Sovrin and Bad Actors in the World


#1

I didn’t see this topic but I’m sure it is something others have thought about.

With all the recent terrorist incidents in London and around the world, and with government agencies desperately trying to find ways of intercepting terrorist chatter and communication channels, has anyone ever stopped to consider how Sovrin could easily be used as a secure, private communications medium? Sure, any new technology can be used for good or for bad but are we really ready to open Sovrin up to the worst kind of bad imaginable?

The problem is if Sovrin intervenes and provides access, it breaks its own rules. If govt agencies demand special “backdoor” access, again, it breaks the rules. Where is the line drawn and where does it end? Could powerful government institutions be granted access to communications or identity information if Sovrin were ordered to provide such information? If that happens, how is Sovrin different from any other identity or communications platform out there? Under such scenarios, is Sovrin truly sovereign?

Has anyone thought about this?


#2

Sovrin isn’t providing any technology that bad actors don’t already have. Secure communications through Sovrin is based on Public Key cryptography and that’s been around for decades. Bad actors can already use it (GPGMail, anyone?) to communicate without fear of having their communications intercepted. Sovrin doesn’t change that.

As for the second part of your question, Sovrin doesn’t sit in the middle of interactions between peers on the Sovrin network. There’s no way for Sovrin to grant anyone access to communications carried out with the help of Sovrin-managed keys. Sovrin never has the private key, so it can never provide that to anyone.


#3

In general, the view that “technology is neutral and can be used for good or bad” is becoming less prominent, and the idea that technology always has built-in values is becoming more popular. In the case of Sovrin, those built-in values are individual control, sovereignty and private+secure communication. It fundamentally lies in the nature of certain cryptographic operations that they enable actors with very limited resources to resist actors with enormous resources.

Whether or not this specific technology is good or bad, and what effect it will have on the world, is not an easy question. The reality is that technology often drives change without much societal reflection and political discourse. Someone simply built blockchain and similar technologies and now we have them, and the world never had a chance to really think about their consequences or vote on their introduction. Do these technologies create equality and opportunity for all, or do they accelerate economic greed and environmental destruction? Do they protect our privacy, or do they help bad actors?

  • One argument is “Yes Sovrin will help terrorists, but only the stupid terrorists, because the smart ones know how to protect themselves anyway”. I think this argument is mostly convincing, but not entirely, because of course Sovrin can make it easier for more bad actors than before to now protect their communication. And of course Sovrin does indeed offer new mechanisms for secure communication that have never existed before.
  • Then the next argument could be that in the classic trade-off between “freedom, privacy, etc.” vs “security, surveillance, etc.” we currently have a strong imbalance towards the latter, and that therefore technologies that help with the former are a good thing. In other words, we accept the price that Sovrin and similar technologies will help bad actors, understanding that the reward will be better foundations for our digital societies.

I don’t agree with the statement that Sovrin could not provide a backdoor for intercepting or manipulating communication. It could certainly do that through code updates, or by trying to control trustees or validator nodes. This comes down to the question of who is ultimately in control of a communication system. The essence of the Ethereum DAO “hard fork” debate was whether the highest authority should be human governance or an unstoppable computer algorithm. Both can go terribly wrong (think Hitler or Skynet, respectively).

In these design questions, Sovrin goes to great lengths to establish a sophisticated “diffuse trust” concept both on the human governance and technology level, in order to get things “right”. One “bug” may be that Sovrin in practice is at the moment quite disproportionately U.S. based, considering its role as a “global public utility”. But otherwise the thinking behind the Sovrin architecture for individual independence and sovereignty is novel and deep, and more advanced than with other technologies currently out there.