In the modern classic movie Sneakers, a ragtag team of hackers and security engineers attempt to pull off the mother of all crypto-heists – they are hired to steal a hardware device that is capable of decrypting anything. The movie, written and produced in the early 1990s, is oddly prescient about the subject of cryptography and how much of our modern technology depends on its infallibility.
The film’s ending, viewed through the lens of the last decade, takes on a completely new, almost parodical, meaning: the NSA turn out to be the good guys.
Last month, the U99 group announced plans to develop the Slur.io marketplace, a decentralised platform for matching buyers and sellers of secrets. Anonymous sellers post an encrypted version of a secret (along with, I assume, some form of provenance) on the site, and anonymous buyers bid for its decryption keys with bitcoin. Once an agreement has been reached, bitcoin is exchanged, keys are transmitted, and secrets are revealed.
The secrets could literally be anything, and the U99 group has not held back with its examples: trade secrets, source code for proprietary software, proof of tax evasion by major corporations, military intelligence, stolen credit card databases, celebrity nude photos, evidence relevant to ongoing trials – the list, and our collective imaginations, goes on quite a ways (to the avid movie fan, their rundown reads like every conceivable MacGuffin in every heist movie ever made).
U99 envisions Slur.io as Wikileaks 2.0, an “incalculable resource for public knowledge and unfiltered access to the truth”. Except that in the future journalists will need to compensate whistleblowers for the extreme risks they take.
In a world where cryptography currently allows private organisations and individuals to do bad things without fear of discovery, marketplaces like Slur.io aim to incentivise total transparency.
The plot of David Eggers’ The Circle immediately springs to mind. But secrets aren’t always “lies,” as the fictitious social network in Eggers’ book declares. The underlying reason for having company secrets (and in a broader sense, the entire patent system) is because the process of invention is long and arduous. If an invention is not protected long enough for its creator to be financially rewarded for it, then we would have far fewer inventors. Individual reward drives public good, etc.
So if, for example, Johnson & Johnson spends a few hundred million dollars and several years attempting to develop a vaccine for Ebola, it seems wrong for a disgruntled employee to be able to take all that research and auction it off on some online secret marketplace. Granted, the greater issue there probably lies in J&J’s employment practices and security measures, but that’s another discussion entirely.
There is, however, a fundamental difference between a publicly-visible auction and a surreptitious negotiation between two parties in a dimly-lit noodle house outside Tucheng. The difference is this: the rest of the world doesn’t know the exchange is happening, or is even possible. To understand why that is a problem, imagine secrets posted on the marketplace with titles like:
Assuming a modicum of provenance, the first two titles above are damaging without even having to be real. The third item has the potential to completely upend the world’s search experience and return us to the dark ages of link-farms and black-hat SEO
Taken to an Upworthy extreme (as essayists on the internet are wont to do), Slur.io could become the Shopify of blackmail.
But there is good here as well. Organisational transparency is generally regarded as a boon, and properly incentivised whistleblowers keep everyone honest. In a 2013 report, Transparency International (TI) scored multinational corporations from emerging countries on their overall corporate transparency. The result was an unsurprisingly low 3.6 out of 10 on average, a result which TI states is indicative of “a lack of recognition of the importance of transparency as a building block of good governance, including the management of corruption risks”.
TI lists a handful of recommendations regarding what companies “should” do (hint: it has something to do with being more transparent), but by their own analysis, the highest scores were due to domestic legal requirements which forced those companies to provide “more extensive financial information on their subsidiaries.” To put it plainly, I doubt it was due to those companies having read the TI report.
Imposing transparency by law does not appear to be working all that well, in any case. As we’ve seen many times, the largest and most corrupt financial institutions are more powerful than the regulators attempting to keep them under control.
In a Slur.io world, transparency would conversely be brought about from the bottom-up. Individuals looking for a big payday would attempt to blow the whistle on company malfeasance at every turn, and the threat of that possibility would likely be enough to force large companies to rethink their transparency outlook.
But the argument does tend to loop back around. In a truly decentralised platform, all the “good” secrets are thrown in with the “bad,” and obviously even that dichotomy is specious at best. The first casualties will conceivably be (a) the right to privacy and (b) the protection of innovators.
Slur.io and the similar marketplaces that will inevitably spring up alongside it are not exactly the ultimate codebreaker that figures so heavily in the movie Sneakers, but the potential impact is very similar.
What’s most interesting is that the fundamental code for creating the platform is already out there in the form of the decentralised, open-source marketplace OpenBazaar. In order to prototype the concept, a committed developer would only need to add the fulfilment workflow for transferring and decrypting the “merchandise”. Whether or not it will be better or worse for mankind on average is unknown, but what’s abundantly clear is this: our secrets’ days are numbered.
Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.
‘Top Secret’ image via Shutterstock