Tuesday, March 25, 2008


I've been looking with interest at Amazon's Web Service stuff, particularly S3, for several years though never really saw it as being a realistic part of the Investment Banking scene. However, I wonder if that's going to change with great deal of interest in SOA and now Web 2.0 from the marketeers which is feeding into IT strategy. Here's an idea I bandied around with Ian Grigg of Systemics, a leading light in the financial cryptography community and author of the seminal paper Financial Cryptography in 7 Layers.

Seems to me that the ideas and the technology have been around for a while - it's the time it takes to change the strategy juggernaut that's the issue...

A conversation with Ian Grigg of Systemics from 27th November 2003

I have an idea called Notelets - an arbitrary lightweight data storage mechanism with good
security and highly redundant. Access is via key or x509 cert. Notelets can be "chained" - linked together and "nested" - heirarchical, distributed - stored on at least n nodes (where n > 1.)

This is a bit like freenet project (freenet.sourceforge.net - forget the "freedom" rhetoric - this is the incentive mechanism) - a cryptographic file storage system which is highly redundant and highly distributed. However, there's no element of revenue in the model - and therefore no incentive to run a freenet node. Notelets is different in that the revenue model is a key part system - allowing those who host the service to earn a revenue and build a reputation.

The idea is to "give away" the software to whoever would host data storage - instant and pervasive infrastructure. One of the principal usages would be that of a semaphore between one-to-one or one-to-many parties.

The service could facilitate high levels of security (I won't bore you with the details - but a good analogy is the "tradecraft" symbols used to coordinate drop points as detailed in the Mitrokhin Archive)

A p2p management layer would handle server reputation, notelet distribution and would be geolegislatively sensitive.

[GB] Here's an idea. What about a "notes" service (a la post it notes.)

- user/application issues request for access
- cert issued via email/soap call
- cert presented when service accessed.

[IG] Hmmm.... OK. We are talking website - browser access with client cert here, right? That infrastructure exists which is a big plus. It has had mixed reports, which is a minus. I suppose we'd have to test it to see if the promise is kept.

[GB] - User can create up to 20 blobs of info/text/binary - up to 20KB each - blobs can be linked together - chained, deleted, modified, searched etc

[IG] OK, so this is a sort of user management desktop thing. As close as possible to one's personal PC capabilities, but over the web, right? An all-powerful web services thingie.

This would be sort of like PeopleSoft I imagine, not that I have the faintest clue what PeopleSoft do.

[GB] - blobs persist for 7 days then recycled. These blobs are free - alternatively, blobs cost 2cents per 20K (based on a dollar a gig at present - this will drop though.) One time fee - for five years (based on MTBF of disk) - Plus running costs of say 5.47 dollars a day for a 120GB mirrored server (5 years @ 2000 bucks for rent and power and bandwidth - based on uk prices)
works out at (120 * 1024 * 1024) / 20 * 1024 = 6144 "notes" per day is 5.47/6144 = .9 millicents per note per day - Then add our profit margin - 100%?- you get 4cents setup - 1.8 millicents per day.

[IG] Ok, so someone comes up with a pricing model and revenue and all that.

[GB] So who would use it? Well - you ever tried to build an application in a bank? ha ha - nightmare - power and control are exerted by restricting access to machines and storage.

[IG] Hmm, ok. But - to cast my devil's advocate spears at the idea - anyone who is working in a financial institution like that will not want to pay for the access to a "great tool." They would only use it if it was free to them, which means either there is some con going on and the bank pays for it without knowing, or, the bank is paying for it up front, and it is therefore part of the application.

Are you saying the latter, as that's ok, because the bank itself wants it anyway?

Where I would go a little weak at the knees is that most places I have been get all fuzzy and crazy when they hear that substantial amounts of information are off-site, out of their circle of "physical control."

But let's keep going I'm the plant, recall, I criticise and others grumble and groan until they figure out how to slip one past...

[GB] Second users would be lightweight coordination services - inter organisation - like as suggested in The Tentative Hold Protocol.

Nice idea I think matey

[IG] That's heading in an important direction. Whoever cracks the way to automate the pre-contract parts of the deal process is going to be big.

Personally, my current view is think of it this way:

1. build the payment
2. add the bits that make people use the payment...
2. a hence the IM addition to WebFunds which is "nearly there (tm)".

I.e., build one tool, and then build out from there.

One thing I'm very leary of is people who say that they've worked out a way to automate purchasing and contracting. They never have clue. But, this loose/tentative approach might be such that someone has realised how hard this is...

(Haven't time to read it. Oops, it was by Intel

But I agree, a nice idea. I doubt that we would be able to "build a protocol" .... It's a big job.

[GB] What is it that the large institutions want? In my experience, they want something sold to them by the big 5 (IBM, SUN, Microsoft, HP etc.) Of course, selling to them is next to impossible.

[GB] They want to minimise risk and cost and maximise profit (for them) of course

[IG] Yeah I heard that too If I knew how to do that, I'd be tempted to keep it to myself though

[GB] Sure - that's the crux - they want to buy from the big 5 so they can sue them if anything goes wrong. But the big five need to take advantage of the bazaar effect - millions of programmers rather than just a couple of thousand.

[IG] Well, if that's what you want, then do this:


That we can do. I have the tech, and the knowledge. There is a fair bit of programming to be done, but, I know the traps. Several companies have tried, and have all failed as far as I know. There is one company doing it currently, something with "brain" in the title.

Mind you it is a fair way from J&S. However, maybe it can be turned to legal work. "Project to research a brief on effects of digsig law on payment systems. Must include cases, cite precedences. Supports case to defend Twinkies Tokens v. Crown."

Now, confidentiality of the attack before the judge is an issue in litigation, so it might not be so obvious that we could use open research projects. But, it can be used for deception as well. And,
many projects would be obvious.

[GB] They need to consume services which are reliable and secure - and they will pay the price. The Big 5 need to peer content/services so they can have a comprehensive offering.

[IG] Um. OK. So, a characteristic is reliability. And, security. But, that's all something that we can consider when we've figured out the service.

[GB] This is the point of a directory approach - reputation is key to the success of a service - fast, reliable and cheap - that happy medium. Doesn't stop you downgrading when a service fails - and this gives you realtime failover which is kinda cute.

[IG] Right. But, you cannot have reputation unless you have success. First, you have to succeed, then you can create the brand to protect that success. It is improbable to create a reputation without first having a presence, which means a service or product that has already made it.

Catch 22, of course, which is why the big 5 like buying from big companies and paying the price

[IG] OK. If they are into the legal field... one thing that did arise in my thoughts was a thought that discovery could become a web service.

Here's how it works - in a case there are hundreds of documents flying back and forth. Discovery is the first phase, then there is an intermediate phase where documents are listed in preparation for hearings. Finally, there is the "lifting into evidence" phase, where certain of the previous set are presented.

Now. All the documents have to be fairly available. But, both sides have an incentive to futz with their responsibilities. So, the whole thing is ripe for intermediation. If, in the preliminary proceedings, someone suggests that "we go with S&J Discovery", then all documents/transactions would go to these guys instead. And, S&JD would mount a website, and a huge data repository, such that as documents come in, they are webbed. Each side gets their account, and their password. Access is private, so each side can't see what the other is doing.

In the hearings, S&JD deliver the sets, so the docs are standardised. Both sides get the same quality, so there are fewer arguments.

Hmm, having written the above, I see that it has nothing to do with FC Oh well, maybe S&J can make something of it. Ideas are cheap.

[GB] It dovetails nicely with my idea for a notes services - serendipity. And mine is very much about FC - because we're dealing at the engine level - not the car - the ladiemight make a truck out of it for the legal profession - and on the back of it we make an infra biz...

[IG] It does. Yes. What suprised me was that the legal services world is very very bad at technical stuff. They are very vulnerable to a service bureau taking over large parts of their enteprise.

So, it doesn't have to be the above idea. It could be any hook really, but, once you can get into the legal services field with a net based support service, that combines multiple firms, you can then expand out, using either your post-it notes idea, or the above discovery notion.

That is, eventually, you become the para-legals department. In a sense. You do everything for the lawyers, bar making the coffee.

Have you seen the movie "Minority Report"? Imagine the setup they had, and compare that to a law library.

Big barrier is the law library - it has to be purchased by a new attorney trying to set up practice. I asked my guy - a real good guy - what the good book to get for contracts was, so I could understand how to do Ricardian contracts properly. He said the reference is "Chitty on Contracts."

So I checked, and it is $500 at amazon :-/

Now, imagine S&J Legal Services, puts a big screen into the spare room that is now called the law library, but with no books... Lawyers drive the tech, rent if for $X per month, and scan and search and ...

But, the point is, it doesn't matter what the bait is, in principle, lawyers are vulnerable to this service dependency, I postulate. So the task is to find the best cheap easy bait, and the best set of hooks 1 thru N and roll them out.

[IG] I'll think of something more FC. Perhaps a legal settlement currency, where cases are settled and escrowed in advance, and held in a sort of funny money, in Ricardo of course, and thus less money changes hands?


[GB] Sounds like a great idea. We've been dealing with some legal stuff recently - and one of the things people have been asking for is for us to deposit 30K with a solicitor - it would be better to indicate intent by depositing a virutal currency - which would indicate intent and effect contractual obligation?

[IG] There is certainly a market for independant escrow services. Placing it in a currency would be one way. It might be easier to find someone already doing it, and sell them an FC system.

Now that I think about it, if you ask the solicitor this, he'll probably say, "yes, this is what you do.
You go to J&S Escrow Partners in London, place the money with them, and they give you a piece of paper, which you then hand to the solicitor. They are the firm that everyone uses. But your solicitor won't ever tell you about them because he needs your funds in his account because he uses the float to cover his loan to the book seller......."

Now, the thing is to find that firm and sell them on the benefits of going digital. If they were to issue units in Ricardian, instead of paper, they could save some small amount on costs. But, the real future is that once they have got all the lawyers using their Ricardian escrow paper, they can launch a legal currency for other purposes.

[GB] Also it could be used as a proof service so that you could ask whether counterparty has deposited or performed some action?

[IG] yep!