phd-thesis/chapter-introduction/chapter.tex

\chapterquote{Meredith Whittaker~\cite{greenbergSignalMoreEncrypted2024}}{
    It’s not for lack of ideas or possibilities. It’s that we actually have to start taking seriously the shifts that
    are going to be required to do this thing—to build tech that rejects surveillance and centralized control—whose
    necessity is now obvious to everyone.
}

\chaptertitle{Introduction}

All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist circles since the mid-twentieth century
that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this
blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists a strange parallel between this and
modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least
amount of keys possible involved in any computation, and cryptographers have time and time again strongly rejected
attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems.

%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that 


%In the early days of mass-market computing, the expectations towards this new tool were high. Even before people
%realized the potential of computers and the internet for commercial gain, there was widespread optimism about the
%potential of globally networked computing to liberate ideas and better humanity. People imagined a future where any
%information would be available at a mere thought, where cultural and language barriers were eroded by technological
%advances, and where technology served as a universal equalizer, narrowing socioeconomic gaps and enhancing the quality
%of life for everybody.
%
%Needless to say, things did not turn out that way. After initially, home computers and the internet were briefly the
%domain of a particular brand of free-spirited enthusiast, it did not take long until the domain was captured by
%commercial interests. The dotcom bubble inflated and burst, and the introduction of smartphones catalyzed the rise of
%the social web, bringing computing to the masses. While by itself the democratization and the widespread adoption of
%computing is a good thing, the capitalist environment caused it to coincide with an overal drift of the industry away
%from the libertarian principles that were characteristic for its beginning. 
%
%Specifically, throughout the past thirty years, computing ecosystems have continued a gradual evolution into walled
%gardens, primarily serving not their users anymore, but the interests of whoever owns the place that hired the place
%that made them. While in the 90ies, owning a computer meant you would be able to run any piece of software on it,
%today's platform business model means that every program requires prior approval by the platform's owners. The publicly
%stated motivation for this gradual creep invariably is security or protection from harm by bad people writing software,
%while the actual motivation is without doubt the tremendous monetary gain an operator can obtain by seeking rent for its
%platform.
%
%The platformization of computing has captured all levels of the industry, from backend systems running on hyperscale
%cloud platforms, through desktop computers running only vendor-approved operating systems through secure boot chains, up
%to low-cost smartphones containing highly secure enclaves tasked with the protection of Digital Restrictions Management
%(DRM) keys aimed at stopping the user from copying media played back on the device. Increasingly, this trend towards
%platform owners having the ultimate authority on users's computers is becoming a practical issue in high-risk settings.



% Cypherpunks

\section{Centralized Authority}
% ACAB is a anti-authoritarian sentiment
% In anarchist discourse, "cops" are not just policemen and -women, but also other means of centralized control.
% Anarchism rejects centralized authority in favor of the freedom of individuals because it recognizes the dangers
% inherent in centralized authority 

% While anarchism is one extreme of the spectrum, the dangers of centralized control are well-established.
% The constitutions of all modern democracies recognize these dangers, and contain elaborate provisions such as a
% separation of powers, and extensive protections for civil society and journalism
% While modern democratic policy rejects anarchism, it embraces it's criticism of power in some vital niches.
% Examples: Whistleblower protection, attorney-client privilege, doctor-patient confidentiality and protections on state
% agents such as judges or politicians

% Centralized authority promises efficiency, but it has a tendency to go awry.
% These sanctuaries carved out from the state's authority in democracies are vital to the functioning of the system
% In today's computing environment, we observe some parallels to this limitation of centralized authority
% In classical computing, centralized control was used abundantly to create order
% Like absolute political authority becomes dangerous when subverted, centralized control in computing becomes dangerous
% when systems are compromised through hacking.
% Allocating control can be done using cryptography
% Cryptography provides near-perfect mathematical solutions to almost any control problem
% However, as anyone who has taken an introductory crypto course knows, encrypting things isn't the hard part. The hard
% part is managing keys.

% computing solutions to these problems include: Air-gapping, separation of concerns, extreme case: HSMs and TEEs
% provide security even during compromise
% interesting parallel to state control / anarchy discourse above:
% they are secure even against the state/police if implemented correctly
% observation: competent hackers are about as competent as competent police
% observation: cannot digitally encode ethics or legal stuff, so no "good guys only" backdoors

% other applications of this principle of distrusting systems are (perfect) forward secrecy
% see signal
% however, system such as TEEs and HSMs are largely a niche solution
% while some are widely deployed, e.g. TEEs for DRM and as secure boot root of trust in phones, desktops
% they are not usually democratic. despite wide deployment authority is with their manufacturer.
% To ordinary users, these capabilities are distant
% EU regulation was necessary to force apple to open up some APIs cf. nfc payment
% normal users are shit out of luck

% Thus, we need new tools. Tools that enable normal people / small orgs to assume control of their data/keys/etc.
% we need to open up the power of TEEs to everybody
% right now, open source is often less secure than closed-source
% trusted boot rarely implemented (right) in open source
% no TEE security at all because of lack of access
% we want to create democratic, open source HSMs

% open source HSMs enable many use cases to the public and small orgs that up to now only large corps or states could do
% email encryption
% secure group messaging
% signing key servers
% secure video / audio calls
% private data storage
% things like that twitter/x protocol for pin-based key recovery
% timestamping / attestation services
% base for distributed consensus protocols
% might have applications in cryptocurrencies when operated as heterogenous cluster

% but beyond that, they enable entirely new use cases.
% conventional hsms limited in computing power, crippled for the purpose of market segmentation
% ours are much more powerful, enable much higher computation crypto such as generic smpc
% generic smpc can do things like key management, pin-based security, secret statistics etc.
% furthermore, above we noted parallel between anarchist distrust of authority and core cryptographic principles
% our hsms not only protect against classical attackers, but also against states
% can be used as democratic check and balance
% example: secure comms that cannot be accessed by the state / police
% example: secure, authenticated photo and video capture
% that's especially relevant in the age of ai

%\section{The Trust Perspective}