PGP* (Pretty Good Policy) GLOBAL ENCRYPTION DAY

PANEL
Marta Belcher, President and Chair, Filecoin Foundation
Henry Holtzman, Chief Technology Officer, MobileCoin
Philip Martin, Chief Security Officer, Coinbase
Zooko Wilcox, Chief Executive Officer, Electric Coin Co.
MODERATORDr. Eric Burger, NextG Security / Commonwealth Cyber Initiative

Transcript

Encryption plays in our digital world. Encryption is more than a technical concept. It’s the cornerstone of secure digital transactions. An electric Coin Company We rely on a unique form of encryption known as zero knowledge proofs to safeguard the privacy of users of the Z cash cryptocurrency. But the significance of encryption extends beyond our work. It is essential for every organization and individual engaged in the cryptocurrency industry as a testament to this, we will hear from a remarkable group of C level executives who bring invaluable insights from the cryptocurrency industry and share their thoughts on the significance of encryption. As I reflected on my decade long journey of advocating for encryption in preparing for this gathering, I realized that my passion remains today. strong as ever. In fact, there is a subtle reference to encryption in the policy platform that I helped develop at electric Coin Company. It’s represented by the asterik in the PGP, right up there you see the Asterix, so, of course, pretty good policy as what we’re trying to develop. And for those who may or may not be familiar, PGP also refers to pretty good policy, pretty good privacy encryption. So I’ve used the PGP in doing not only congressional briefings like this, but in breakfast meetings and BGP podcast, it’s all about pretty good policy, but the subtle reference again, to pretty good privacy. So that is a tool that was developed by Phil Zimmerman back in 1991. It became the focal point of the crypto wars, a term describing the efforts by the United States and allied governments to restrict public and foreign access to strong cryptography. A battle that was eventually won through grassroots efforts almost a decade later. The early stages of the crypto wars paved the way for the secure online commerce and communication that we enjoy today. And quite frankly, without it, we would not have the Internet that we all experience and love today. So Phil Zimmermann documented his experiences in a PGP essay. I’ve printed a few of those for you to read today, along with some other comments. For those online you can look at Phil’s ermine.com to see that I think it’s important to reflect on that when we we recognize global encryption day. I’d also like to recommend a book. It’s called crypto as in cryptography, not cryptocurrency by Steven Levy, if you want to learn more about the crypto wars so with that, before we dive into our program, I want to express my gratitude to stand with crypto alliance for their outstanding work in fostering crypto the cryptocurrency community. And please join me in welcoming Nick Carr. He’s the chief strategist with Stanford for standing with crypto. And he’s going to provide just a few comments

now. Thanks, Paul. Stand with crypto surf save a crypto Alliance serves as the primary hub for founders and builders and advocates who likes to ensure that the entire crypto grassroots community voices are heard. And so we’re we’re happy to help sponsor global encryption days we shed a light on safeguarding millions of Americans and individuals worldwide to ensure we all remain safe and secure through each of our digital actions each and every day. So thank you again and I look forward to the panel discussion.

Thank you so much, Nick. Now we will hear from Dave Grimaldi. He’s the Executive Vice President and Head of Government Relations at the blockchain Association, a group that I very much appreciate for all their work in helping to organize the cryptocurrency industry, and he might give us a little bit of legislative context or insight into things that are that are important for us. To be focusing on today. Please stay

tuned. Thanks, Paul. Hi, everyone. And I think that it bears mentioned that that Paul has started something kind of special with the variations on the acronym PGP. So if by for those of you in the room who don’t know it, it’s it’s pretty good privacy. It’s turned into pretty good pancakes. It’s turned into pretty good pours last night was the happy hour. What am I missing? What’s another pretty good pizza? It makes you want to like if he if he brought it out? New business lines like pretty good. Play things like a new toy company toys are hot, pretty good plywood, we could go into lumber together. But Paul was I think and I said this to a couple of people outside. He’s one of the hardest working guys in DC with what he’s done. He’s provided this gathering ground for us once a month for a lot of people in this room to just come together and share what we’re all doing from a blockchain and crypto and digital asset perspective. And he’s kind of turned us and a number of us in this room into into a band of brothers and sisters and for those of us who’ve been in been in DC for a little bit. You can envision decades ago what the pharmaceutical advocacy and lobbying industry looked like. Was it a room this size with this many people and now it’s 1000s if not 10s of 1000s of advocates and lobbyists and regulatory councils etc. Or think of the manufacturing industry if they if they had a similar event and filled this room. You wouldn’t be able to get half the people in here. We are this I think tremendous hard working community of believers and at blockchain Association. We we take that very, very sincerely and very seriously. What will we ever said a moment ago? Are we the future of global finance? We think we are Are we the future of finance and technology we think we are and to be in it at the ground floor in the BA offices is something that that just really feels good. And we have had a heck of a couple of years. You all know that. But Paul, again, brings us together with podcasts and so forth. Blockchain association is five years old. And started by Kristin Smith five years ago, we’re now over 110 member companies and we’re here really trying to bring that speaking truth to power to members of Congress and the Federal Government. And as Emma was saying, there, there was up until very recently, there was a knee jerk reaction from and I’m saying this as a former Democratic staffer, from Democrats in Congress to ignore this industry because every time they mentioned something about crypto or blockchain, they quote unquote, legitimized it and I heard this from staffers themselves. We don’t want to hold a hearing on your industry because it it lends credibility and legitimacy. And you know, that that hurt that was that stung as we’re all working as hard as we are on these issues. But then we started to talk about the online economy turning into the sharing economy, turning into the ownership economy and what it’s like to have a piece of real estate online, through an NFT through assets through whatever it is. And if we’re fast forwarding now, there are two subcommittees with the words digital assets in their titles like oh, what do you owe what a difference a year makes? There are multiple pieces of thoughtful legislation working their way through the House and Senate. Of course, on the other side of that there are a number of pieces of damaging legislation as well. And that’s what we do every day. It could be a as we try to educate and walk members of Congress through what they’re doing and the effects that little half and there are, we’re trying to get that message to members of Congress on relevant committees or just members of Congress, generally, the ones on our relevant committees, they sleep it and breathe it a little bit more. But off committee, these are still intimidating issues and members of Congress grab on to the piece of it that they relate to. Wait a minute, I thought you guys were finance. Wait, I thought you were technology Wait, you’re something in the middle. I don’t understand. I don’t have to focus on this today get get this out of my way. And our role is to again lend that realness to it. And Congressman Ritchie Torres, from the Bronx, one of our chief advocates tells that real story and I’m sure a lot of people in this room have heard it he came from a home with a single mom. Both both of his brothers were in trouble with the law. And Congressman Torres was 13 Gay African American member in New York City or not, I’m sorry, future member of Congress, New York City. And he couldn’t get a bank account. He didn’t have a fixed address couldn’t wherever he went. He couldn’t do it. And he is a doggone tenacious smart guy and he found a way to invest his assets, keep them safe. This new thing called crypto out of Florida and 35 members of the house that’s one who has that story. To my knowledge, there’s no one else that has that story. But he is one of those that is kind of spreading that around. And saying this is life changing. Right? This is something that is very personal to him. Let me tell you about that story. And we amplify all of those stories. Crypto is a lifeline that crosses borders brings families closer together. remittances offer a cheaper and faster way for immigrants to send money that resonates with many of the sub caucuses here. It’s impactful for people without access to banking and 10s of millions who can’t rely on stable and local national institutions. Congressman Torres chief among them. We are now through a couple of different associations overseas and entities launching crypto aid Israel that’s not a big endeavor, but that is a crypto and digital asset focused movement. That as with Ukraine is trying to get money to those who need it using fast quick payment mechanisms. So all that to say we have this dynamic and innovative story to tell we’re trying to prevent unintended consequences in different pieces of legislation that’s hard to do. Because, as As many know, once a member of Congress gets something in their head, it’s hard to convince them otherwise and they move toward it. We’re having that dialogue with members of the federal government and we’re doing it with the partners in this room. A lot of great blockchain Association member companies. And I’m as with my colleagues, Mont Hammond and Matt Albro. We’re I think I can speak for them. We’re proud to work on these issues. And we’re proud to work in this industry in this family. If I can be so bold and I’m and it’s a privilege to be here today with all of you, Paul, thank you very much.

That really meant a lot to me, Dave. I mean, I really do feel like I’m family with the BAA team. Almost everything I do is with them. And I rely on them so much. It’s such good important work, so I really appreciate that. With that please our panel if you wouldn’t mind coming up and let’s get that started and we can’t wait to hear from you

all of the short BIOS were on the website for these speakers. i There’s no way I could even begin to do justice to introduce them. So I’m honestly not going to try I’m gonna let maybe Eric You know as moderator you can do a little bit of that. But at least I will say something about the moderator my friend Eric Berger. He’s been friends with Eric for a very long time now. I worked with him at Georgetown University for a few years and even before that, that the Internet Society again working on encryption issues. He has been working on this so long, it’s it’s pretty remarkable. over 25 years of experience overall it he’s worked in industry, in government, in academia in academia right now at Virginia Tech University. And I just know he’s gonna pull out some really good insights. From this panel. So I’m gonna leave it to you, Eric to take it from there. Thank you.

Thanks, Paul. And yeah, as Paul said, worked a long time together. And this is not a new topic. You might think, oh, crypto and all that’s a new topic, but what we’re going to be talking about today kind of transcends crypto. I will do the very briefest of introductions again, I’m not into the one page long intros because I fall asleep saying it all the way on. stage left. You’re right. Marta Belcher. She’s President and Chair of file coin Foundation, and she is also the official real lawyer on the panel with training and practice. nexor is Zuko Wilcox, who’s the CEO of the electric Coin Company and it’s been around digital cash again for longer than most people in this room. The only other person in ocean is euro Mutsu Oh, who’s got his 1998 digital cash card from Japan in your predating? That it’s been around? A Philip Martin Chief Security Officer of Coinbase, also experienced at Palantir and the California National Guard because I know things that people kind of get concerned about like, well, can’t this be used for other stuff and he’s got some counterintelligence background there to help inform us. And finally, Henry Holtzman CTO of mobile coin, former Chief Knowledge Officer at the MIT Media Lab, you got there, right after I left. Good time. That was great. So with that, we were gonna go very informal format and definitely looking forward to questions coming from the audience is well, so I was going to start with you Marta, if you don’t mind, saying you know, since you are the lawyer and have been involved with civil liberties and privacy. Why is encryption important to the future crypto?

Yeah, absolutely. So, you know, I think it’s so interesting when you have conversations about encryption, this idea that somehow because we’re doing something online, that third parties should somehow have a right to see what we’re doing. Is really kind of shocking to me. When we talk to our family and friends in real life, right when you’re having a conversation, one on one or in a group, you would never expect for it to be normal for other people to record that. Conversation and have access to it and be able to view it. Use that information for their own purposes. Turn it over to third parties and governments. You would never expect that in the real world. For some reason. There’s sort of this normalization with the digital world where because it happens that we live our lives through just a handful of companies. You know, Google, Microsoft, Facebook meta, right? It is somewhat normalized. The idea that these companies have access to your communications to your data, that they can use that information and that you have no choice but to trust them with your data, to trust them to protect your civil liberties, to trust them, not to misuse it, to push back on on unfair requests for it. And I think that it’s really important that we move this normalization, you know, towards a world where online we expect to have the same kind of protections that we would have in our one on one conversations in our daily lives. And what end to end encryption does is it really moves that protection into the online world and lets you have conversations with people and interactions with people. Just the two of you are just in that group. Without third parties watching.

Yes, actually, that’s great. You know, Marta talking about like the importance to the web. Zuckerberg you know, how is encryption important for privacy preserving cryptocurrencies, you know, things like z cash.

Um, thanks. Well, I’m still gonna get what Marta said that was so eloquent. And it makes me think of the, like, the conservative pitch for encryption, which is that encryption is what protects and preserves the way we’ve always done things. Because all of our lives are digitalising. And if we don’t take steps to add digital protections with the digitalization, then we get this vulnerability like Marta said to mega corporations, also to scammers and hackers and foreign enemies and so on. And we also at the same time risk making it possible like never before to have totalitarian surveillance and control of every single person in every single moment, which has never been possible for even the most sort of unprincipled and brutal totalitarian of the past that was never in their power until now. And encryption is the thing that sort of keeps civilization like we grew up and it like Marta says you can have a conversation and everyone expects that that’s just between you and governments can be limited in their capabilities, because that’s that’s what’s worked so far. Let’s keep it going. So your question though, was about cryptocurrency specifically, this is something I really like is the fact that global encryption Day is a celebration of more than cryptocurrency but encryption per se and something I really like. So your question was, why is encryption so for cryptocurrencies? I think it is. There’s this within the world. There’s really interesting experience within the world. Okay. I’m going to finish within the world of cryptocurrencies. There’s this assumption of global transparency where everyone can see everything all the time just because kind of an historical accident that that’s how Bitcoin started it because Satoshi tried but couldn’t do better at the time. But outside the world of cryptocurrencies, the assumption of everyone being able to say everything is just crazy. Like that’s completely unacceptable to normal people. So that’s why encryption is necessary for cryptocurrencies to make it acceptable to real usage by the rest of the world.

In fact, that let me let me skip over Phillip for just a second look on promise to get you. But Henry Yeah, you’re like, Oh, I’m up. So you know, we talked a bit about people’s privacy. We’ve talked a bit about just just started the conversation on cryptocurrencies. What about like, like business models, proprietary technologies, what’s what’s the role of encryption and safeguarding kind of that part of the equation?

Oh, yeah. The examples there. Is it on the heat the microphone, okay. too numerous examples. To go over. So let me think about maybe some transformative changes. I’m been in computers long enough to remember when if you had multiple office locations for your company, you had to like rent private telephone lines in order to have secure communications between them. And, you know, that’s all given way now to just being able to use the Internet because of things like SSL and TLS, where every application can have a secure connection to the back end that servicing it. And that transforms not just how a company can operate internally have higher security and lower costs, but also who I can do business with remotely. So like we couldn’t have online banking, for example, we’d all still have to be going into the bank and dealing with either the ATM or the teller. If it wasn’t for being able to have an end to end encrypted connection from every device back to every company. And so that’s been tremendously transformative not only technologically but in terms of those business models. Some other examples of business models that have been enabled by this by encryption, streaming music, for example. So like every music stream is encrypted, to make sure that people are supporting the artists with the royalties. Well, so now, for $10 a month I have access to the entire collection of music, rather than having to buy each individual piece of music that I want to hear a tremendous a tremendous transformation of an industry thanks to encryption.

And now Phillip as promised, because you know, we’ve seen you know, people currency business models, you know, given your day job, how does encryption kind of how is that important for like protecting a company’s stuff, you know, protecting a company’s business, its operational security, its business security.

I think the answer follows right from from the previous answer. For Coinbase, this is obviously incredibly important, right? We’re protecting 10s hundreds of billions of dollars in cryptocurrencies have done so for quite a while. But it goes beyond cryptocurrency and into protection of everyone here’s private information, right from from loss or theft, it goes into enabling communications between disparate businesses. Every single credit card transaction every single one of us makes is enabled because of secure point to point encryption between those processors between those, those devices that you touch the and the sort of central processing facilities. The even something as simple as the ability to file your taxes online. Right, is enabled through the use of encryption, that allows for the protection of that data, right both in transit and, and at rest. And so from a we can there are examples of balance right, we can talk about the criticality of protecting trade secrets and the use of encryption there for the knowledge economy, right, the pieces, pieces of pure information that by themselves, right create value, and will create value whether they’re here or they’ve been spirited somewhere else. So I think it’s absolutely fundamental to the ability as a as an organization to exist in an ever more online world.

Thanks. I’ll take the pause for a minute anyone out there have any questions otherwise, I’ll keep going and actually Paul, do we have a roving microphone? We do one moment, please.

Hi, thanks. Great to see all of you again. Yeah. Fantastic, Eric. I had a question since we’ve got this incredible diversity of representation across privacy coins, people that have played a role for years related to cryptography, regulatory approaches related to some of those technologies, as well as financial applications. The some of the projected future of web three is to provide this, this infrastructure that can enable at the same time, financial transactions as well as data transactions and are our expectations for privacy look different depending on the use case, surrounding certain financial information and use cases healthcare, data storage and use otherwise I’m just curious if you have thoughts about the policy or technology approaches or solutions that can help to a to approach where we need different types of discoverability and disclose ability based on the use case when now we have the same rails that can support information transfer and financial transfer. And with the right optimization, you can’t tell which is occurring. So we’d love the thoughts from the security experts.

Sure, I doubt I’ll be able to address the entirety of that question. But I think one one piece that you said actually resonated with me which is the expectations piece. I think that’s actually the most important part of that question is figuring out what are our experts our expectations in this online world? Should they be the traditional expectations that we will have in terms of individual privacy? My personal answer is yes. Right. But I think that’s actually a broader question that we that we need as a society to decide what our view is. And then from a technical standpoint, my view here is we have all the tools we largely need between you know the basics of traditional cryptography, things like multi party computation that enable processing of data and confidential ways. Things like zero knowledge proofs that look for my money. We don’t we don’t even yet know how impactful they’re going to be, because they’re too new. Right. From my view, I think the question is going to be how do we how do we arrange these building blocks, but we can build my opinion almost anything we want to build at this point?

Can I jump in? Yeah, I agree with the expectations being potentially the most important part. And also it reminds me something Marta said and also that reminds me of what I’ve been hearing from some of my younger friends recently was really disturbing. It’s privacy nihilism. It’s it’s an assumption. Well, yes, Mark Zuckerberg knows everything about you. Your phone is listening to you all day. Long and recording whatever you talk about us to advertise to you and there’s nothing anyone can do about it. That’s that’s just like you we all have to get used to it. And it’s not I don’t know if that’s an expectation or acceptance. What I hear it is said kind of like miserably that’s kind of like we now live in a dystopian world, but there’s nothing anyone can do about it. And that’s the part I disagree with. I think we can totally do things about that.

Yeah, I think as I read about this topic, in the media, there tends to be a lot of black and white thinking as though it’s either we get complete privacy at the detriment to society, or we get no privacy at the detriment to the individual. But of course, it doesn’t have to be that way. We can, as has been said, depending on the use case, the application, we can pick any point in between. One of the things about web three is that it is the joining together of a lot of diverse decentralized technologies. And so some use cases may be better on some subset of those technologies, where they are really focused on privacy, you know, that my communications with my family, for example, should be completely private between me and my family. And there are messengers that offer end to end encryption to ensure that but there are other points in the spectrum too. We know bitcoin is completely transparent. And perhaps there are great use cases where we should continue to use Bitcoin for things because that transparency is desirable. I think what we have to keep in mind is that we do want, even when we are building solutions for privacy, that there are ways to be compliant with the regulations and the laws, and that we should engage with policymakers and lawmakers figure out what that is, and craft solutions that, you know, try and thread that needle of providing the privacy that people need, but also providing the disclosure, you know, to regulatory regimes that those regimes might require.

And that’s great and it is an area of as you know, Carol, of current research, we’ve been working on some DARPA work and DOD NSF work because encryption is necessary but not necessarily sufficient for privacy. Just the fact that we’re communicating is information. How big these encrypted packets are, how often they go back and forth, can offer a wealth of information. And yes, you know, from a policy perspective, this is federal money paying us to figure out how to make that private because there are many use cases where it’s in and because you said you know, without the privacy protection, it hurts the individual. It even can hurt society, and that’s recognized by many policy makers. And so how to make society stronger. Actually, you know, as we’re talking about that, because, you know, again, I think people might have this vision of Oh, but we’re, yeah, we’re talking about encryption and personal communications, but we’re also kind of talking about money. But Marta, I was hoping you could tell us a little bit about what’s going on at filecoin and kind of what that’s all about.

Yeah, absolutely. So, you know, I’ve talked a little bit earlier about the way that we currently live our lives through just a handful of corporations. And when it comes to the web, today’s web, it’s extremely centralized. So any website you go to is the actual data is being stored on a server that’s owned by one of just three companies, which is Microsoft, or Google or Amazon Web Services. And the problem with that is that we really have no choice but to trust these companies with our data. These are also central points of failure, which means sometimes one of these companies will have an outage and vast swathes of the web go down for hours, which is the problem with single points of failure. And so what we’re doing is using cryptocurrency, to build a better version of the web, where users are in control of their own data and a web that can really protect users security and privacy where you don’t have to live your life giving all of your data to just a few companies and where you don’t have to trust them. The way we’re doing that. We’re using the fact that with cryptocurrency. It allows you to program your money, right? You can write computer programs that say things like for every second of a song I play automatically transfer one 1,000,000th of a cent to the songwriter instantly and automatically across the world that programmability we’re using to create a decentralized file storage network. You can think of it sort of like Airbnb for file storage. So people who have extra storage space on their computer hardware rented out to others, and they get paid in filecoin for doing so. And that sounds a little bit niche. But what it allows you to do is create a new version of the web where instead of people having to go through just a few companies with their data, they actually have a web where they are in control of where their data is stored, who has access to it and what they can do with it. So we think that’s very powerful and very in line with the issues that we’re talking about today.

Yeah, although if I could push a little further, what’s that got to do with encryption?

Well, what it has to do with encryption is that it gives you the ability to actually choose what happens to your data, including encrypting it right. If I want to send my if I have to live my life through the centralized web, where really there are just a few players, where I’m handing over my data to these companies and I have no choice but to trust them. That is a totally different world than a world in which the user has control over where they’re storing their data, whether that data is encrypted, who can decrypt it, and I think really creates not just not just one alternative but sort of the base layer on which many, many applications can build on top of this technology to create an entirely new version of the web where users can can control who sees their data rather than Hand it over. To a few corporations.

Thanks. You, Philip. There there have been talk about making from a policy perspective. Kind of breakable encryption. What would you think about that? You know, is that okay? Do we actually need strong encryption from kind of, again, a business perspective?

It’s never worked very, very straightforwardly, it’s never worked. The reason it’s never worked, is because whenever anyone’s tried to make a breakable encryption, you normally involve either some sort of keyed trapdoor where you know, someone special has some piece of information they can use to reduce the, the difficulty of the decryption or or maybe it’s some sort of escrow service, right klemper champ was sort of famous for that, right? And both of those things fail for different reasons, the escrow service fails for the very simple reason that you as the escrow service have just made yourself the most valuable target in the entire world and my experience, right, having been in the cybersecurity field for a long, long time, is that when you make yourself that large of a target, someone’s going to take some shots at you, right and if they take enough shots on goal, they’re eventually going to get something right on the on the firsthand when we think about some sort of of, you know, backdoor key system. Those keys tend to be tend to be durable, right? So you have one little people a little secret that you need to keep secret. You also need to share that secret thing with other people so they can make use of the secret decryption. Backdoor and that becomes very, very difficult to do safely and securely over long periods of time. The problem there is, let’s say, you know, if we’re talking about my web browsing activity for the last week, it probably doesn’t need to stay secret for very long. If we’re talking about long term planning documents, or very sensitive research and development, intellectual property has been created. If I can capture that on day one and decrypted on day 700 800 You know, they 5000 Now I still have quite a bit of value. Right? And so what bad actors will do in that case, is what they’re starting to do right now with the rise of quantum is say, we don’t know when this is going to show up. It’s going to show up one day, let’s just start capturing everything we can and the knowledge we’re gonna be able to break it later and thus derive economic value from it. Right. So it the set of incentives set of the set of incentives it creates for attackers and defenders, I think are just are just not tenable long term.

Thanks. So Henry, you know how its mobile coin kind of integrating these encryption, strong encryption technologies to enhance privacy and security for its users. And what do you think companies ought to do? Can they all be should they all be like mobile coin?

So let me just, you know, back up a little bit and explain mobile coin to put it in context. So mobile coin is a layer one blockchain along with wallet application for using it coat we call it mobi and also we power signal payments. And we crafted mobile coin to be targeted to payments. Like that is the domain that is the use case that we wanted to address because we didn’t feel that there was quite the right technology out there for it yet. And what’s important to payments in our minds are number one, that it’s inclusive. Okay, so we wanted people to have self custody of their funds, and we wanted them to have a decentralized ledger that anybody could take advantage of. So that’s like the inclusivity piece. Number two, we wanted it to be nearly instant so that it could be used both for face to face transactions, as well as transactions across the globe. And that means to us right now are we try to keep everything under 10 seconds. You can imagine if you’re like at the at the cash register in the store and you can pay in under 10 seconds, you’re not holding up the line. But if it’s going to take a minute you’re kind of holding up the line, it’s gonna take 10 minutes, you know, everybody’s going to be angry behind you. Right. We wanted it to be extremely inexpensive to transact, because we wanted to enable like the scenarios Marta was just talking about where you’re doing micro payments, where the cost of transacting doesn’t limit the use case, and the business models around how those transactions can work, like I like to think of it is instead of subscribing to one online news source and then kind of living in its bubble, right I can buy art, it would be great if I could just buy the articles I want to read and like pay 25 cents or $1 or whatever for each and not have that swamped by the cost of that transaction. So mobile coin costs well under a penny for every transaction. And then we get into, you know the issues of your question, which is that you know, our expectation is that for the most part, our payments are not public. Like if I am seeing a therapist, like the fact that I’m seeing a therapist and which therapist and what their specialty is, should not be revealed because I’m paying that therapist like that’s private information for me. My employer paying me and how much they pay me. You know, that’s between me, my employer and the IRS here in the US, but not for everybody to know. So we wanted end to end encryption in the system. And we wanted it to also work on mobile devices. So you could use it everywhere. Alright, that was a that was actually a kind of complicated intersection to do the engineering for I’m very proud of the engineering we did there. But there’s another piece and that other pieces as we were talking earlier, it’s like the compliance piece. It’s the regulatory piece. It’s the, you know, how do we comply with all of the laws and regulations of the various countries. And so we also built in things to our protocol to help with that, where for example, you know, right at the very bottom of it, we have a separate view key and a Spin key. So if you want to reveal your view key to an authority you could for auditing purposes without giving over the ability to spend your money. And in fact, we have a different view key for every transaction. So if you need to show an authority, just some transactions, you could just show them the view keys for those transactions. But that’d be up to you. That would be up to maybe a court subpoenaing that, like there are all kinds of tools already at our disposal to compel people to share this information. We don’t have to put it out completely publicly. And then also there is the idea that when you’re interacting with these entities that are regulated exchanges, banks, people like that, we’ve also built a layer around that rather than backdooring the crypto as we were just talking about, because that would just make the whole blockchain valueless. We build on top where we build tools into the application to let you release the records easily that are needed for those regulated entities to perform their regulatory obligations. So yeah, I think that looking at it that way, is the kind of thing that other companies should do as well. They should like we should engage. As an industry we should get engaged into conversations with law enforcement, with regulators with lawmakers and figure out like how do we support both? How do we make a secure system a system where, for example, a law enforcement officer could pay a confidential source without risking their life? You know, it’s kind of like they want transparency on the one hand in order to analyze data and find criminals or proven court, criminal activity, but then they also need that same privacy in order to do the investigative side. And so, you know, striking that balance, and that’s something that we we want to engage in and we want to invite everybody else to engage in that as well.

Oh, great. And in fact, yes, I was remiss Zuko tell us about Z cash. And as well, your comment on what you’ve heard so far.

What I’ve heard so far is all very interesting. Z cash is a cryptocurrency I’m one of the founders of it, but it’s it’s a very decentralized thing. So I’m not really the controller or official spokesperson for Z cash. But one thing I’m really proud of and having gotten it started is that it’s the first implementation of this new technology called zero knowledge proofs. And ever since we implemented zero knowledge proofs they’ve gone on to become one of the most promising technologies not just within cryptocurrency, but potentially for all kinds of other things like Phillip mentioned before. They’re the latest addition to our toolbox. We only have like, you know, three or four of the really important tools like encryption and digital signatures and looks like zero knowledge proofs. May be in that set of really important tools for all kinds of, of of humanity’s infrastructure going forward. So I’m really proud of that and more generally, it’s a neat thing about the cryptocurrency industry is that it’s empowered or it’s fueled up a lot of innovation because there’s, there’s there’s money attached. There’s there’s tokens and business models proliferating in all directions and that’s enabled investment into creating new technologies, which were not being really deployed by you know, Facebook and Microsoft and Google who are pretty satisfied with what they already had. Yeah, so that’s that’s a sort of a positive benefit on society that we haven’t really seen play out yet because these new tools like Philip said, it’s going to take like five or 10 years, I wouldn’t be surprised if in 10 years zero knowledge proofs are built into every operating system and every device and every network protocol that all of humanity relies on. But anyway, aside from creating cool new technologies that might benefit the rest of the world Z cash is also a district decentralized open cryptocurrency which solved Satoshi Nakamoto is original puzzle. I mentioned that. cryptocurrency is sort of transparent by default, and Satoshi and the other early Bitcoiners. I was involved in the whole Bitcoin project. I’m the author of the first blog post ever written about Bitcoin and Satoshi chatted with me about it and link to my homepage on the original Bitcoin homepage and stuff like that. But it during that era, Satoshi and some of the other early Bitcoiners had this conversation they were like, well, we’ve got this design, we cannot transfer value over the Internet, the way we are able to transfer information over the Internet. That’s great. But there’s this massive privacy problem with it. If only we could figure out how to use zero knowledge proofs, we could solve that but then they weren’t able to because it was like five years too early for the technology. And so that’s what Z cash came in and did was add that piece. So Z cache is just like Bitcoin with encryption, like, like blockchain and encryption are these two really powerful technologies and you couldn’t put them together until you had the third piece which is zero knowledge proofs to to let to glue them together. So that’s the Z cache.

things and I will endorse the it’s for more than just cryptocurrency. And of course, we’re gonna thank our sponsors. So thank you to the NSF. We’re working on using zero knowledge proofs and multi party computation for Spectrum sharing for communication networks that want to see what’s available without divulging who is asking for the spectrum because that’s proprietary secret stuff. And get everyone needs to know that someone wants it and there it gets really interesting because there are rules about you know, if you’ve got so much stuff you want something right next to it if you can, but you don’t want to divulge that you already got some stuff, but yet you need to know that you got some so it’s, you know, some very interesting things that yeah, literally five years ago, we would have you it wouldn’t have been Yeah, we would not have gotten funding because we would say you just can’t do that. And now we still not sure we can do it, but we think we can so so that’s all going I’ll open it up again. Yep, please, Paul. Yeah, there you go.

So, Henry, looking at you primarily on this one. I think it’s easy in rooms like this to to be a little bit blinded by privilege because we don’t have to worry about state compliance being a threat in this room, right in this country. However, in many communities we do, right. So women seeking access to health care, the queer community seeking access to health care, and there’s areas in the world where this can can cost people their lives, right when it comes to that view key. Is there a way to disable or real time destroy those view keys for those times where compliance

threatens safety? So the view key is private. And yeah, you you could throw away your view keys, you could, you know, take your 24 words, and you could make sure they’re backed up. And you could then erase them from your phone so that you can get access again later. The view key will be needed when you want to get access to those records again.

If I wanted to, say reply to a subpoena, and full compliance and not be crossing yet another line, that’s where I was curious if the destruction of those is an effective way to protect communities from from the state.

Yeah, I mean, basically, you’re describing, you know, throwing away the data. Is there a way to throw away the data? And the answer is absolutely. Right. And it’s it’s the kind of thing like you know, you know, back to the ways encryption, has been changing our technology, we now have the ability to hold drive, encrypt all of our laptops, right. We can tell them we want the hard drive encrypted. And as soon as we throw away the key to that encryption, that hard drive is now unrecoverable. And it’s exactly like that. If you throw away your key, it’s unrecoverable.

Although, as Zuko pointed out, today, actually, I’ll toss that out, tossed it, I guess a fastball, which is many of these schemes rely on a symmetric encryption. What happens when a symmetric encryption is read like a piece of paper?

Well, there’s a there’s a lot of encryption algorithms that already exist that are resistant to possible future quantum computers. out of the out of the encryption algorithms that we use today, some of them are already resistant to possible future quantum computers. Others are definitely vulnerable to possible future quantum computers. But we’re working on new improved algorithms to replace those ones. So that it’d be possible to have a complete system in which none of the pieces could be broken by potential future quantum computers. Even contributed to one of those algorithms are very proud of it. In particular, it’s a neat thing about Z cash. The way we designed it is that it’s already impenetrable to future quantum computers under certain conditions. It depends on if the if you reveal your Z cash address to the to the attackers who are gathering it up like Philip was describing to decrypt it later. But you can use the cash all day long and you don’t reveal your address to the attackers. You just reveal your address like person to person to the you know, other people you’re interacting with. If those future attackers never got a copy of your address, then they cannot decrypt your Z cash transactions, even when they invent quantum computers. I think that’s pretty cool.

Maybe just a little bit here. So this this is frequently talked about, in actually in absolute terms, right? It’s like, one day it’s gonna go from asymmetric encryption is unbreakable to asymmetric encryption is read like paper and that’s actually not the case. There’s that there’s a ton of nuance in what systems will be attackable with what preconditions on the timeline there. This is an incredibly, incredibly nuanced thing. I think the salient points for people here are to the extent that we have information that we think needs to remain remain confidential, for, let’s call it overview, 50 years to be conservative. We should be thinking today about how that information is protected, where it’s transmitted, who else who else could or has seen it? And ensure that as we move forward to the extent that information has to move in some way that makes it visible, do it in a way that looks forward? With quantum computing in mind, maybe this is multi layers, multiple layers. Cloudflare is doing some experimentation here. We’re seeing an SSL doing traditional encryption and a layer of say lattice based encryption going down the pipe. Other thing I would say about this is I don’t have a crystal ball, but I highly doubt we’re going to wake up one morning and a quantum computer capable of running secure algorithm or or any one of the other invented algorithms is going to pop into existence. Right? I think this is going to be a development of increments over time. And chances are we will we will all have quite a bit of time to adjust to this new reality as it starts to come on the stage. Which is great because that gives us time to actually develop and build trust in different cryptography algorithms that are likely to resist the what today are probably even currently unknown quantum algorithms to break those systems right. So there’s a lot of uncertainty. I don’t think this is going to show up tomorrow morning. It probably won’t even show up in my professional career, I’m gonna guess. But to the extent we have information that needs to marine remain confidential over a decades of timespan we should be thinking about how we’re protecting it today.

And if we do have a question out there, thank you.

Thanks for coming today. And this has been a really great conversation this questions mostly for MARTA but for all of you. You know, as the resident attorney, it’d be curious to hear kind of what your thoughts are. The intersection of open source technology and encryption. You know, we we’ve talked about PGP has been invoked, but PGP was physically transferred on floppy disks. And then now we have this thing called GitHub, where you know, you can transfer information you can transfer code. I know the Treasury Department is very interested in this and has recently indicted some people for developing open source technologies and doing some other things too. But we’d be curious about kind of the intersection of those two things and, you know, how do we balance the need for national security? The need for and then, you know, on the other hand, the need for personal privacy? Yeah.

So, you know, I think your question is getting to something pretty fundamental, which many folks on the panel have mentioned, and I think have thought a lot about which is the idea that there is a spectrum between, you know, privacy and individual privacy and civil liberties and security. And I don’t actually think that that spectrum that a lot of people think is a spectrum is is a spectrum. I actually think that when it comes to things like encryption, that technology is absolutely critical for national security. And I think so I actually I think that spectrum idea or the idea that that this is a trade off is not exactly right. And then when it comes to the question of, of how you think about individual privacy, versus information that is going to be made available publicly. Actually, that’s something that we at least in the US, have an answer to, which is that there’s this idea that if everything if I did have a you know, something following me around and recording everything that I do, right, all the time and you know, handing that over to the government we would catch all of the criminals, right? And 100% of the time, and what it comes down to with the Fourth Amendment is this idea that okay, we’re not going to have that we’re going to have a default that is private right? Under the Fourth Amendment. The default is privacy. And if you want to overcome that default of privacy, you can do that. What you need to do is you need to go to a court and have probable cause for suspicion and get a warrant and then you can get information about that individual. And so there actually is an answer of like, how do we how do we balance those two things? And that is that is the answer that that the under the Constitution we’ve come up with, and I’m sure others on the panel have a lot to say on this topic because this is one of the fundamental, you know, values questions that I think a lot of us have thought about.

I agree

with what Marta said the Fourth Amendment’s a great solution.

Actually, I’ll pile on that. And then something else I think I heard in your question, one is certain other countries have taken laws that were passed here. And when those countries pass those laws, we freaked out, and on the one hand, when you look at those laws, you go away two minutes almost word for word the same as what our laws are, except the distinction is, we have a mostly working rule of law with a mostly independent judiciary, in these other countries, the judiciary reports directly to basically the party and the party that’s in power. And so I you know, this is something we should not take lightly, you know, the importance of our legal system and that yeah, we have issues. But, again, it’s nothing like other places in the world, and that’s where we can rely on courts. When it comes to running algorithms in the cloud. You know, we can rely on the company saying, we promise not to look where we can rely on mathematics. Frankly, I prefer to rely on mathematics than especially a large corporation saying we promise not to look. Another thing I heard though also was about open source. And I’ll toss stuff out and again welcome others to jump in. I I was horrified in a call that I was on just before coming here for this session here. I was on with a regulator talking about protecting critical infrastructure and this was physical security, not cybersecurity. And the comment that one of the regulators made as we made a presentation was, well, if we fortified the buildings that you want to protect, then the adversaries will know what buildings to attack. And that was one that had like most it was going really, yeah. And in the encryption space, that security by obscurity. I you know, we’re going to protect this building that if you knock it out a lot of bad things happen and like literally millions of people die. Well, well, we’ll protect those people by not protecting the building. So with open source, yes, back in Phil Zimmerman days, we had security by obscurity. The our the nation’s national security relied upon people not knowing what the algorithms were. And so we have this open source movement and that was Phil you know I’m going to print it on a t shirt. I’m going to print a book. And so a lot of people and I would offer kind of conflate open source with open inspection, because the US government is now the you know, the official position of the US government, that like all the candidates for post quantum encryption algorithms are open for public inspection and Please tear them apart. Now the keys that has a different kind of level of security, but you’ll please look at it. But the thing that gets conflated is because I can look at the algorithm and tear it apart and whatever does not mean it’s open and free and available to anybody to use without whatever there. It’s not quite the same as the intellectual property regime around it. So I can publish stuff but say I got a patent on it, you can’t use it. I’ve done this with some of my IETF protocols. I publish it I got a patent on it. And the reason I got a patent is to protect you in case someone Sue’s you for using this protocol. So I was just wondering if although actually so the real lawyer here will say I won’t dare talk about that. And the non lawyers won’t go there are no fleas. If anyone has any thoughts on like open source and inspection and things like that.

I don’t know if this is related to the question, but I think of open source is just like another part of science. It’s like how humanity remembers and shares and learns from each other is by publishing and sharing.

I agree with that. I mean, look, also, this stuff is incredibly complicated. There, this is the kind of stuff that people will spend an entire career in and a PhD in and still make mistakes. Every single day of the week, right? And so the only way to do this is is to do it in public with with lots of eyes on participation. I think that gives you the best chance of actually getting a secure safe, a secure, safe, reasonable product. I also wanted to add I actually have one of the PGP T shirts that I’ve recently unreasonably dug out of the closet.

See, oh, go ahead. Yeah,

no, I just wanted to add to that. I think one of the more powerful things about the web three community is that it is for the most part open source, because in order to have a decentralized system, people need to be able to examine it for bugs, reassure themselves about what it’s actually doing, and then also be able to run it for themselves. And so like I feel like open source is very core to the web three ethos, and it is it makes it all the more powerful.

I think everything everyone has said is exactly right. Which is for something this important, you know, for these technologies that are that are absolutely critical for so many people safety and security. When it comes to the code you need lots of eyes on it to make sure that that you’re getting it right. And I think I think everyone has really reflected that well, and I think all of us probably spend all of our all of our work days working on open source code up on this stage. So it’s a really critical piece of of what we’re doing

here. We got a question down here.

So my question goes directly to the code. Well, you know, we’ve seen in the land in recent years, the conflation of money with speech. And now I’m what I’m curious about we were talking about, you know, public inspection of code mean, the relationship between that code for encryption and speech and what freedoms you know, how does freedom of speech play into

that? Yeah, so one of the things that’s a really important precedent, legal precedent in the US is the idea that when people are writing computer code, that is first amendment protected speech. And as with other speech, that doesn’t mean you can do whatever you want, you know, with the code, right? But it does mean that writing the code itself, the act of engaging in writing code is is not itself something that is, you know, is protected by the First Amendment and all the protections that come with that. And I think that’s something that’s really important for the space and also just in general for the ability to develop and work on technology. I think what we’ve seen in recent months, is there’s definitely been some back and forth around where you draw the lines on that and how, but I do think that when, when you’re, for example, when you have a criminal investigation, and you are looking into prosecuting people I think there’s all sorts of things you can prosecute people for if they really did bad things that aren’t literally writing code. And so I think that’s really important distinction, to for, for, for First Amendment kind of jurisprudence.

So Paul, I know we’re kind of at time, but I’m wondering if we can go just a little bit longer.

I would say if we have any last questions, we should take them but yeah, we could also wrap up so any more questions? One over here

thanks, guys, wonderful panel so far. Um, my question has to do with like, Blockchain in general is permissionless and globally accessible, and now we’re adding on a privacy layer. And it seems like we have confidence in this room that we can make it work within the United States come up with compliance frameworks, but how do we answer the problem of like global state actors outside of the United States using these permissionless networks that also protect individual privacy? rights and liberties? So from like a national security perspective, how do we find that balance? How do we answer that question?

I don’t know. It reminds me of the the Internet, right, like when the Internet was new, and was getting developed as a technology. There were a lot of these similar conversations at the time, but but one of them is could like enemy nation states use and benefit from the Internet and could we prevent them or control them or control their Internet and so forth? As far as the Internet goes? I guess the answer is no. Right? Like, as far as I know, enemy nation states use the Internet as much as they want because they have their own Internet.

I don’t know why they’re just putting it out there up front. But I think that this is not in the context of crypto This is not the first time we faced this question. Disruptive Technologies. How do we control their use outside of communities of trust? And the answer writ large is that first of all, we as a society have to decide what our trade off is between risk and reward. Right. I think that is that’s a key elements to how we’ve answered this question from an individual privacy standpoint. It’s a key to how we balance Fourth Amendment versus things like search warrants and other things. So the first answer is, this is not a technical question. This is a this is a societal risk question. Right that once we answer I am positive. There are technical solutions to to like, that we already either already have or can come to, to make that a reality. I think the second thing here is that people sometimes think about crypto as a you know, as a sort of privates place where value transfers can occur. And while it can be in the context of something like a Z cash or a mobile coin or others, I think that is never first of all, that is not the case in the vast majority of crypto, right. Bitcoin for example, is a terrible place to launder money for most people. And I think that even in the context of of things like mobile coins, e cash there are built in things like UPS, right that allow for the legal on a country by country basis, the legal process to have a hook into what is viewable or isn’t viewable. And there’s this is obviously a complicated multifaceted as we talked about, with the the, the ability to, you know, to destroy such information if the consequences of destruction are lower than those the consequences of of production, right. And so I think, I think experimenting with that, our view keys the right thing is default is default public transaction is the right thing. Is there some other thing that’s the right thing, and really understanding how that plays out within the constructs of our societal risk tolerance for this is actually sort of the key path forward.

That was a great last question. Because one last thing. And one last thing is we’re in DC we clearly have advocates and experts and all that we also have staffers and people who are doing policy. One last thing, you know, what would you want the policymaker to go home with after this panel today? And yeah, you’re you’re nodding your head, so you can go first, Marta?

Well, the problem the problem is it goes up second, and the thing that win-win to say is the thing that Zuko says all the time, so I hope you will forgive me, but the thing that I would love for people to take away, which is 100% from Zuko, is that privacy is normal.

What I would want policy makers to take away is humility. As entrepreneurs, you learned that you don’t know what’s going to happen. You have some ideas, you might sometimes be right, but there’s always a bunch of stuff you didn’t know. Same for policymakers.

And that’s pretty close to what I want to say. Instead, I will say that the industry is incredibly young. It is new, it is still developing and growing at an incredible pace. And when we think about creating policy around it, I think we have to think about this both in terms of setting policy to, to to, to encourage that development in the right directions, as well as setting policy to ensure that our our national objectives are are met.

I just want to add on the previous question, I also don’t know and that has to do with with what I would say to policymakers, which is lawmakers, policymakers, regulators. You have a really tough job. I’m glad I’m not in your shoes. We want to help you we want to figure it out. We are innovators. And innovation is the economic engine. And it is important to our country to stay innovative and this is a space where the innovation is needed. So let’s work together.

Well, thank you all very much. Can you give a round of applause to the panel, please?

And thank you, Eric. That was just a fabulous job of moderating that panel. I think we all learned a lot I did. And I feel like we have appropriately recognized global encryption day which was the goal here and recognize it in the context of cryptocurrency which is I think very special to all of us. So thank you all, so much appreciate you being here and I look forward to celebrating again with you next year. It’s November 21 is the day but we might observe it early depending upon when that day falls. So please plan on it and tune in to the BGP for crypto podcast come to a BGP breakfasts. I love to engage with you all and thank you for being a part of this day.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.