—–BEGIN HASHED POST BLOCK—–
I attended a dinner last night where the principal topics of conversation were cyber risk and cyber risk metrics that evaluate one’s own cyber impact relative to the rest of the global ecosystem.
One of the questions presented was, in paraphrase, “what is the biggest cyber threat that exists today”? I was expecting the usual trite response. I anticipated ‘advanced cyber weapons’, ‘APTs’, ‘hacks by nation states’, ‘metamorphic malware’, ‘information leakages’, or ‘organized hacking collectives’, and was caught off guard by the answer proposed: spam. I recognize there is a possibility that my MPA in International Security Policy has just made me a bit too security-inclined.
Out of the plethora of choices, spam was considered to be one of the biggest cyber threats today as it adds clutter to an already noisy environment. I would wager that this threat is considered dangerous less due to its [relatively minimal] propensity for tangible damage and more due to its innocuous state. Expectation and familiarity of conventional cyber threats causes a relative downplay of the real issues that spam causes. A significant amount of people expect a hack from Russia (and anticipate the ability of the United States to respond proportionally), but so many people expect to receive spam that they’re deadened to the reality of it.
The answer, “spam” was so shocking to me that I was curious if there was a better approach to eradicating it then we’ve seen previously. That made me think about blockchain solutions to the problem. Obviously I don’t purport my idea to be better than the rest (especially since alternatives have been tried for decades), but I do think it’s time for a shift in the status quo. Perhaps attacking the issue foundationally would be more effective than tackling it defensively.
What if you could cut through the noise caused by spam not by attacking the issue itself, but by redefining the landscape in which it exists? I think this solution manages to address this transformation.
This is a transformational paradigm shift. If emphasis and value is placed on the items themselves (in this case, email communications), rather than on where they’re coming from, then it’s possible to unburden ourselves from spam.
Perhaps now would be an appropriate time for a disclaimer. Friends and colleagues know me as “that blockchain guy”. Admittedly a lot, if not an excessive amount, of my technical conversations manage to involve blockchains and/or cryptocurrency in some form or another. However, I do greatly enjoy thinking about the world’s problems in terms of these innovations. They’re robust, exceptionally dynamic, and groundbreakingly tailorable.
Getting back to the spam issue, let’s consider a solution to this problem by taking origin and identity out of the equation. This can be achieved by a concept that I’ve codenamed Slate Hawkeye (I give codenames to my own inventions simply so that they’re easier for me to reference in the future).
Slate Hawkeye works by maintaining a blockchain of the hashed contents of emails that are submitted by users (or via their mail clients). End user clients, mail servers, and recipient systems can be setup to only approve emails that match a particular hash, pattern, or those that are transacted on (read: submitted to) the blockchain by a certain k_priv. Spammers or malicious users are disincentivized by utilizing this system as it would be too resource heavy to submit hashes to the blockchain for large numbers of recipients, and it would be too costly from a resource standpoint to justify the transactional costs.
As with most of my work, I think this is explained better visually – please see the following diagram.
In this concept, authenticity comes from access control. Those that have the ability to transact on the blockchain, or in another usage, those that are willing to expend the resources to transact on the blockchain are the ones that have the ability to communicate. In the above example, the ability to do (3) can be done via a secure web app (a user requests access to be able to send a message). Alternatively, (3) can be built into an internal network, thus ensuring that only trusted machines are able to send messages (this would work well for incredibly secure networks where the ability to guard against spoofing is crucial). In either instance, this places the value of a message on the authentication stage rather than where it came from. This authentication medium is made possible by a multitude of factors, such as access management, and supported by expensive, and irrevocable or nearly irrevocable access.
One important issue to note is that this would be a lot slower than email as it is presently situated and would also be more computationally intensive – because of the need for the emails to be hashed. The hashes at least maintain anonymity of senders and security of the message as it’s not posted as plaintext, but it requires the client to hash the contents of the message, transact it along the decentralized ledger, and also requires the recipient to verify that the hash of the email they received is the same as the hash as submitted to the rest of the network via the blockchain.
Although there have been many other designs and implementations for blockchain-backed communications systems this is the first that both addresses the trust issue and the opportunity to counter nefarious adaptations of current systems. Perhaps the best implementation only exists in circumstances where authenticity of the message is imperative or security of the communications infrastructure has to be ensured. Since this is just a preliminary concept, I haven’t thought exhaustively about which hash functions would be the most appropriate for this adaptation, but I think that this would be a fun side project in the future.
—–END HASHED POST BLOCK—–
Featured Image Credit: Markus Spiske, “Nosy People”.
Secondary Image Credit: Netflix, House of Cards.
Diagram Clipart: Openclipart.org