arthur, who also worked at Hughes. "He is the only person I have ever known to show up for a job interview and tell the interviewer he's an idiot - and then prove it."

See also Prometheus in the basement.

UPDATE: Maybe it's not him ...

Beating down hash functions

The state of the art in GPU- and statistics-enhanced password cracking. Crackers beating down information entropy just like in the old days at Bletchley Park! (Trivia question: what are "bans" and "cribs"? Answers)

Ars technica: ... An even more powerful technique is a hybrid attack. It combines a word list, like the one used by Redman, with rules to greatly expand the number of passwords those lists can crack. Rather than brute-forcing the five letters in Julia1984, hackers simply compile a list of first names for every single Facebook user and add them to a medium-sized dictionary of, say, 100 million words. While the attack requires more combinations than the mask attack above—specifically about 1 trillion (100 million * 104) possible strings—it's still a manageable number that takes only about two minutes using the same AMD 7970 card. The payoff, however, is more than worth the additional effort, since it will quickly crack Christopher2000, thomas1964, and scores of others. 

"The hybrid is my favorite attack," said Atom, the pseudonymous developer of Hashcat, whose team won this year's Crack Me if You Can contest at Defcon. "It's the most efficient. If I get a new hash list, let's say 500,000 hashes, I can crack 50 percent just with hybrid." 

With half the passwords in a given breach recovered, cracking experts like Atom can use Passpal and other programs to isolate patterns that are unique to the website from which they came. They then write new rules to crack the remaining unknown passwords. More often than not, however, no amount of sophistication and high-end hardware is enough to quickly crack some hashes exposed in a server breach. To ensure they keep up with changing password choices, crackers will regularly brute-force crack some percentage of the unknown passwords, even when they contain as many as nine or more characters. 

"It's very expensive, but you do it to improve your model and keep up with passwords people are choosing," said Moxie Marlinspike, another cracking expert. "Then, given that knowledge, you can go back and build rules and word lists to effectively crack lists without having to brute force all of them. When you feed your successes back into your process, you just keep learning more and more and more and it does snowball."

Links 10.14.2011

New Yorker: in search of bitcoin creator Satoshi Nakamoto.

BBC In Our Time: the Ming voyages.

Financial Times: "The reputation of economists, never high, has been a casualty of the global crisis ..." See also here.

Steve Weinberg on his work as a JASON

BusinessInsider: 15 charts on US wealth and income inequality (the ugly truth).

NYTimes: "... participants judged women made up in varying intensities of luminance contrast (fancy words for how much eyes and lips stand out compared with skin) as more competent than barefaced women, whether they had a quick glance or a longer inspection."

Julian Assange and WikiLeaks

The New Yorker has a great profile of WikiLeaks founder Julian Assange. Assange started as a hacker, studied math and physics for a while at university, and now devotes all of his time to activism. See here for the WikiLeaks short film Collateral Murder.

I was once involved in crypto fun myself ;-)

New Yorker: ... Assange was burned out. He motorcycled across Vietnam. He held various jobs, and even earned money as a computer-security consultant, supporting his son to the extent that he was able. He studied physics at the University of Melbourne. He thought that trying to decrypt the secret laws governing the universe would provide the intellectual stimulation and rush of hacking. It did not. In 2006, on a blog he had started, he wrote about a conference organized by the Australian Institute of Physics, “with 900 career physicists, the body of which were sniveling fearful conformists of woefully, woefully inferior character.”

He had come to understand the defining human struggle not as left versus right, or faith versus reason, but as individual versus institution. As a student of Kafka, Koestler, and Solzhenitsyn, he believed that truth, creativity, love, and compassion are corrupted by institutional hierarchies, and by “patronage networks”—one of his favorite expressions—that contort the human spirit. He sketched out a manifesto of sorts, titled “Conspiracy as Governance,” which sought to apply graph theory to politics. Assange wrote that illegitimate governance was by definition conspiratorial—the product of functionaries in “collaborative secrecy, working to the detriment of a population.” He argued that, when a regime’s lines of internal communication are disrupted, the information flow among conspirators must dwindle, and that, as the flow approaches zero, the conspiracy dissolves. Leaks were an instrument of information warfare.

These ideas soon evolved into WikiLeaks. In 2006, Assange barricaded himself in a house near the university and began to work. In fits of creativity, he would write out flow diagrams for the system on the walls and doors, so as not to forget them. There was a bed in the kitchen, and he invited backpackers passing through campus to stay with him, in exchange for help building the site. “He wouldn’t sleep at all,” a person who was living in the house told me. “He wouldn’t eat.”

As it now functions, the Web site is primarily hosted on a Swedish Internet service provider called PRQ.se, which was created to withstand both legal pressure and cyber attacks, and which fiercely preserves the anonymity of its clients. Submissions are routed first through PRQ, then to a WikiLeaks server in Belgium, and then on to “another country that has some beneficial laws,” Assange told me, where they are removed at “end-point machines” and stored elsewhere. These machines are maintained by exceptionally secretive engineers, the high priesthood of WikiLeaks. One of them, who would speak only by encrypted chat, told me that Assange and the other public members of WikiLeaks “do not have access to certain parts of the system as a measure to protect them and us.” The entire pipeline, along with the submissions moving through it, is encrypted, and the traffic is kept anonymous by means of a modified version of the Tor network, which sends Internet traffic through “virtual tunnels” that are extremely private. Moreover, at any given time WikiLeaks computers are feeding hundreds of thousands of fake submissions through these tunnels, obscuring the real documents. Assange told me that there are still vulnerabilities, but “this is vastly more secure than any banking network.”

For more from Assange's blog, like the following, see here.

... I attended an Australian Institute of Physics conference at ANU with 900 career physicists, the body of which were snivelling fearful conformists of woefully, woefully inferior character. For every Feynman or Lorentz, 100 pen pushing wretches scratching each others eyes out in academic committees ...

The personality quirks brought to life so well in the New Yorker profile are illuminated by Assange's blog entry (Sat 23 Sep 2006: William James Sidis) concerning high IQ and social maladjustment -- excerpted from this essay by Grady Towers :-)

Skype backdoor

I knew it was too good to be true! As a for-profit company, Skype/EBay eventually had to cave in to spook pressure and allow for eavesdropping. In fact, the back door might have been in from the beginning.

Heise online: According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.

This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. The response from the eBay subsidiary's press spokesman was brief, "Skype does not comment on media speculation. Skype has no further comment at this time." There have been rumours of the existence of a special listening device which Skype is reported to offer for sale to interested states.

Here's what I wrote back in 2005:

...I just learned that Skype connections are encrypted using 256 bit AES, negotiated using 1024 bit RSA. This level of encryption is essentially unbreakable with current computing power. The Feds (with the possible exception of the NSA, and they would have to work very hard to break even a single session) have no chance of eavesdropping on any Skype conversation.

It is true that Skype is closed-source, so it isn't easy to verify that the crypto implementation doesn't have any holes or backdoors. However, given the number of users and the negative consequences for the company of any privacy issues, I suspect that it works as advertised.

Well, although you are probably safe from your neighbors or local network admin, the Feds apparently don't have any problems listening in on your Skype calls.

Neal Stephenson on wiring the world

I'd thought I'd share a link to this somewhat obscure WIRED article written in 1996 by science fiction author Neal Stephenson, about the laying of transcontinental fiber. (Warning: the article is very, very long.) Ever wonder how, exactly, your packets get to that web server in Japan or India? I found it quite inspiring at the time.

Mother Earth Mother Board

The hacker tourist ventures forth across the wide and wondrous meatspace of three continents, chronicling the laying of the longest wire on Earth.

By Neal Stephenson

Many of the themes from the WIRED article also appear in my favorite Stephenson novel, Cryptonomicon (Google Books version). I have a particularly soft spot for the novel, since its plot parallels some spooky, crypto aspects of my own startup experience.

Turing: physics and cryptography

People often ask me what a physicist is doing in information security. Here's a partial answer, from Alan Turing:

“There is a remarkably close parallel between the problems of the physicist and those of the cryptographer. The system on which a message is enciphered corresponds to the laws of the universe, the intercepted messages to the evidence available, the keys for a day or a message to important constants which have to be determined. The correspondence is very close, but the subject matter of cryptography is very easily dealt with by discrete machinery, physics not so easily.”