Adsense Search

Custom Search

23 April 2013

Asymmetric Cryptography As A Tool Of Liberty

Asymmetric Cryptography in the form of Public-Private Key Pairs can be a strong tool for personal Liberty by breaking the monopoly governments have on personal identity.

For example, I am Bob. Unless I am severely mental ill, I intuitively know I am Bob. Simple enough. But how do you know I am the Bob I say I am? Because my government tells you I am. Most people have a birth certificate, issued at the time of their birth or at some point later. The validity of this document by itself can range from completely bogus to quasi-official. The way to make it offical or trustworthy is to have it certified by a government agency in the form of a certified birth certificate, or use it obtain an official identity card or papers. Therefore, the government entity holds tremendous power by controlling, or withholding, identities.

At various times throughout history governments were simply extensions of the people, for example, in post Revolutionary America. But much more commonly, governments have been usurped by factions to serve their own agendas. e.g. Nazi Germany. Since governments in general are historically unreliable, it is dangerous for them to have the power to say who you are!

Going back to the Bob example, my close friends and family, even extended family, know I am Bob. They don't need me to present a government document to tell them that. What if this familiarity can be extended without the involvement and permission of a government? It can, through Public/Private Key certification. We won't get into the specifics of encryption, there are many sources of information on the topic, see footnotes. The purpose of this article is to explore the possibilities of using the process beyond encrypting documents.

The part of asymmetric encryption that concerns us in regards to identity is Certificate Signing. A document is encrypted with Alice's public key and sent to Bob, who decrypts it using his private key. All fine, but how does Bob know the document came from the Alice he thinks it did? This is where Certificate Signing comes into play. Alice has people close to her; family, friends, associates, sign her certificate. They are saying, in essence, "I certify this key belongs to this particular Alice". With enough certifications, we can be sure that Alice is who she says she is. Given the ability to de-sign her certificate, the assurance is even stronger.

To put it very simply, we can be sure Alice is Alice because a hundred or or ten thousand, or a million people say she is. This takes even less faith than believing Alice is Alice because a government bureaucrat, who may or may not be neutral, says so. Everyone dealing with Alice can make their own assessment of Alice's credentials. If she's going to walk my dog, I may be okay with 10 signings. If she's going to have access to my financial records maybe I would like to see five thousand. If she just shows me a drivers license, this gives me almost zero confidence. Is it a real drivers license approved by a conscientious license bureau worker under no influence from her superiors? Or was it printed in a Mexican document factory yesterday?

If such a system were adopted on a large scale, there would be no need to depend on a possibly malevolent government to establish one's identity. It is unlikely that a group of thousands of dis-interested people would have an interest in denying a person's identity, but history is littered with cases where it has been in the interest of a government to deny someone's access to identity, or coerce a person into submission in exchange for an identity.

This isn't a completely matured proposal, it is a starting point for discussion. What do you think?