This issue has come up, with a few list readers talking about how
uncertain or fuzzy reputations are. Some have said they see this as a
fatal flaw for commerce and dealings in cyberspace (and in
cypherspace, the strongly-untraceable variant).
If we were all in the same room and had access to blackboards, maybe
these doubters could be convinced. Lord knows, this is what a lot of
the early Cypherpunks physical meetings were all about, with hours
spent drawing pictures, refuting arguments, considering gotchas.
Regrettably, we are not in the same room and text articles don't work
in the same way (especially when people often don't even read the
full article or any of the cited references!).
Yes, I know about HTML and GIFs, but there's no way I'm going to
prepare a series of diagrams and pictures, for obvious reasons: time,
lack of feedback, limited audience, etc.
Some general comments:
* Yes, reputations are not objective things like the charge on a
particle. Rather, they are more like the velocity of a particle:
different observers will observe different velocities. Or, continuing
the physics analogy (which is limited!), there's a complicated
tensor, or matrix of values, attached to what we call "reputation":
Alice's reputation as a cook to Fred, Alice's reputation as a writer
to Dorenda, Alice's reputation for being on time to Digital
Datawhack, and on and on. Not only is this matrix large, the values
are themselves dependent on other beliefs and assumptions, and the
values vary even on a daily or hourly basis.
* this should not be surprising to anyone. The notion that "Alice"
has some "measurable reputation" is ludicrous. To whom, for what,
under what circumstances, etc.?
* What we call "reputations" are really "beliefs." Assertions in a
personal data base. Reputations have a different flavor from some
other kinds of belief. "I believe Alice was born in 1965" is a
different flavor of belief from "I believe Alice will repay money
lent to her" or "I believe Alice speaks the truth." In ordinary
language, we classify the latter two beliefs as statements indicating
has a good reputation for repaying debts or speaking the truth.
* Beliefs come from a lot of places. If a lot of people tell me that
Alice has repaid money they lent her, I believe (for Bayesian
reasons, though Alice may still screw _me_) that Alice has a good
reputation for repaying debts, i.e., a good credit history. This
belief I have is my assessment of her reputation. It is _not_
something Alice owns or carries around with her.
(There are obvious and important implications for free speech here,
too. The notion that Alice "owns" her "good name" and can take action
against others who "impugn" or "besmirch" her "good reputation" is a
pernicious idea. One reason so many of us understand and embrace the
notion of unfettered free speech, even speech impossible to trace to
a speaker, is because of a deep understanding of how probabalistic
belief networks operate, warts and all. If L. Detweiler "besmirches"
my name, he has besmirched his own repuation, in my view. I could go
on, but I just wanted to make the links between reputations in
_commerce_ applications and similar reputations in areas where some
folks think we need laws against slander and libel, regulation of
"bad" speech, etc.)
*Back to the relativity and fuzziness of "reputation."
* I mentioned earlier that several other interesting concepts have
the same kind of "relativity" and fuzziness: entropy, randomness,
even encryption. These things depend on context, on environment. A
complicated bit string may look like noise, utterly random. But it
may be an encrypted message, or even the genome of an oak tree. Cf.
the work of Chaitin and others, treated popularly in recent books by
John Casti, John Barrow, Rudy Rucker, Ivars Peterson, and others.
Everyone on this list should think deeply about issues of randomness,
entropy, and algorithmic complexity. These are core issues, not just
to cryptography, but also to PBNs and complex systems in general.
* Greg Broiles mentioned "bets" in this context. Bets are a good
thing to think about: they represent an agent's most self-interested
assessment of a bunch of factors: how likely a loan is to be repaid,
how likely it is that Alice will be at the restaurant when she says
she will be, who will win the Super Bowl, etc. Not surprisingly,
dozens or even hundreds of scraps of information may be fed into the
process of making a bet, setting odds, etc.
* Is there some master formula for establishing odds? What do _you_ think?
* Is it all hopeless, then? No. Reasoning with incomplete knowledge
is something evolution has prepared organisms for quite well. Many
tools exist to estimate odds, from standard probability theory to
more exotic recent methods ("maximum entropy methods," for example).
Bayesian reasoning has gotten a lot of press lately.
* Because of these perceived difficulties, it is often tempting for
strongmen or thugs to establish top-down rules and use the threat of
physical coercion to ensure compliance. Names and identities often
fit this, with every citizen-unit being required to carry papers,
proofs of identity, etc. This tendency toward having a "master
signer" (root) who then delegates siging to lower levels, etc., is
also tempting for top-down use: the President of VeriSign, for
example, tells the next level down that they are who they say they
are, and they tell a lower level, and so on.
* PGP, to the credit of PRZ, adopted a "web of trust" model. Instead
of a top-down signature authority, so to speak, the web of trust is a
closer match to the probabalistic belief networks found in personal
interactions: Alice believes something about Bob (who he is, where he
lives, whether he has repaid loans to others, etc.). Bob believes
something about Alice. Dave believes something about Charles, and so
on.
* a "digital signature" is nothing mystical or special, just another
"belief." If I meet someone named Alice and she signs something with
her private key, then if I see this same signature someplace else
(e-mail, for example) I will have a degree of belief that the person
I met in person is the same person (or has possession of the key,
which is similar in most cases to "being" the same person) I am
dealing with via e-mail.
* does a digital signature really mean that this person "is" Alice?
No. And it is unclear what it means to say a body or agent "is"
Alice. Unless and until there are naming systems at birth, trackable
biometrically, names are just handles. They change. The focus on
"is-a-person" is overdone. ("Is-a-person" is a topic of interest to
cryptographers, and is something newcomers should read up on.)
* webs of trust are special cases of the probabalistic belief
networks I've already mentioned. Seen as a graph with various nodes
and arcs representing degree of belief in something.
* the top-down naming system being pushed by VeriSign (and perhaps
likely to gain Official Government Recognition, meaning, get a
certificate from VS or don't bother trying to communicate with the
IRS, DOJ, etc.) is a graph looking like a pyramid.
* and so on. Much can be written about these graphs, these networks,
and their properties. And about tools for propagating belief.
Dempster-Shafer methods, for example. Judea Pearl's recent book,
"Causality," has a bunch of interesting insights.
* are there "scalability" and "consistency" issues with non-pyramidal
PBNs? Sure. As to be expected. (Issues of unwieldiness of large webs
of trust, for example.)
* Are these "show-stoppers"? Not that I can see. I'm quite happy
receiving signed keys from folks I know. If the entity known as
"Lucky Green" gives me his signed key, and I add him to my keyring,
then I have confidence the e-mail he signs comes from the person I
know. I don't care whether "Lucky Green" is his True Name, or his
Immigration Name, or his Stage Name. And I don't care whether some
data base at MIT is choking on all of the names and keys they have
_centralized_. (Hint: the word "centralized" should be a clue.)
* Fact is, we make most of our decisions based on probabalistic
belief networks. For restaurants, movies, t.v., books. Lots of
sparseness in the network, lots of fuzziness. But when someone asks
for a list of recommended reading, and folks like me give such a
list, this is PBNs and reputations at work--regardless of how "fuzzy"
the recommendations may be, regardless of "authority" issues.
(For example, taking the objections of some here to reputation
systems, one might expect them to ask such questions as: "But who
established the reputation of Tim May? How do we know he is
qualified, or authorized, to give such recommendations? He recommends
Vinge, but do we know if Vinge has given his approval for Tim to
recommend his books? This "reputation" thing is just too informal to
be workable.")
I encourage readers to check out the books and articles on the topics
mentioned here. Don't expect them to directly refer to the topics at
hand with Cypherpunks, for obvious reasons. We are in many ways at
the cutting edge, in terms of realizing the implications of
untraceability, nyms, and reputations for commerce, so traditional
analyses have not covered these things.
A recent book, a very recent book, is "Peer to Peer." (Cf. Amazon.)
It has at least a couple of articles sketching out reputation issues.
Not in the PBN sense I describe above, but, then, they didn't ask me
to write a chapter, so I didn't.
--Tim May
--
Timothy C. May tcmay(a)got.net Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
