This is a little bit of a homecoming, I think, for us, both Lopp and I have been in the Carolinas
a long time.
I came to the first Cryptolina event several years ago, learned a lot about cryptocurrency
generally, met Vitalik who was there, I think this was pretty much all the craziness of
all the Ethereum stuff, but it was a good time since it's awesome to be back here and
thank you to Rook and everybody for organizing.
I'm Jerry Walsh, this is Jameson.
We are working on a company called Casa, which we deem as the best personal key system on
the planet.
We're going to talk a little bit more about that later in the presentation, but to start,
I think that we're going to talk a little bit about the key to surviving cryptoanarchy.
That's why we're all here.
Well, this talk is probably a little bit different than most of what you've heard today, but
I'm a fairly long-time Bitcoin guy, Jeremy, as he said, has also been in this space for
a number of years, and I've spent pretty much all of my full-time Bitcoin career dealing
with security.
We're here to tell you about our vision for crypto castles and why it's important as the
world continues to change, as we believe that a lot of the sort of socio-economic aspects
of the world will change, political aspects will change, but your day-to-day lives are
going to change, whether that's because of Bitcoin, Ethereum, cryptocurrency, crypto
assets, blockchain, what have you.
We see the entire world going towards a world where you have more control over not just
your money, but many different facets of your lives, and we believe that this is mostly
going to happen through the use of cryptographic keys, and you're going to need to know how
to navigate this world.
We're going to talk about the ideas of crypto castles, about why we think you're going to
need to be able to defend your private keys, we're going to talk about why these changes
are going to affect the world at many different levels, and a lot of this is actually due
to violence and the dynamics of violence, and then finally we're going to kind of tie
in CASA into all of that and why we think CASA is going to be an important part.
So what is a crypto castle?
Well, let's actually go a little bit further back in time and talk about what is a castle.
So early castles were mainly built out of whatever materials were available, wood, earth,
other natural resources, and usually castles would be built in areas that had natural features
such as water or heavily wooded areas or mountains, and it would help to deter unwanted guests.
And as technology improved over the centuries, attackers were going to eventually be able
to overcome a lot of these natural features, and as a result, engineers changed the way
that they built castles and improved the materials that they were using, eventually coming to
use stone, of course, which is what we generally think of a castle as being built out of.
But the dynamics of security are always in flux, and offensive and defensive technology
are constantly competing, and eventually we had gunpowder come along, and the gunpowder
based weaponry was eventually able to blast through these heavy stone walls.
So that ended up basically deprecating castles, making them juicy targets for artillery.
And these days, if you want to defend against that type of attack, you actually have to
have a heavily fortified bunker that's probably hidden well deep underground.
So one of the points we're going to try to make here is that a castle is a home, and
a bunker is not.
A bunker is a military structure, but a castle is a fortified residence.
And back in the day, when castles were really in their heyday, it was a place where you
would live, you would entertain your guests, you would throw parties, you would be able
to relax with the knowledge that you were safe from almost any type of attack.
These days, we can look at bunkers actually like the ones that are shown right here, and
over 10 billion dollars worth of bitcoin and presumably many other crypto assets are stored
in bunkers exactly like this one, which happens to be owned by a zombie.
Now is this type of setup secure against pretty much every conceivable type of attack?
Yeah.
But are the users who are keeping their crypto assets stored in these bunkers sovereign unto
themselves?
Do they have control over their assets?
Generally no.
And that's because they are entrusting these assets to the operators in the bunkers, to
a trusted third party.
And this is because almost nobody actually wants to live underground in one of these
bunkers cut off from the outside world.
So why is self-defense important?
Well, if you're using a bunker service like Zoppo, you are essentially outsourcing your
defenses.
Zoppo is taking care of defending your private keys.
But the trade-off is that you've given up control.
So if you want to actually retain control of your assets, which I believe is a fundamental
premise of these systems, like why bitcoin was built in the first place, then you have
to be able to take on the responsibility of defending them yourself.
Now this is something that a lot of people aren't particularly interested in.
Most people, I think, don't really put a lot of time and effort into thinking about self-defense.
And that's probably because they're not getting attacked that much, they're probably not a
high-profile target.
People who do end up having large amounts of wealth end up usually entrusting it to
specialized custodians that are working on the security aspects, and that is what we're
traditionally thinking of banks and other financial institutions.
But if we're changing the model so that you have to defend your own assets, then most
people are not living in fortified residences.
They don't have a castle, at least in America, most of us are living in wooden houses that
are just a few walls and doors that can be very easily breached by a motivated attacker.
Now one of the other things that really plays into the offensive and defensive scenarios
here is that what we've done is we've created these digital bearer assets, and so the properties
of the system that are making it very easy for you to secure and keep from having third
parties take it from you are also making it very easy for the third parties who do manage
to take it from you to secure it and make it impossible for you to get it back.
So taking control of your assets becomes a very important aspect of this because there's
no take backs if you screw up.
On the other hand, there's kind of this communal immunity that I see forming here where we're
starting to see more physical attacks happen against people who are publicly owning crypto
assets, and I believe that these types of attacks are actually going to continue to
accelerate as long as the attackers are successful.
There are people out there who don't know about these assets but are willing to do things
in order to get them if they realize that it's very easy to get a large amount of value.
So the more of us who fail to defend our assets from physical attacks and even digital attacks,
I think the more that is going to invite more attackers to come into the system.
So if we can show a sort of collective immunity by strengthening our defenses collectively,
I think it will be good for everyone.
Now we have this question, what is the logic of violence?
I think that for all of us, understanding why we're in a position and where we need
to pay attention to this is important, and we won't talk about this enough.
So we're going to start with asking what this term logic of violence actually means, and
logic of violence is just the payoff structure of using violence to achieve a goal.
If there's a payoff, if the cost is low and the payoff or the result is high to using
violence, then someone's going to use it.
If, on the other hand, the cost is extremely high to use violence and the end payoff is
low, they're not going to use it.
So understanding the logic of violence and when it's used and why is important across
the board of questions and topics of security.
So how many of you have read Sovereign Individual, I'm going to jump so we walk around a little
bit.
How many of you have read Sovereign Individual?
Anybody?
Okay.
We have a few.
We have a few.
This is a book that came out well over a decade ago, it's gotten a quarter of a number of
times publicly around the cryptocurrency space, but it is an important read, it covers a lot
around this idea of individuals using technology, finally being able to become sovereign, to
have more control over their lives, where historically we haven't been able to do that.
There are a few key principles in this book that are relevant to discussion today, namely
Naval has summarized very succinctly in a tweet storm around the core thesis with Sovereign
Individual and some of the key principles.
So here he says the logic of violence determines the structure of society.
The payoff matrix that we were talking about around whether you should use violence or
not actually structures how a civilization and how society is ordered.
It's easier to take and create.
Social structure emerges from the predator-prey relationship between makers and takers.
You can start to group whole ages by this principle of looking at the logic of violence
and what the logic of violence was at the given time, and there are several ages that
are discussed in that book, and then we're further elucidated by Naval, and I've added
a couple other notes here.
So a hunter-gatherer age is ruled by tribes, no land, no possessions, you're fighting with
axes and spears, agricultural age, you now have agriculture as a technology, land and
possessions emerge, it's harder to defend because you have all this in one central place,
feudal lords run protection racket, and you have a hierarchical society, it's run by kings
and queens.
An industrial age is ruled by a nation state, by a larger army, vulnerable factories that
are these massive production mechanisms require a consolidation of power to maintain the production
process and maintain the control process, so you end up with a nation state with large
armies.
In the nuclear age, you now have to rule by superpowers, anybody that has a nuclear bomb
gets to make some rules, right?
So nuclear weapons create a mutually-assured destruction, and large-scale peace, small-scale
war.
We're coming out of that age, and there is some overlap between these, but even with
the whole North Korea situation, the big discussion is around them denuclearizing, that is an
effect and that is an important power piece in our current age.
Now we're entering the information age, we've been there, and this age is expanding, and
this brings a massive shift in both the costs and returns of violence, that logic of violence
that we were talking about.
In the information age, guns are easy to print, you have connected cameras that are everywhere
so you can record everything.
This results in a fourth generation of warfare, psychological warfare, the battle lines more
is not just the front lines, where you end up seeing, you know, with guns and bullets
and tanks, etc.
You actually have psychological warfare from Russia or from any of these other countries
that are attacking via Facebook or via Twitter, via bots, right?
So it's a different world.
You also have drones, and they change links to different battles in several ways, virtual
reality.
But the one I want to focus on here is the Bitcoin and cryptocurrencies, they make it
difficult to seize wealth.
This is something that's never been true before in human history, is the idea that using Bitcoin
and cryptocurrencies, it is now possible to have much tighter control of wealth, and you
have this asymmetry in terms of the power and the ability to defend your own wealth.
With that, with cryptographic private keys, defending wealth is now much easier than attacking
wealth, so there is an asymmetry there.
But to gain, or to be able to use this asymmetry, you have to actually control the private keys.
You also have your reversible transactions, and that further raises the stakes of what
we're talking about because if someone does gain access to your funds, and they transfer
your funds, you're never getting them back.
We've seen numerous cases where people have had funds stolen, they end up tracking down
the attacker, and they're only able to somehow get or force the reverse transfer of a small
portion of the funds.
Even if you find the attacker three good times, you're not able to recover the funds.
So this raises the stakes.
The other piece of this is it's easy to transport funds now, but that also makes it easy to
steal.
A cryptographic party, even like a bank, could put you at risk because the incentives are
now such that a bank manager with access to private keys, if they're the only way that
you can gain access to those funds, a bank manager with private keys can walk out of
a bank and take all of the client's money.
And no one would know.
He can do it very simply, just walk out and just have it in a USB stick in his pocket.
Again, this has never before happened in history that it's possible to loot wealth like this,
but the good news is that it's never been possible before in history to defend wealth
like this, if you're careful.
So control should be pushed to the edges.
It should be in control of the users.
That's how the system was defined originally, meaning that users actually manage their keys
directly.
So the security landscape today is changing very quickly, but there are some things that
remain generally the same.
And in terms of attacks and defenses, there are a few major classes of attacks and defenses,
and there's usually pretty straightforward ways that you can mitigate certain attacks.
I mean, in the crypto space, getting hacked on a hot wallet is definitely the riskiest
thing.
So what we do in many cases is we just pull that private key data off of internet-connected
devices, and we either have it on a hardware device that's on the internet or represented
on paper or steel or really any type of medium that can contain the data in a fairly secure
way.
With physical disaster, this is something that I think not many people really think
about because they're not IT folks and they don't really think about redundant storage
or whatever.
Social engineering is the ever-prevalent problem, and that is really one thing that requires
user education and just to try to keep people from being too gullible.
And then collusion is something where you would have to worry about mainly if you have
trust in third parties, is that now they could potentially collude against you.
So it's important to minimize trust whenever possible.
So Jeremy talked a bit about the asymmetric pieces of defense and attack, and if you look
just around society as we have built it today, a lot of the things we've built are quite
fragile.
At least in America, in modern first world countries, we tend to favor fast, disposable,
cheap things over slow, robust, and expensive things.
The result is that it often ends up being far cheaper to destroy than to create.
So on the left there you see you can have a hundred thousand or multi-million dollar
home that could be wiped out with a single well-placed match that only costs a few pennies.
Or in an even worse example, you can look at World Trade Center cost well over a billion
dollars in today's money to build.
It was a symbol of America's economic might, but it was brought down at less than a tenth
of a percent of the cost that it took to construct it.
So this is what we're talking about with the asymmetry of attack and defense.
Crypto thankfully reverses that, and it makes defense much cheaper and attack much more
expensive.
So if we're thinking about this idea of crypto castles, you can actually think of air gaps
as a moat, where you're taking those keys offline and now hackers can't get across this
gap.
There's no internet connection for them to get to the private keys.
We like to think of the strong cryptography and multi-signature aspects as the stone walls
we're building foundations on top of with the applications that we're building.
And then at CASA, we're using hardware key management devices as the portcullis or the
gate, where even if you do get across that gap, if you don't have the pin or the password
to get into the hardware device, then you're effectively cut off at that point.
And then within CASA itself, the software we're building, we're basically building management
software to manage all of your crypto castle.
We're building in alarms that could act like draw bridges to also gain away the ability
for someone to further get into your defenses.
And we are setting up various automated alerts as watchtower mechanisms that can help shut
off your wallet if anyone starts to degrade aspects of it.
So crypto castles, we're trying to make them easier.
We're trying to build homes.
We're not trying to build bunkers.
And we want to bring and offer the security specialization of banks without being banks
ourselves.
And we are leveraging the expertise that we've gained over our years in the industry, seeing
many different types of attacks, many different types of failures.
And we're trying to bake that all into the software itself so that our users don't have
to spend days, weeks, months, years educating themselves, but rather the software will have
the best practices and the education built into it.
Back to the principle you were mentioning before too, this is about community.
By us helping everyone else become stronger with your own funds, we all as a community
become stronger.
The only way that we're going to get out of the world to where we're dependent on massive
third parties, on these massive companies or states is by working together as a community.
And so that is a really important point around we can take some of the lessons that we learned
and we want to send them out to you, but it still requires you to do a lot of management
yourself.
So with that, we're going to jump through a couple of points, just what is CASA in context
of this broader theme?
CASA is the best personal key system on the planet, but why do we call it that?
Well, we have an actual list, full control, full service, minimize theft risk, accident
and disaster recovery, and end of life transfers.
If there's a system that can manage all of those things, then it's the best personal
key system on the planet.
This is our dream.
This is the list that we want for all of our family members and friends.
And so further, the way this works is it's a multi-signature, multi-location, multi-device
model.
It's a little grayed out.
You can't see all of it there, but the idea here is that you have five keys.
One key is stored on your phone device.
One key is on a treasurer ledger at home.
One is in a bank on a treasurer ledger, and one is at say an office or another bank on
a treasurer ledger.
And the final key is one that CASA holds that we have as an emergency recovery key, because
it's only one out of five, and you need three total out of the five to actually sign it.
We can never access your funds.
We can't do anything with your account.
But in the case where there was a fire that hit your home and wiped out two of your keys,
or there was a theft, we would help you, we would be able to help you regenerate your
full key set of five.
Another important piece of this puzzle though is not just the actual technical capabilities
of the system.
It's the actual design and usability of the system.
So say below key shield.
This is the way that you can monitor your keys and visually understand very, very quickly
whether you're at risk or not.
In the middle case, it's on the far left case or the far right case, you're fully green.
Everything's up.
All your keys are working.
In the middle case, one is down.
So it's, you need to be aware.
And the far case on the red case, two of your keys are down, it's an emergency scenario.
We are going to be assisting you in helping you regenerate your key shield there.
Today we are live on Bitcoin mainnet.
It's a 24 set of premium service.
It's $10,000 per year, mostly targeted at high net worth individuals and family offices.
This is a premium price point, but the whole goal is for us to use everything we're learning
in this process to then take and take the lessons and build products for the mass that's
around multi-sig and around more secure management of keys.
So Q2, Q3, Q4, we've got Ethereum coming, ERC-20 support, CATS, for all of you crypto
kiddies fans.
Litecoin, Zcash, Monero, Stacks, alternate key schemes, there's a lot coming.
So that, we want to ask you all to start building your crypto castles.
And whether you're working with us, whether you're working independently, there's lots
of open source software projects around this, just start thinking about how you're going
to build your crypto castle.
And finally, we just have a couple, if you do want to sign up, if you want to follow
us, if you have any questions, here's some info here, and I think we're going to get
into a little Q&A right now, but.
Okay.
We got a question?
Okay.
Let's start with the first one.
If we can grab the lights, so Dave, you guys can go get them.
Can you talk about the end-of-life transfer, how I got the power of attorney built into
there, and who are the banks that are already working with you all?
Who are the banks that are sufficient in doing something like that, that they can hold one
of the keys?
Sure.
Yeah, so the way it works, there's two questions about it there, one, the banks, and then the
actual end-of-life.
I'm going to start with the banks, so that's a quicker answer.
We are not partnered directly with any one bank.
You have the relationships with your bankers, with your private bankers, with your regional
bank, and you open a safety deposit box.
Now, normally, we wouldn't recommend that you put a treasure or a ledger, a single key
in a safety deposit box, if that's the only key that's going to give you access to your
funds, because that's a risk.
That was one of the cases where we said that a bank manager could walk out with the funds
of the entire device, and you wouldn't be able to access them.
With multi-sig, it's okay, because your keys are spread out across multiple locations.
So even if one bank manager were to take one key, you still have four other keys you can
recover with.
So the answer is that you set up a safety deposit box at whatever your regular regional
bank is.
We actually don't even want to know where that bank is, what that bank is.
That is actually a security risk.
So we try to minimize knowledge of our customer setups as much as possible.
We give you the tools, and then you would set that up.
Second question is around the end of life, how that works.
It works very similarly to a bank and to a safety deposit box.
With Power of Attorney, you come in, you sign the paperwork, and then we hand over the key
to a spouse or to an attorney, whoever is referred, in the case of a death certificate,
end of life.
Very similar process to how you can get access to funds or a safety deposit box at end of
life.
When we say bank, we just mean secure location.
It could very easily mean trusted friend or family.
Okay, got another question right here.
What do you guys think about building castles around the exchanges, which are security risks?
I worked at Bitco for three years doing back-end development, and Bitco was primarily servicing
exchanges.
Exchanges have one of the greatest challenges of anyone in this space, because they have
to operate automated hot walls.
So really what you have to do there is just a lot of risk management, which mainly is
going to involve keeping the vast majority of those funds offline.
Keeping them in a CASA-like solution with multi-SIG and multiple devices in multiple
locations is the way to go.
Then managing the hot walls themselves, though, is an entire other ball of yarn, which we
are not trying to address with this specific product.
We someday anticipate also having various hot wallets that will be hardware-backed.
But these are very different classes of problems, and the solution that we're putting out right
now would be best used for the cold storage side.
There are some excellent companies that specialize in securing exchanges like BitGo.
If that is the end goal, it's best to speak with one of those companies.
Our specific solution and all of our designs are created for the end user, for the end
consumer, to create the easiest system for, again, you to build your own crypto castle
around your personal home.
Okay.
Raise your hand.
Anybody have a question?
All right.
We've got another one back here.
So with the app, there's a good circle and five.
One of your keys was, I guess, in date here, remember?
But if they're offline and cold storage, how does that know if one is?
Yeah.
That's a great question.
So the answer there is that only two of those keys are technically going to be accessible
to some level of computers, and that's going to be the one that's on your phone, or two
network access.
So it's the one on your phone and then the one that would be on our servers signed by
CAS's servers.
On those two, we can access or we can test uptime.
On the other three, there are regular checks, so we ping you to do regular checks on your
own devices.
That's nothing that we see.
You go to your specific locations, and once a month or once a quarter, you'll pick whatever
or maybe once a week if you want.
You will go to that location.
You'll sign with the device.
You'll make sure it's working.
One thing a lot of people are not aware of right now or are not thinking about is what's
called bit rot.
So how many of you have had an iPhone or other device that just crapped out, just stopped
working?
Now think about storing 500k, a million dollars, two million dollars on a single device and
then having the same problem.
Trezor and Ledger, they're both phenomenal products, but these are just the realities
of building electronics.
So what we're trying to do is create an automated system so that you can go through and test
your hardware devices regularly.
Then if you do have a problem, it's easy to flag the device in the app.
Then we can help you get a new device, set it up fast.
We are all about rapid response.
That's why it's 24-7 service.
That's why it's expensive, right?
Because it is 24-7.
If you call us, we're going to answer in two or three rings.
It's not going into a queue.
You'll have a direct rep, right?
But the idea there is that for the offline pieces, you are going to have to do some radio
testing yourself.
We can just help you with tracking that, logging that, and seeing if this is in the process.
That's basically what we're talking about when we're saying taking best practices and
actually putting them into the software so that it's not that the user has to understand
all of these things.
We're going to nag you if you're not following the best practices.
Okay, we've got one last question there, and then I know everybody.
We've got two quick announcements before our last question.
Somebody did lose a tan wallet, so if you found one, please see the office on the stairs.
Tan wallet, if you found one, please let us know.
And then on your way out, you'll be able to pick up your drink tickets in the bar section.
So last question.
So I guess one of the questions with the system is what would you consider to be the weakest
link within it?
And would you suggest something such as 2FA and also a custodian as well as a way to kind
of help to strengthen the system for the individual providing more comfort when utilizing the
cost?
The weakest link is always going to be the humans because even within a system like this
where we're providing a lot of guidance, we can't force the user to do anything.
The user could do something stupid and put all of their devices in one location and then
some sort of catastrophe happens or theft happens, and there's nothing we can do.
So there are always going to be potential loss scenarios, especially if the user is
not following guidance.
But this is also another reason why this is starting out as a more boutique solution is
that we are basically holding the user's hands as much as possible in trying to guide them
in the right direction, but at the end of the day, we can't force anyone to do anything.
This is also why we're talking about self-defense, why we're talking about self-responsibility.
We think that in the early days of the Bitcoin space, cryptocurrency space, a lot of companies
bypassed the personal responsibility angle, and rightly so because people were just learning
about these technologies.
But now that people know about it, we need to push to the edge of maximum control, maximum
security, and really understanding the real risks.
The way it tells you that another solution doesn't have risks is lying to you.
It's all a question of kind of where the control is.
And so we're trying to put the most control in the hands of the end user while providing
maximum support, 24-7 support, good design, great products to assist you in running your
life and building your crypto castle and operating it.
But the reality is that there are always going to be risks.
The best we can do is give you all the best practices so that you're personally prepared.
And you did ask about 2FA, and while we're not supporting, like, TOTP or UTF 2FA, the
phone app itself will support biometric, like fingerprint, authentication for the sensitive
actions.
But really, the most important aspect of all of this is having geographically separated
hardware devices, and each of those hardware devices requires a 10.
So that is kind of another 2FA on its own.
And I'm going to make one last recommendation as we wrap up with that in mind, is everyone
here should call their telecom company, Verizon, AT&T, whoever it is, and ask them to change
your account so that it requires you to come into the actual office with three forms of
ID, not two, but three forms of ID, and also specify a specific office close to your house
or at least within your city.
The reason why we're suggesting this, you were asked about 2FA, so I wanted to point
this out, is that there was, for a while, a lot of systems were using a text message
based system where they would send you a second factor code that you would give you a text
message.
We're now seeing a ton.
This is not all public.
We see a lot of them privately.
I just saw another one last week where someone internally is somehow infiltrating some of
these telecom companies and is systematically going through and swapping out phone numbers.
They swap your phone, they log into your Gmail, they get access, and then they start trying
to hit all of your exchange accounts, hot wallets, all kinds of stuff, even like Amazon
accounts, bank accounts, anything.
The way to protect yourself is to move off of text message based, kind of two factor
off, but the other way to protect yourself to prevent the phone number transfers in general
is to ask for this kind of free ID set up, and we're recommending that to everyone to
do that because we've seen it, we keep seeing it across the board, and people thought they
were protected even by two IDs.
People have shown up in person with two IDs, with fake IDs, and still manage to move their
phone number.
You still should not trust the phone company anyway because they can still pull them against
you.
At the end of the day, no one is fully safe.
That's 10 for you.
Thank you.
All right.
Thank you.