The Proposal Revisited

I previously wrote an article called “A Proposal for PGP Encrypted Mail/Delivery Services” which, along with a little story as to how and why I came up with the concept, proposes the idea of the separation of address lines via pgp encryption so that different levels of the postal/courier system, and our governments and agencies that run these systems, might not have full access to what could otherwise be private information.

The basic idea is that at every destination along the way our traditional mail is routed each line of the address can be encrypted. This allows a package or letter to be sent from nation A to nation B without the sender and/or country A knowing where the final destination of the package is.

It seems to me this system could be argued for by the public, without governments having a legal basis for denying the general population this freedom. In other words, how could a constitutionally based nation A argue that it needs to know the SPECIFIC destination of a letter being sent to a foreign nation? It’s true I’m sure, from this perspective, that nation B’s government/postal system might argue for this right to encroach on the citizen’s privacy, however this doesn’t completely render this proposal worthless for the citizenry.

The division of private information that such a system would create, would give the citizens extra layers of protection, especially for example, in regard to meta-data breaches. Each level of the delivery system would not have access to the full addresses that cross their “desks” and so a breach on any level would not breach the entire cross-continent services. This is true also right down to the human level, that the workers would not be able to compromise address/destination security either.

In regard to the article I wrote previously (linked above), my proposal was specifically aimed at the sellers of contraband, or packages that the receiver might not want anyone to know they are receiving. The seller’s address lists could either be stolen, or depending on the motivation of the receiver and their want of privacy, the seller could actually sell the addresses linked to the customer’s names or even the meta data.

Would Governments Allow Such a System to Be Implemented?

The system works in a basic sense with a set of lockboxes and keys. If we use an example of a letter entering a nation, the government or postal system might lawfully or unlawfully demand to have full access to the destination address. This can be easily done by the government providing a public key to which only that government has the corresponding private key for. It is as if the government hands out a lockbox for the letter/address and only that government has the key for it. This would still satisfy the receiver, for some circumstances such as the reasoning I came up with this idea in my previous article.

This system COULD be refined and divided further with great ease. All along the way different sections of the postal system, perhaps down to municipal or regional, could have their own private/public key pairs, and so different lines of the destination address could be made readable only by certain levels or divisions of the entire delivery system.

The small point I wish to make here is, that although the people might not be able to successfully argue for a FULLY private system in which the governments could not at all track the packages being delivered, there is still some benefit in the implementation of a partially private system. And a partially private system could be made to not take away any of the government's powers over our privacy or lackthereof.

Furthermore, I think it can be argued not only that such a limited implementation has benefits for the citizen, but that it might be beneficial from a malevolent government’s point of view. This makes the proposal promising in regard to the implementation beneficial change.

Digitization of Addresses

PGP encryption is voodoo to the average citizen, and the nature of the encryption is such that writing out addresses by hand is hazardous since every character is so crucial. Part of the purpose of the legacy mailing system is that some people don’t have computers and or printers and rely on hand-writing to send packages or letters.

On the other hand if we could digitize the addresses for all of the mail being sent to every destination, there could be a great shift to automation for the sorting and routing of the packages. The efficiency created by such a shift could be re-invested in the global economy and so it’s definitely something we should strive for over time.

I’m imagining here a system much like getting a stamp at the post office, where one writes out the address, possibly with the help of a postal agent, or just by typing it into a special computer/kiosk and then the address label is printed out with the appropriate encryption. For most people they could simply do this on their personal computer or their mobile, and then they could have the address label waiting for them in cyberspace for when they are ready to send the package. They enter their username and password at the post-office, and out comes the sticker with the encrypted address.

It would also be possible for the encrypted result to be stored in a database and then some user ID/passphrase could be hand-written just like the traditional method of writing out an address today.

A process like this doesn’t really add any mental transaction barriers and seems to keep enough of the legacy system intact such that the cost benefit outweighs the barriers to NOT implementing such a system.

I say this of course because this creates incentive to digitize the entire mail system which means that we could eliminate most of the human interaction with the letters and especially the sorting of them. Governments might be pleased with this system since the collection of metadata on our postage would now be fully automated.

Multisig Address Encryption

It’s a small point to make but I think not insignificant, that the encryption could be set up with multisig, so that in order for mail to be routed to its proper or final destination, certain multisig requirements must be made. This could allow for different solutions along the way to be implemented which might, for example, allow a government to force a citizen to show ID, or make a payment, before a package arrives. This isn’t really something completely new, but the innovation here is that it can all still be done in an automated fashion. Packages not picked up or not paid for, could sit longer and it seems there would be less fear of them getting lost with such automation. It is less of a burden on the workforce to handle packages this way.

A small point but there could many complex implementations of this system, such as “If X key is provided, send package to X address, if not sent package to Y address”. Programmable addresses.

This suggests it possible with a multisig system to allow governments to have backdoor control of the system, yet to never really see the destination addresses without a warrant. This still satisfied many of the general population's privacy and security concerns.

We can note that the process of revealing keys and routing packages with this implementation could be done completely online and specifically in tandem with bitcoin payments and smart contracts. This essentially eliminates the need for traditional stamps since the value of the stamp is effectively expressed in the encrypted address and paid for via crypto-currencies (or traditional online payment methods).

A Quick Note on Mailboxes

Although this system would ideally be automated, it could still be useful in regard to human interaction. Traditionally, in some places, people pick up their mail with a key to their mailbox, that is set up in a room among many other user’s mailboxes. Employees of the postal service usually sort the mail on the other side of the wall by matching the address with the corresponding box. This is a point for failure in regard to security, as the worker is then allowed to see which type of mail goes to which person. With encrypted addresses, and even using some of this legacy system (ie the employee still places the mail into boxes), it could be set up such that the mail is separated by humans but there is no link between the address and the owner of the box.

A slight modification to this structure of mailboxes could take this privacy and security even further. If the mail was simply dropped into separate locked boxes, and especially if it could be auto-sorted, then when the receiver comes by with their “key” (here the key is probably, but not necessarily, digital), then the corresponding box could be shuffled to the front and no one but the receiver needs to know who is getting what mail.

Conclusion

For all this, I think the proposal is fairly solid because it can be broken down into smaller implementations that could be palatable or even favorable for even the most malevolent governments. Once such a system is implemented we should expect the use of it to naturally educate the citizens on how encryption can really help grow our freedom and privacy without the negative side effects that governments always seem to argue are necessary. So there would be some evolution required to truly optimize the system from the perspective of the receiver or the average citizen. I think for nations that do have a working constitution, or are leading the charge in regard to freedom, an implementation of this concept would tend towards the optimal side which would be that no human or system ever has full access to a full address, and furthermore that eventually no compromisable entity ever has access to a single line of the full address (this would of course be the “ideal”).