Turning the tables on online data systems

Since the internet was developed in the 1980s, we have had an increasingly distributed data infrastructure in the US and other developed countries.

In other words, important data are stored on “secure” servers all over the country, and the world.

BUT: The paradigm remained central control!

In the former system, the central computer was the only system where data could be stored securely. Access to the central system was obtained through a “dumb” terminal. “Dumb” just meant no local data storage.

The personal computer, which came into its own at about the same time as did the internet, was a potential threat to that paradigm. Ever since PCs came out, the pro-central-control guys have been trying to figure out a way to make them obsolete!

And so, with “cloud computing,” “mobile computing,” etc., they are.

MAYBE centralizing anything seems more efficient.

It’s called “economy of size.” But it’s also called “too big to fail.”

If you can print out a document you just created on a little printer in your office, that’s a lot more convenient that going down the hall to the big central printer. But management says it’s more expensive. Next thing you know, the big printer breaks down. The only reason the group survives is because they could fall back on the small printers that people kept in their offices! But if you have a central control nut at the helm, what will the answer be? Get another big printer to reduce the chance of catastrophic failure! The lesson goes right by them; they probably can’t even see it.

Another example

Solar power. Same line from the central power club: too inefficient! But if a central power system goes down, you could have a huge number of people without heat or refrigeration for days, weeks, or…

(news story)

…and that will still be the case if we centralize solar.

What if every building had its own system? If it goes out, you just mooch off your neighbors for a few hours or days until it’s fixed. Major state-wide disaster? Nope.

Back to the internet

Cyber crime researchers report that US losses from identity theft fraud have been hovering over 50 billion per year for several years now, with the number of victims topping 10 million.

(cyber crime report)

What makes this possible? The central control nuts. All “hackers” need to do is break into one major secure server to suddenly have thousands or millions of names, billing addresses, and credit card numbers.

Is data decentralization possible?

What if all your personal data were in your wallet, or in a safe (or encrypted hard drive) in your house? Could finance and industry still function if private data were really private?

I think it could. It probably always could have worked that way.

If you rent an apartment, you and your landlord (or building manager) have a key to your room. And that’s all.

If you own your home, you could be the only one with a key to get in.

Could you do the same thing with a bank account? Does your bank really need to know your name, where you live, and who your favorite grade school teacher was in order to provide you banking services? Do they need their own copy of the key to your safe deposit box? No. So why should they have free access to your account? They shouldn’t. Cybernetically speaking, they should have “read-only” access. These days, banks are allowed to debit your account for “fees.” In the old days, they would have had to find some way to make money off your deposit, or else bill you for the fees. Then you could authorize debit from your account, or pay the fees some other way. Your bills and payments would be on the bank’s account with you, not on your account with them.

How would this work? The account itself, though it is your asset, is on their books (computer). Their computer system would have to demand authentication from the account owner before changing anything on your account. In the old days this would have been accomplished by a bank employee recognizing your face or your signature. In a computer, it would have to store some sort of hash or similar token. A hash is a number that is created by a character string. There is no way to guess what character string generated it. The only way to “crack” a password hash is by “brute force” – trying every conceivable combination of characters until you get a match. Thus, the more imaginative your password is, the harder it is to “crack.” So a hash is a fairly safe token to store on a central computer. When paired with an account number, it should give the account owner control over that account.

Does a group you do business with need your name at all?

Well, it’s certainly the conventional style to identify yourself by your name. But even this habit could theoretically be bypassed if the individual were held responsible for keeping track of the messages sent to him. Email addresses, for example, do not have to have your name in them (though most do). So if the bank had your email address and your account number, that should be all they need to contact you. Their messages would have to say “Dear Customer” at the top instead of “Dear Larry.” Big deal.

Packet encryption

If you are going to make financial transactions over the internet (see my articles about the idea of making money obsolete) then your passwords have to be sent to the computer of the business you are doing business with over the internet. And the internet sends data in “packets.” By default, these packets are readable. To make them unreadable, they have to be encrypted. Encryption is a pretty good system. It takes a little more time. With modern fast computers, that time is very small. And besides, the only important things to encrypt are your passwords.

The vision

The vision is of a much more secure, decentralized system that results in much less crime. One huge way to reduce crime is to take money out of the system. That is a big step, but someday we may do it. The important point is this: You don’t drop record-keeping. You don’t use money to buy and sell things, but you do keep records of purchases and sales. The remote computers you have accounts with store a username (email address) and a password hash. And that’s all they need. They proactively send your data (which ideally would not include anything financial) to your email inbox, where you may collect it at your leisure. You prove you are who you are by providing the email address and password, encrypted. These data are stored in your “wallet.” Only you have a “key” to your “wallet.” That key can be a piece of hardware, but it operates on the same principle as a remote login, and could in fact be used to transmit that login information, so you wouldn’t even have to memorize it.

If you lost your “wallet” you’d be in deep doo-doo. But it doesn’t mean you’d be taken to the laundry, because the thief would also have to steal your key. So: Just don’t keep your keys in your wallet! Having a secure backup of your wallet (and your key, I suppose) would be part of the system.

As the table turns

Of course, the central control nuts will find all manner of reasons why this would be impossible.

The problem is: Their spokesmen (think Hillary Clinton) keep talking up freedom and democracy while their actions keep resulting in slavery and tyranny. Their crimes are being exposed, and with any luck, their systems are not much longer for this world.

They will need to be replaced with something else. Will the new systems be better, or built on the same old paradigms that the criminal systems were based on?

I hope this gives you some small clue why I bother to write articles like this.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s