[acje]

I look forward to the decline in interest in generative ML. There is a screaming need for secure online services to enable democracies to face off the threat from authoritarian regimes. To do this we need hardware that enables actors as in actor model with truly private state, not sandboxed where there is an external entity that can observe its state. Today pretty much all designs has a perverse von Neumann architecture where state is shared across different compute devices like network controllers and management engines. And the software stack is more of the same sandboxing. Apple includes a Secure Enclave on its SoC where you may only communicate with it by sending messages like a proper actor, but why aren’t servers made entirely of secure enclaves? If the memory of each enclave was private by design in hardware it shouldn’t be necessary to encrypt it.

[TeMPOraL]

How would that empower democracies more than authoritative regimes? The technologies you mention are means of control, and are used as such. Secure computing doesn't help you when the regime owns the keys (or can coerce them out of the vendor).

I may very much be wrong about it, but intuition and experience tells me that means of control usually empower authoritarian parties first and foremost, unless fully owned and operated by individuals - which, in computing, is very much counter the trend and the zeitgeist.

[acje]

Good question and I don’t have a good answer. My intuition is that democracies are more dependent on transparency and that lower complexity and higher security would enable more distribution in control.

[TeMPOraL]

I intuitively agree on transparency being important for democracies, but then I see "lower complexity" and "transparency" as both being opposed to "higher security". Taking for example the secure enclave you mention, its whole point is to bolster security through removing transparency via a complex hardware and software system.

[Dalewyn]

You (and probably a lot of tech nerds) need to remember democracy is a social challenge, not a technological challenge. What applies to technology does not necessarily apply to society.

The more opaque and complicated you make so-called "democracy", the less the electorate have faith that it is fair and representative. Simplicity and transparency is security, security that democracy is working in a way everyone can and must agree with even if they don't necessarily like it.

[TeMPOraL]

I don't think it's technology vs society issue (and I do honestly maintain that social problems are supposed to be solved by technology, because that's literally what technology is for by definition). It's an issue of framing security.

Cybersecurity mostly assumes the vendor is the trusted party - the users are the sheep the vendor is shepherding[0]. Security is designed to pretend first and foremost the vendor, and secondly its flock of users, against attacks from outside parties and other users. The users are untrusted parties here.

Democracy, in contrast, is an unusual relationship in which it's the organization - the government - that's the untrusted party. Transparency is crucial to security of this system, because the very party that organizes it is the one most incentivized to subvert it. It's a special case where opaqueness is not accepted. This is why it's hard to port ideas from cybersecurity to democracy - the assumptions underpinning the two are opposite to each other. Most of what infosec considers good practice would immediately violate the electorate's faith you refer to.

Exercise for the reader: how would our computer systems look if the security field emphasized end users as trusted, and vendors as malicious parties?

--

[0] - I love how the ubiquitous analogies to good shepherds, including biblical ones, conveniently omit the fact that the very reason shepherd cares for their sheep is so they can be fleeced for wool and/or slaughtered for meat.

[baq]

AI slop is perfect for reducing usefulness of transparency: you can generate so much bullshit nobody will ever be able to discern what is worth looking at even if you can have access to everything. We aren't there... yet (but perhaps ask Google how is their search product doing in the past couple years). I'd love to hear what Shannon would have to say about this situation.

[chucke1992]

I am pretty sure that democracies are happily pivot to authoritarian regimes because a lot of people just like to have a single choice they prefer.

[jjtheblunt]

or implementations of democracies can be gamed by groups with authoritarian inclinations?

[Dalewyn]

To be clear: It's not that the electorates like authoritarianism, they hate "democracy" which doesn't listen to them nor work for their interests and benefit.

[chucke1992]

but that's the whole point - the democracy has to consider interests of various group and - ironically - it only somehow works when you have a single unified group. When you have diverse groups - there interests do not align and it becomes a clownshow

[bobbiechen]

Server-side secure enclaves (confidential computing) are becoming significantly more popular for the exact purpose of providing secure online services, and a decent number of companies are already doing this today.

There are technical challenges in using secure enclaves correctly, and those limit adoption. At Anjuna (anjuna.io), we are working on those problems and seeing good results for our customers.