NSA’s HoTSoS: Special Session on Data Provenance (speech)

Date : February 8, 2024 By Crystal Gonzalez

Hello. I am Crystal of SHA3.org — a journalist turned plugin developer. My vantage point is the intersection of current events and communications security.

This problem we are approaching is not a theoretical exercise. 

The information war has real casualties. 

Hostile and foreign actors have won a systemic compromise of U.S. Communications Networks by implanting highly polarized and destabilizing narratives through appeal to user value in the simulacra.

Influential media and tech companies act in concert together with algorithmic precision informed by a monopoly on personal user data. 

This digital consortium is responsible for the chain reaction we are seeing emerge in our world today. 

PROBLEM

These companies are under fire for breaking antitrust laws, supporting botnets and disinformation campaigns, political censorship, massive data breaches, and user privacy violations.

Aggressive censorship of U.S. citizens and even a U.S. president has taken statistical precedence over the handling of ISIS support networks or C.C.P. material.

Russia is currently throttling Twitter over its failure to remove content related to child sexual exploitation.

FOSTA-SESTA compliance, the policy debate over 47 U.S.C. § 230, and legal challenges to existing immunities demand urgent solutions to user content accountability and transferability ere massive platform seizure or collapse. 

COVID-19’s heavy cyber dependence further stresses the immediate need for fluent and secure data in commerce, education, and medicine. 

Existing solutions buckle under P.I.I. vulnerabilities in open-source software operated at every level of business and government.

The pervasiveness of digital identity theft erodes public trust in polling and aggregate data.

The deployment of National Guard troops to Capitol Hill is vis-a-vis our hesitation to address the problem of balancing privacy and transparency.

Australia, a Five Eyes partner, has already banned online publications and is revisiting a Real ID REQUIREMENT on social media to negate abuse. 

Should these Orwellian measures become normative, they would severely restrict the nature and character of cyber intel accordingly. 

Network moderation through centralization has reached its legal and logical limits. 

Unchecked confidence in these digital adversaries assumes tacit approval of the further deterioration of our national communications interests. 

SOLUTION INTRO

Observing the crossroads of competing interests within these operations reveals a simple key strategy.

We can likewise restore a sense of user agency and digital trust by distilling the solution space into domain interoperability facilitated by hashed user signatures to provide transparency and privacy within aggregate data. 

We have evidence that hashed signatures are highly effective at generating successful permutations and counterintelligence on multiple fronts. 

Hashed signatures are resilient against coordinated attacks by large corporate bodies because they can spawn new platforms. 

Real authorship identity is secondary to its function and ability to persist between networks.

Accessible implementations of hashed signatures at a scale comparable to the problem will effectively arm users with the seamless capacity to render new Guards of their choosing.

SOLUTIONS

Four hundred fifty-five million WordPress installs exist. One core update providing users with the option to hash a passphrase into the username would effectively transform cyberspace into a liquid platform. 

We developed a plugin with this capability at sha3.org. 

Another route we may take is the assembly of open source hashing sites that will auto-populate Open Graph metatags using nonce keys, returning an authenticated user card the same way we share any link.

Aggregate exit-polling and election data are verifiable by individual contributors en masse with a hashed naming schema, salted with principal information suited for that purpose.

Optional hashed usernames distribute intelligence processing among the population, functionally reducing fraud and abuse while isolating malicious actors. 

This method is contiguous in the progression of decentralizing user metadata storage and retrieval, once monopolized by governments, then corporations, and now, users. 

EVALUATION

There are significant gaps in understanding cross-domain interoperability that expose fatal security assumptions in cyberinfrastructure. 

The range of Information portability between cyberspaces and its polarizing influence on real-life environments will be crucial to inform our position. 

We have achieved this by tracing the migration of benign variants — from memes and advertising to the evolution of choices that become routine.

The chaotic black swan events that concern us rise from the user’s inability to translate, process, and realize productive interactions. We must continue to dissect these events to provide stable functionality to users. 

Measurements may include Bayesian analyses of network distribution and ownership, UI/UX and API effectiveness in cross-domain population, platform conversions, the prevalence of account cloning, and public trust in aggregate data. 

Developing and promoting methods to appraise domain and data interoperability will inform industry participation and policy to bring both existing software and N.S.A.’s purpose of protecting U.S. communications networks to the task.