e$: Digital Commerce for the Rest of Us
    Apple in a Geodesic Economy


Vincent Moscaritolo
Cupertino, California


Robert Hettinga
Boston, Massachusetts


September 4, 1996


This particular e$ rant is authored by two of us. We have a lot of ground to cover. Bob's going to do the words: what we think the fundamental forces are for the technology of digital commerce, what the effect that will have on society, what we think the Mac's strengths are in this environment, and what kinds of strategy the Macintosh community should have there. Vinnie's going to do the music: very specific things that Apple and the Macintosh developer community can do, right now, to participate as a full partner in the development of digital commerce on public networks. We'll follow that up with some technologies that Mac people should concentrate on to be first movers in the new markets as they develop.

Lerner and Lowe. Rogers and Hammerstein. Moscaritolo and Hettinga? Hmmm... Let's get started, anyway...


Normally, we would include by reference <http://www.shipwright.com/> all of Bob Hettinga's previous rants on the subject of life, the universe and everything digitally commercial and cut to the chase. However, both of us suspect that this will be read by lots of folks who haven't seen any of that before, so we'll summarize it a bit for starters. Hope we can get away with it. It'll help if we use a Mac focus, so we'll do that.

Lots of Bob's thinking on this starts from something Peter Huber observed about 10 years ago. When you apply the collapsing microprocessor prices of Moore's law to telecommunications networks, those networks change from hierarchies to structures resembling the geodesic domes of Bucky Fuller fame. In the old days, you picked up your phone, which connected you to a central office switch, which sent you farther up a switching hierarchy of bigger and faster switches the farther away your call had to go, and then back down the same number of levels to connect with the recipient of the phone call. That's because early telecommunications switching, like all industrial-age information "switching," was done by human beings. As telephones became more ubiquitous, it became apparent, by the 1920's, that everyone in the country would have to become a telephone operator, and that wasn't going to do. So, telephone switching became more and more automated. Evolving from mechanical to electromechanical to electronic switching. Remember that Ma Bell invented the transistor to switch phone calls. Eventually, switching was done by microprocessors, and then Moore's law took over. Companies started buying direct links between their different PBXes and switching them over their own private networks. Wall Street firms bought lots of direct lines between themselves and critical customers. Companies bought direct lines for their proprietary computer networks, and so on. Deregulation made this even more pronounced, as companies bought long-distance trunk service from the cheapest vendor. Falling microprocessor prices always made it easier to add more switches to route around bottlenecks. The net result was what Peter Huber saw in 1986. He called it a geodesic network.

As usual, Mr. Hettinga takes this a little bit further than most people want to. :-). Bob likes to make the claim that our entire society maps to the armature of its communication structures. For instance, in one of his rants, recently published in Wired, Bob talks about the capital and financial markets, and how they started as peer-to-peer cash-settlement bearer-instrument markets: like the gatherings in front of a buttonwood tree on Wall Street, or at Lloyds' coffeehouse, or at a bunch of dry-goods merchants in London. As communication speeded up, it became easier to participate in these markets from a distance, but information and money still had to be "switched" (filtered, routed, summarized) to get there, and, since switching (human brainpower) was expensive, the networks used to move capital and information in and out of these markets were hierarchies. By networks, of course, Bob means the firms, and syndicates of firms, that worked on any one trade. Hierarchies are much better if they're integrated, you get economies of scale that way, so, as communications speed increased, the hierarchies got bigger and controlled more resources. "Natural" monopolies and all that. In other words, communications, and thus organizational, hierarchies are industrial artifacts. In fact, it can be fairly said that most of what we call modern civilization is this armature of interlinked industrial communication hierarchies, which in turn replaced the smaller, unconnected and city-focused hierarchies of the agricultural era.

Enter the geodesic network. As you automate the switching of information, you start to break up hierarchy in an apparently fractal process. That is, it happens at all levels at once, almost from the "inside out," kind of the way the universe expands. From the organizational standpoint, headquarters staffs proliferate, middle managers stop having direct line control, front line people work in teams. Minicomputers and the various predecessors ;-) of the Xerox 860 word-processor were the beginning, but the Apple II and VisiCalc kicked off the avalanche. Now DOS/Windows is the most prevalent platform for corporate line functions where marginal processor cost matters, and Macs are still the machine of choice for senior management, professionals, and staff, where marginal processor cost doesn't. If you will, the most "geodesic" part of business.

As the process continues, the information the network depends on can be manipulated much easier if it's broken up into smaller pieces and processed as close as possible to its origin. Bob likens this to soap acting on grease in dishwater, and says that Moore's law, operating on a public network, is an information "surfactant." He's even been known to conjugate the verb "to surfact" in his wilder moments. ;-).

What you get, when you look at the world in those terms, is a good explanation for what frequently confounds traditional industrial analysis: downsizing, narrowcasting, the immeasurability of computer productivity gains and "service" economies, and lots of other stuff. More to the point, you get very good framework for thinking about whatever we're eventually going to call "post-industrial" civilization. It's like getting a little parallax on the future, and the neat thing is, you don't need to be a rocket scientist to understand it. Think about any social institution, any business process, any market this way and your thinking about it changes forever. The effect is practically Copernican. It's great fun.

Now we're going to pour a little gasoline on the fire, here, and talk about money. Actually, we're going to talk about cryptography, which is how you create money on a, hrm, "ubiquitous public geodesic network," which is what the internet is, plus or minus ubiquity :-).

We'll state it here as plainly as possible: Digital Commerce is Financial Cryptography. If you compare digital commerce to aviation, the mathematics of very strong public key cryptography is the Bernoulli's Law of digital commerce.

Just like Bernoulli's Law -- and the other mathematical equations of aerodynamic flight -- you can get into the air without it (with a balloon, say) or you can use it only a little (with a dirigible) or, you can just learn the math, use wings, and fly instead. So, let's see how that maps to the universe of digital commerce. Can you ignore cryptography and do rudimentary digital commerce? Absolutely. You can simply send credit cards, or bank account numbers, or whatever, in the clear, over the net, and hope nobody sees it in the deluge of information out there. Cryptographers joke and call it "security by obscurity." Let's liken that to jumping off a cliff, because you are flying, after a fashion, but it doesn't last very long. :-). We suppose that if you used encryption that wasn't secure, or worse, was escrowed, to hide those numbers, it would be like jumping off a cliff with your eyes closed: again, you're flying, but not for long, and you don't know what hit you when it's over. Let's call the height of the cliff the number of times you send your credit card in the clear, and that completes the analogy.

Another, safer way, is to use a method like First Virtual's, where you're issued a proxy number, off of the net, for your credit card account, and you send that on to a seller instead, who has his own account with First Virtual. First Virtual is in fact very safe. That's because, first of all, the buyer gets a chance to renege on the trade on another channel (e-mail) at least twice before the trade is actually executed in the credit card system, including calling the proposed trade a fraud, and, to top it off, the trade sits in limbo for another 91 days at First Virtual's bank before the seller gets the money. That is, unless the seller's entered into the equivalent of a factoring arrangement with another bank.

So, let's call First Virtual something like sitting in a tethered balloon. You are, in fact, airborne, but the ride's not too exciting, once you get used to being up there. You don't have much control over the process, and, heh, there are strings attached... Thus Nathaniel Borenstein, of First Virtual, is both Montgolphier brothers, and, as such, should get not one, but two, rounds of applause for his efforts. Of course, with the, ah, smoky publicity (read: FUD) efforts he's made for First Virtual, you get another resemblance to the original brothers' efforts, too: because the immortal Brothers G. originally thought that smoke, particularly foul smelling smoke, was the thing which lifted the balloon.

OK. So, who's Count Zeppelin, then? Many people here. But, like the dirigible, they all employ just a little Bernoulli's Law (strong cryptography) to make their methods work, in the same way that a dirigible like the Hindenburg used little wings in back to move around with. Either they encrypt the links between web clients and their servers (SSL, SET) or through their servers (Cybercash, Checkfree), or they use digital signatures (FSTC electronic checks, Verisign), or both (Cybercash). But they're still just encrypting a credit card or bank account number and clearing and settling the trade off the net. They're using little wings to maneuver a giant flying gasbag: the entire apparatus of book-entry accounting, banks and all. Book-entry trade settlement (like, say, credit card transactions) is, of course, yet another industrial communications hierarchy, now hoping to play in a new geodesic economic environment.

What? You can have a transaction without offsetting book entries? Of course you can. You probably did it within the last 24 hours. It's called cash. And, yes, Virginia, there is cash on the Internet.

It was invented by a guy named David Chaum, and, in its current, rather muzzled, form, it is being "underwritten," in the same way that an investment bank used to underwrite bearer bonds, by Mark Twain Bank, of St. Louis, Missouri. There is also another version at an ISP in Scandinavia, and other banks, like Deutschebank, are about to join the fray. Sparing you the cryptographic details, digital cash works just like regular cash, except it's, heh, digital. I give you a bunch of bytes in exchange for something. You take those bytes and exchange them for something else, and so forth, and the last person in the chain of exchanges can take those bytes to the bank which issued the bytes to begin with, and get whatever the bank said they were worth when it issued them to me. Say it's a dollar: those bytes become a digital dollar bill on the internet. More to the point, the cryptography of the "bill" and the protocol for handling it ensure that not only is the "bill" unique, but, if anyone tries to replicate it, they get identified, no matter how deep they are in the transaction chain. Pretty strong incentive to be honest, that.

Now, digital cash is more complicated than that underneath, but that's a simple enough description for now. Suffice it to say that if you can issue a digital bearer certificate representing a dollar, you can issue another one representing any type of financial asset you want: debt, equity, commodity, or any derivative thereof. One cypherpunk, Perry Metzger, jokes about gold-denominated Burmese opium futures in bearer form... More to the point, unless you replicate the certificate and try to cash it in more than once, you can remain completely anonymous. Much to the annoyance of the taxing authorities of nation states, who, like the rest of society, have their own industrial information hierarchy: the system of book-entry taxes. Say, those on income or capital gains. Even worse, if you aren't biometrically linked (they don't know you're you, in other words) to your digital signature, you could receive these digital bearer certificates as payment for the perfect crime of your choice. Lions and Tigers and Bears, oh, my!

So, why use this stuff? Because even with all the scariness, it's a quantum leap in financial technology. All those offsetting book-entries save scads over paper, but they still cost money, and not just in storage and processing costs, either. For example, think about the difference between your great-grandfather running his business out of his wallet, and your now needing an accountant and a lawyer at tax time each year to make sure you don't go to jail for running your own.

But, we're not just talking about reducing costs here. We're also talking about changing the world, something people at Apple are familiar with. :-). Here's how digital bearer certificate technology does it: each transaction is a peer-to-peer (dare we say "geodesic"?) transaction, and, like cash, it clears and settles the second the transaction is over. You don't need two banks in the middle, like you do with a credit card, or three, like a check. Instead, like a dollar bill, it's already money. :-). (Actually, you might need to talk to the issuer to verify that the cash is real if you're extremely careful about your money, but since you're on-line and they're on-online, that's not too much trouble.) You don't have to wait for a credit card bill to pay for it, because it's already paid for. You don't have to wait for a check to clear, because the transaction's already clear. On the internet, cash, and not credit, can now be king.

That's because we're talking about a world where secure transactions happen on insecure networks.

That's counterintuitive to most people, because all their life they've worked to make insecure transactions happen on secure networks. The NASDAQ network is such a secure network, where only those authorized to do so can trade. Those people are strongly (that is, biometrically) identified, so that if they do something fraudulent (change the wrong book-entry, in other words), they can be sent to jail. Almost all network security technology, from password authentication to firewalls, is about creating secure networks so that insecure transactions can occur. All of client-server technology is predicated on this, is a matter of fact.

The internet, however, is a public network. It's completely insecure. In order to have any transactions at all, they had better be secure. In fact, they had better be so secure that it doesn't matter who you're doing the transaction with, the exchange of product for money will still occur, just like any cash transaction in realspace. To do that, you need a cryptographic protocol, because cryptography is all about making sure that only the people who are authorized to do so get to see some specific information, no matter how insecure the environment. Digital cash works because the cryptography is so strong that the participants can trust the cash certificate itself, instead of the other party in the trade. Actually they're trusting the certificate's issuer. It's called intermediation, and banks and clearinghouses do the same thing in a book-entry system. In fact, it's safe to say that every transaction is intermediated, somehow, so the current buzzword for this process, "disintermediation," is something of a misnomer, just like "zero-gravity" is. Like life in orbit is actually under conditions of microgravity, we like to say that a geodesic network creates a process of micro intermediation, where the entities intermediating the trade can get smaller and smaller as cryptographic technology improves and processor prices decline.

Notice something really strange here. We said we don't care who the transaction is with. That also strikes at the heart of financial reality. Since we trust the intermediary, we don't have to trust the person we're trading with, as long as we get what they say they're selling us. That means we don't have to know who they are physically. On the internet, you are your digital signature, and nothing more. More to the point, you are the sum of all the things your key does on the net. It's called reputation capital. Nobody's responsible for it but you, and anybody who trusts you deserves what they get. :-).

A lot of effort has been made lately to address this issue from the book-entry perspective. Remember the PowerTalk Keychain? The Macintosh has gone through all of this with RSA/Verisign, and now Consensus is joining the fray. When people talk about certification authorities, X.509 (for the most part), and authentication, they usually mean biometric identity. Biometric identity is what a driver's licence is. Like a driver's licence, biometric identity has your picture, your height, weight, address, etc., on it so that if you make the wrong book-entry somewhere ;-), they can hunt you down and send you to jail. Actually, biometric identity is a little more than that. It usually involves your fingerprints, or voiceprint, or DNA, or some other unique "biometric" identifying characteristic. We use it here to mean any method by which a digital signature can be directly attributed to a specific person, again, so they can hunt you down and send you to jail for making the wrong book-entry.

It's easy to see how a lot of anarchists and anarchist sympathizers (like libertarians and arch-conservative republicans ;-)) really like this idea of a world where your financial actions can occur completely out in the open, yet still be anonymous as far as the person making the transaction is concerned. Where the only method of sanctioning bad financial actors is to shun them into poverty, or at least into starting a new digital identity. The weird thing is, it'll probably work. That's because you really don't need to know who someone is to do business with them.

First of all, there is the technology of blinded credentials. In cryptography, there is the whole idea of the zero-knowledge proof of knowledge. With simple digital signatures, I can prove that I have the permission to do something (vote, drive a car, access some data) without needing to tell anyone who I am. With an extension of the same technology, I can prove that I have some information, just by munging all the information cryptographically and producing the result, instead of the information itself. That allows me to do things like vote anonymously, and lots of other fun things. You can create partnerships with all the behavior characteristics of corporations, but without requiring the legal infrastructure required to enforce contracts. But, how do you enforce contracts with an anonymous -- actually a perfectly pseudonymous -- entity? You attack its reputation, of course.

Before we had money, we had trade. There's a certain red ochre found only in Maine. From as far back as 4000 BC, this ochre has been found in archaeological sites in Ireland. How did it get there, all the way around the northern Atlantic from Maine? Trade. You can be certain that the person who bought that ochre never knew the person who dug it out of the ground in Maine and traded it for something else. You can also be certain that a myriad of trading partners from that time until it went back into the ground in Ireland never knew each other, except to trade that red ochre for something else they thought was more valuable. Caveat emptor. All sales final. If we could do if 4000 years ago in paleolithic America (and Labrador and Greenland and Scandinavia) and Ireland, we can do it on the internet. Without the requirement of state force to sanction miscreants. If Vinnie sells Bob software, and Bob pays Vinnie money, and both the money and the software work, why does Bob have to know who Vinnie is?

Ah. There's the rub, people say. Suppose Vinnie sells Bob no software at all, but just a meaningless jumble of bytes. Bob doesn't have legal recourse. Bob don't know how to find Vinnie and punish him. Doesn't that kill the market? Actually, Bob doesn't need legal recourse. He can punish Vinnie. Bob can easily ruin Vinnie's reputation by announcing his thievery to the whole world, and, especially if Bob's reputation is a good one, and Vinnie's is new or already questionable, Vinnie will have a very hard time selling anything to anyone else. Vinnie will either have to give Bob software that works, or Vinnie will have to start all over with a new network identity, and build up a reputation from scratch. Sound familiar? That's the way markets work now, really. Laws like the interstate commerce code are supposed to be a backstop against criminality, but isn't it strange that we still have criminal markets? That's because trading is an innate human behavior. We had trade before we even had money. Before we had civilization itself.

Reputation is, and will always be, everything. In the old days, if a stranger came into the local village market and sold something bad, violence was rarely the sanction of choice. Usually the person was shunned and never did business there again. Of course, if he persisted, or if his crime was egregious, things could escalate, and quickly. But as a rule, it was "Burn me once, shame on you, burn me twice, shame on me." However, as industrial society proliferated and long distance communication became possible, it was possible to trade at a distance, and that's where problems started to happen. Markets became so big that lots of people could be hurt before enough information got out about bad products. But, in a geodesic environment, a valid claim of harm can go to all interested parties, no matter where they are, in seconds. In addition, industrial concerns were so large that they could only be swayed by the threat (the old "argumentum ad bacculum" of a first year logic class) of other large institutions, like governments, media, or labor unions. In a geodesic environment, a chaotic, ad-hoc horde of small entities can more easily "gang up" on problems, even very large ones: like dealing with belligerent industrial institutions. Or even, say, creating an instantaneous financial syndicate...

One of the cool things about digital bearer certificate technology on the net is that someday it should scale to economic activity of practically any size, from large investment syndicates of bearer bonds for large project finance, to micropayments for routing the very packets the internet is built out of. It introduces cash-settlement auction-market pricing for every form of business activity, at any level of business enterprise, something which is impossible in a world of industrial communications technology. Profit and loss responsibility can be pushed down to almost minuscule levels, without the need for rigid internal audit controls, because markets determine who wins and looses, and, if you don't pay, you don't play. Digital bearer certificate technology is a money surfactant. It will have the same effect, on the large interlocking hierarchy of offsetting book-entries we take for granted as financial reality, that microprocessors have had on the telecommunications network. Like Moore's Law on geodesic networks does for information, and compound document architectures like OpenDoc do for software, digital bearer certificates will someday dissolve large capital and business entities into a chaotic cloud of much smaller self-organized "syndicates"

Okay. Now let's look at the Macintosh with our new emerald-colored glasses, shall we? Remember to ignore the lions, tigers, and bears for a little while (and really ignore those two guys behind the curtain...:-) ).

First of all, what does the Mac have that others don't? Just about everything which was considered a liability in the old business desktop wars. We can see now that LANs and client-server are mostly about paving cow-paths, about making the old industrial book-entry settlement hierarchies run on time. The Mac, on the other hand, has a non-hierarchical, peer-to-peer development mindset, and always has. Mac networking, from Appletalk to System 7 file sharing, is geodesic networking. OpenDoc is geodesic software. OpenDoc is literally a software surfactant: when a part gets too big, it doesn't "grow up" to become an application, it breaks up into more parts. Without trying, the Mac has the lion's share of the web-development market. Even the oldest Mac is a better web-client than any other platform on the net. That's because the internet (even the Web, on its face a client-server technology) and Apple are geodesic by nature.

The Mac's users, from consultants, to scientists and educators, to creative professionals, to senior managers and their staffs, tend to operate in a collegial, geodesic fashion, which is the way the rest of the world is also beginning to work. Collaborative workgroups are becoming the norm. Freelancers are common, and increasing. It's easy to see why the Mac is the best home-office platform there is, especially if people use the net to deliver their work. Once on the net, you can log into other Mac networks, mount other Mac volumes, even run Timbuktu and drive other Macs. Most important, however, is that you will soon be able to sell your services on a very large and efficient market.

With the introduction of simple financial cryptography, concentrating first on peer-to-peer transactions, the Mac could really, er, capitalize on digital commerce.

The neat thing is, the client/server-style book-entry transactions on the web are going to take care of themselves. SET, SSL, Cybercash, and Checkfree are all just a matter of getting the clients built, which will happen anyway, albeit lagging after the DOS world. Through our emerald-colored glasses, that makes sense. Keeping up will be easy for the Mac, if Apple and its independent internet developers do a few things to help it out, like participating in relevant internet standards processes currently underway, and participating in selected new ones as they start up. The selection criteria should be, "is this a geodesic technology?", that is, does it increase the likelihood of peer-to-peer internet transactions?

Obviously, being the best at clearing credit card trades on the net looks like a lost cause for the Mac, and we can now see why. It looks like the Mac can't even fight a holding action in the innovation department as far as SSL or SET or any of the other protocols are concerned. The game is over. It looks like the Mac can only hope to keep up. The good thing is, that's easy. Mac developers can steal a page from Microsoft's book and just port the protocols to the Mac. Obviously, it'll be easier to use once it gets here :-), but the chance to participate in any meaningful fashion other than that is gone. Fortunately, that's not the stuff we care about right now, anyway.

That's because the Mac can focus on its core competences in geodesic software and networking, concentrating on peer-to-peer transactions, starting with checks, which are pretty simple, and then with cash, which is more, well, interesting. The very best part of this is, that's where the uh, real money, is, anyway.

Probably the biggest bang for the buck (heh...) right now in peer-to-peer internet transactions is in checking. After all, how many people took MasterCard when they sold their last house or used car? More to the point, how many people take MasterCard on payday, or better, when they were paid for their last contract? With the exception of cash, check transactions are at least two orders of magnitude greater in quantity than all other transaction methods combined. (Of course, cash transactions are two or three orders of magnitude greater than all other transactions, including checks.)

Fortunately, the mechanics of checks on the internet are quite simple, and the Financial Services Technology Consortium (FSTC) has already built a proof of concept, clearing a check through the Automated Clearing-House system by e-mail, of all things. They are about to go live with a test by the end of the year. The system uses digital signatures generated by smart cards, though the system could just as easily be software based. The problems here are regulatory for the most part, but the FSTC is a fully-sanctioned industry group consisting of 50 of the largest banks, and most of their checking effort has been regulatory, anyway. So, getting the necessary permission has been pretty much taken care of.

The ability to pay and deposit checks from the convenience of the internet desktop will revolutionize individual and small business commerce on the net all by itself, but the next big revolution will be cash transactions. Cash transactions, like we said, are where the real money is. :-). There are scads of protocols for cash transactions, from Shamir's MicroMint protocols, where, paradoxically, the smaller the unit exchanged, the more the underwriter makes, to Digicash's ecash system, the mechanics of which could be used to issue the digital equivalent of million-dollar bills, (or bond certificates) when the demand eventually arises.


Okay. Now for some music. How does Apple, uh, play, here? More to the point, how does the Macintosh developer community play here? We're not going to answer this with another bitch-list. Apple gets lots of those, and frankly, they're not productive. We're going to throw out a few scenarios, and then look at those scenarios in a bottom-up, inside-out fashion, from the PowerPC chip on out to internet and cryptographic protocols.

Scenario 1, The Telecommuter: Everyone knows that the office is becoming less and less a focus of work activity these days. The problem with working from home is the slowness of dial-up telephony, which should improve with competition in the last mile from all over the place, including wireless, cable and even competing central offices. Telecommuters need to be on secure networks so they can do insecure transactions. :-).

Scenario 2, The Independent Operator: This is Bob's favorite, probably because he fancies himself one ;-). More and more people are working on their own these days, and, given the progress of Moore's law, it is becoming easier to do. What we're talking about here is something beyond telecommuting, where a single employer has its employees on the net, massaging it's data from home or the road. We're talking about actual fee-for-product/service economic entities here, with their own profit/loss responsibility. These people are going to want to create their work, distribute it, and get paid for it, all on the net, with or without traveling to their clients. We're also talking about people selling stuff directly to other people on the net. The Mac developer community should pay very close attention to these people, because they've bought stuff before. These people were the early adopters of the Mac for desktop publishing (content creation), and then for web-page publishing (content delivery), and now they're going to want to use it for transaction settlement (content sales).

Scenario 3, The Internet Infrastructure: These are companies or individuals who are actually selling bandwidth, or switching, or storage, or processing to the internet community. They range from your garden-variety phone company to the neighborhood ISP, to future outlandishness like data havens or economically-autonomous routers.

Scenario 4, The couch potato: This person wants to use the net for nothing but entertainment, preferably from the comfort of his integral-minibar BarcoSofa.

We're in the home stretch now. Let's talk about the stuff all these people are going to need from Apple and the Macintosh developer community. To do that, we'll start, as we said, from the inside out.

The PowerPC chip itself: We need to know every possible way to tweak this chip for cryptography. That doesn't mean changing chips or designs, but developing and promulgating intimate knowledge of what can be done with this chip cryptographically. Fortunately, since it's a RISC chip, we're not talking about too much of a learning curve. :-).

Hardware Randomness: Absolutely random numbers are essential to cryptography. We need to be able to generate and manipulate random numbers at any level in the architecture. We already know how to entropy from user behavior and other places, but the very best place to capture random events is from hardware dedicated to the function. One example is the use detectors around a low-level radioactive source, like the kind used in smoke-detectors. Building an untamperable hardware random number generator like this, and making it progressively smaller until it's a motherboard-level component should be a development priority. However, all that might not be necessary. Read on.

Software Randomness: Along with hardware randomness, we need to handle calls for random numbers throughout the operating system. A good look at this problem is by Jon Callas, <mailto://jon@worldbenders.com>, and is called, "Using and Creating Cryptographics-Quality Random Numbers," which he wrote for MacHack 97. Actually, Jon makes a marvellous case for using hard drive read-write time differentials, mouse motion and other run-of-the mill stuff as great sources in and of themselves. If Jon's right, we're probably all set on the entropy front. This paper is a must read.

Hardware Cryptography: There are several purpose-built chipsets out there for cryptography now, including the new RSA chipset built in Japan. (For the moment, we'll avoid discussion of the irony of the fact that once we've imported the chips, we can't export them again.) There will be more of these chips built as time goes on, and the Mac should be able handle these as efficiently as possible, in the same way it handles CD ROM drives and other hardware. We'll also need to be able to handle both biometric and digital key hardware like smartcards.

Software Cryptography: In addition to understanding how to use the PowerPC chip to its best cryptographic advantage, every effort should be made to help people who write code requiring cryptography to use it as easily as possible. At the Mac-Crypto conference, we talked about whether or not to develop a crypto-API for the Mac. There was strong argument on both sides of the question on one hand, Internet Config gives us a model for letting the Mac developer community do it. The current Keychain-Config effort, is an example of this. On the other hand, Apple is one of the first licencees of RSA and could use that to their advantage if they wanted to. On the gripping hand, :-), Apple could be accused of providing "hooks" for crypto, which could get them in trouble with the ITARs and make whole pieces of the MacOS non-exportable. Furthermore, the paradox of strong cryptography is that unless cryptographic source code and algorithms are publicly available, they are really not to be trusted. Cryptographers call secret code and algorithms and code "Snake Oil," and with good reason. Cryptography should be secure independent of the algorithm. Things like this will probably give Apple Marketing, much less Apple Legal, fits.

Commerce Hardware: The Mac should be able to easily and securely handle credit card swipes and smart cards. Smart cards are going to be used for everything from digital cash wallets and checkbooks to authentication devices for banking transactions. We see a day when every Mac and Newton will have an authentication port of some kind.

Commerce Software: The same developer ease-of-use criteria for cryptography should hold for commerce-dependant applications. Like Internet Config's ability to put a URL in any application's about-box, we'll know when we've succeeded when every piece of shareware for the Mac has a "pay" button in its about-box. Certainly, this is doable as an adjunct to the MacOS, or Apple can do something on their own. The point should be made, again, however, that the specs, and even the source code, for all of this should be open.

Internet Cryptography: IPSEC, the forthcoming IETF internet-level cryptography standard, is pretty much here. The Mac community should make it completely transparent in every network-related Macintosh function. In addition, Apple and it's developers should participate actively in the IETF cryptography and public-key processes. For instance, there's an effort by John Gilmore, called SWAN, which hopes to encrypt 5% of internet traffic by the end of the year. Apple should participate in this.

Digital Commerce: Finally, let's look at applications that the user sees, which handle financial activity of some kind. Stuff which uses cryptographic financial protocols as servers, clients, and, particularly, as peers in a transaction. Clearly we should pay attention with SET/SSL, which is pretty much done already on the Mac and other platforms, but also to FSTC checks, to so-called "counter-card" digital cash like Mondex, and finally, to digital bearer certificate technology like Digicash's ecash, Brands cash, and others. Also, those building server technology should be paying attention to the various micromoney protocols out there, like Millicent, or MicroMint. Someday, we're probably going to be looking at paying for routing by the packet, but we're not there yet.

Political and Legal: Here's something that Apple can really do. Apple has some of the best lawyers in the business, but clearly it cannot hope to go against Uncle Sam and expect to stay in business. However, the thing it can do is to found and contribute to a legal defense fund which defends cryptographic digital commerce in court against such things as restraint of trade, invasion of financial privacy, and so forth. Things which directly impact the future of digital commerce on the net. We're loathe to talk about legislation here, because it seems that when you involve yourself in legislation, all you do is pass more laws, :-), but helping to fund lobbying efforts on behalf of digital commerce is also something that Apple could do.

Okay. Let's go back to our three scenarios, and apply some of the above ideas to them:

1. The Telecommuter. Clearly, this person needs a secure link to their office (IPSEC/SSL). In addition, they may need to act in their corporation's name, to purchase something, to correspond with customers and vendors, etc. That means some kind of certification hierarchy, which means key generation and management (Keyring). All of the above require strong cryptography, and as time goes on that cryptography gets stronger. Finally, that person might want to get paid by electronic check, especially if they're working for a small international company and direct deposit is problematic.

2. The Independent Operator. This person needs all of the above, including limited authority to represent his customers to others. In addition, this person would probably be more likely to be paid by electronic check, and to spend her money on the net for code, information, or to subcontract services from others. These people are also going to be selling stuff directly to others on the net. Like any other small merchant, they're going to want to handle checks, cash, and, someday, micromoney safely and easily. Also, if there's this kind of inherent financial ability in every Macintosh, this opens up the Mac market to a whole class of early-adopter in the new internet financial markets, but that's another story.

3. Internet Infrastructure. At first blush, it looks like the Mac has missed this market completely. However, remember that the easiest web-server to set up is a Mac. Actually, the easiest internet server of any kind to set up is a Mac. The problem is more one of dealing with high volume and exceptions, which will be addressed more readily if the server turned itself into a literal money-machine. Nothing focuses resources on a problem like money. :-). If Mac servers could get paid better than any other machine, people would beat them into shape pretty quickly, and for lots of things we can't even imagine now.

It should be noted that one of the problems with net now is that it's getting too hierarchical. The ironic solution to this "sky-is-falling" disaster of network bottlenecks is not bigger and faster central connections, but more direct geodesic connections. This means more small machines talking to each other over load-determined random "circuits." This is the essence of the Huber's Geodesic Network idea. Every node should have more than one line going in and out of it, and, given competition for bandwidth for separate sources, that's more likely to happen as time goes on.

All-in-one ISPs will probably break up along functional lines, for domain name service, for mail, for web-service, and for news. (Bob's ISP, TIAC, couldn't get an SGI Onyx to handle their news and is now thrashing redundant DEC Alphas.) This "surfacting" of the internet service market will be easier if these machines can be "paid" as they're used. Commerce-enabled Mac servers, if easy enough to set up (which would stand to reason), could dramatically reduce the cost of entry for competition in these markets, adding more "switches" to the network.

On the wilder side, this trend could get very interesting. Remember the Mac as peer-to-peer machine par excellence. If the server technology could be made cheap enough, any permanently on-line Macintosh could be dynamically allocated to work as a server for whatever is paying at the moment, literally making money when no one is using it for anything else.

4. The Couch Potato. Ah. That was work. Now it's time to take a break. Kicking out the footrest on the old BarcoSofa, let's see what the net has for us on TV. Our Couch Potato requires the ability to see product, to buy it, and to view it. The rest of the world seems to think that this is the entirety of the digital commerce experience. We now know otherwise. :-) The internet is not "mediable", thus it is not "media". Hmm... Let's see if there's beer in the old integral minibar...



Bob Hettinga
Vinnie Moscaritolo


[ Back to the previous Rant ] | [ e$ home page ] | [ On to the next Rant ]