Introducing Marty Hench: An Anti-Finance Finance Thriller

With just days to my next novel, *Red Team Blues*, I'm taking the chance to serialize the first chapter of this anti-finance finance thriller, and introduce you to Marty Hench, a 67-year-old forensic accountant who specializes in Silicon Valley finance scams.

1/ pic.twitter.com/ViE8fGY60g

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on https://t.co/iSBh8srvly, my surveillance-free, ad-free, tracker-free blog:https://t.co/xt4jV1cluC

2/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Marty is ready to retire, but there's just one more job he has to do - recover a billion dollars' worth of cryptographic keys that are claimed by money-launderers, narcos, and shady US three letter agencies.

3/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Here's the previous installments:

Part one:https://t.co/AFkT2nILC8

Part two:https://t.co/QrS7wUa05L

4/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Here's where US readers can pre-order the book:https://t.co/fnfbGtfB60

Here's pre-orders for Canadians:https://t.co/A6cF4qote2

And for readers in the UK and the rest of the Commonwealth:https://t.co/MqNXkxHcrW
5/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

And now, here's today's serial installment:

I grunted noncommittally. Danny had been around since *crypto* meant “cryptography,” and I hadn’t figured him to become one of these blockchain hustlers.

6/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

They’re the kind of smart people who outsmart themselves, especially when it comes to shenanigans, forgetting that their public ledger is *public* and all their transactions are visible to the whole world forever.

7/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Forensic accounting never had a better friend than crypto, with its mix of public ledgers, deluded masters of the universe, and suckers pumping billions into the system. It was full employment for me and my competitors until crypto's carbon footprint made Earth uninhabitable.

8/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“There are certain technical differences between Trustless and other coins. Will you allow me to explain them to you? I promise it’s germane and I’m not trying to sell you anything.” “Aw, hell, Danny, you can tell me anything. I just get sick of being hustled.”

9/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Me, too, pal. Okay, if you mentioned distributed sudoku puzzles, you know something about proof of work: the way blockchain maintains the integrity of its ledger is by having everyone in the system repeatedly do compute work that reaffirms all the entries in the ledger.

10/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"So long as the value of all the assets in the ledger is less than the electricity bill for taking over the majority of the compute work, they’re safe.”

11/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“That means that the more valuable all this blockchain stuff becomes, the more coal they have to burn to keep it all from being stolen,” I said.

12/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

It was something I’d almost said to the bros at dinner the night before, but I didn’t want an argument to distract from the otherwise lovely time I’d been having with my entirely lovely companion.

13/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“That’s fair,” he said. “That’s what every greenie who hasn’t received a couple of mil in donations from surprised crypto-millionaires will tell you.

14/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

But, Marty, that’s a problem with proof of work, not with distributed ledgers. If you could build a blockchain that had a negligible carbon budget, you could do a lot with it.”

15/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Launder money. Badly.”

“That,” he said. “Lot of Chinese entrepreneurs and officials are anxious to beat currency controls. But it’s not just money, it’s anything you want to have universally available, unfalsifiable, and cryptographically secured.”

16/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Laundered money.”

He made a face. “Cynic. Not laundered money. Genocide-­proof ID. Cryptographically secured, write-­only manifests of a person’s identifiers, including nationality, vitals, and ethnic group, but each one has its own key, held by the Blue Helmets.

17/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"You get to a border and you present your biometrics, and the UN tells the border guards your nationality but not your ethnicity.”

18/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Fanciful.”

“Cynic! Yeah, fine, no one’s doing it yet, but we could. All that blockchain for good shit that the hucksters talked up to make it sound like proof of work wasn’t a crime against humanity. Trust­ lesscoin lets you do them because it doesn’t need the sudoku.”

19/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

I dredged up memories of half-­digested podcasts I’d listened to on the road. “Is it a proof-­of-­stake thing?”

He snorted. “Don’t try to sound smart, Marty, you’ll sprain something. No, it’s secure enclaves.

20/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

That crypto-­sub-­processor in your iPhone that Apple uses to keep you from switching to another app store? It can run code. What’s more, it can sign the output.

21/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

So we can send you a program and check to see whether it ran as intended, because we know that the owner of a phone can’t override the secure enclave.

22/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Far as Apple’s concerned, iPhone owners are the enemy, and their threat model treats the device owner as an adversary—­as someone who might get apps someplace that doesn’t kick a 15-30% vigorish up to Apple for every transaction, depriving its shareholders of their rake.

23/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Any device with a secure enclave or other trusted computing module is a device that treats its owner as the enemy. That’s a device we need, because when you’re in the Trustlesscoin network, that device will defend me from you, and you from me.

24/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"I don’t have to trust you, I just have to trust that you can’t break into your own phone, which is to say that I have to trust that Apple’s engineers did their job correctly, and well, you know, they’ve got a pretty good track record, Marty.”

25/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Except?”

He finished his lemonade and scowled at the reusable straw.

“Yeah, except. Look, Trustlesscoin is on track to become the standard public ledger for the world.

26/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"I know, I know, every founder talks that ‘make a dent in the universe’ crap, but I mean it. You want to know how serious I am about this? I took in outside capital.”

27/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

He let me sit with that a moment. Danny Lazer, the man who ate ramen in a twenty-­year-­old, bent-­axle RV for decades with the love of his life so he’d never have to take a nickel from any of those bloodsuckers on Sand Hill Road, and he took in outside capital.

28/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

Danny Lazer, a man who’d owned 75 percent of a unicorn, which is to say, seven-­point-­five-­times-­ten-­to-­the-­eight U.S. American Greenback Simoleon Dollars, and he took in outside capital.

“Why? And also, *what for*?”

29/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

He laughed. “Watching you work out a problem is like watching a bulldog chew a wasp, brother. You’ve got a hell of a poker face, but when you start overclocking the old CPU, it just melts. I’ll tell you why and what for.

30/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“First of all, I wanted to create something for Sethu. She’s never had the chance to live up to her potential. She’s *smart*, Marty, smart like Galit was, but she’s also technical, and managerial, and just *born* to run things.

31/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

I’ve never met a better candidate for a CEO than she is. And I’m not young, you know that, and there’s going to be a long time after I’m dead when she’ll still be in her prime, and I wanted to make something she could grow into and grow around her.

32/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“I’d been playing with the idea behind Trustless since the 2000s, when Microsoft released its first Trusted Computing papers, all the way back in the Palladium days! So Sethu and I hung up a whiteboard in the guest room and started spending a couple of hours a day in there.

33/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"I didn’t want to bring in anyone else at first, first because it seemed like a hobby and not a business, and hell, every cryptographer I know is working seventy-hour weeks as it is.

34/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Then I didn’t want to bring in anyone else because I got a sense of how big this damned thing is. I mean, there’s about two trillion in assets in the blockchain today, and that’s with all the stupid friction of proof-­of-­work.

35/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"When we lift the shackles off of it, whoosh, we’re talking about a ledger that will encompass more assets than the total balance sheets of twenty or thirty of the smallest UN members . . . ​combined.

36/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“You know me, Marty. I don’t believe in much, but when I do believe in something, I’m all in. All. In. And so I brought some people in.”

37/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“What for, though? Danny, how much of your Keypairs jackpot did you manage to blow? How much money could you possibly need, and for what? Are you building your own chip foundry? Buying a country?”

38/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“We actually thought of doing both of those things, you know, but decided we didn’t need the headaches. The Keypairs money’s only grown since I cashed out, thanks to the bull runs. I can’t spend it all, won’t be able to.

39/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"It would sicken me to try, because I’d have to be so wasteful to even make a dent in it.

“The reason I went for outside capital wasn’t money, it was connections.”

40/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

I groaned. Every grifter in private equity and VC-­land claimed that they had “connections” that represented value add for their portfolio companies.

41/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

The social butterfly market was implausible on its face, and in practice, it was just a way of turning cocktail parties into a business expense. “Come on, Danny, you know people already.”

42/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Not these people.” And he did the thing. He looked from side to side, up and down. He turned off his phone and held his hand out for mine and carried them both to the little step next to the water feature and set them down on it so they’d be in the white-noise zone.

43/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

He came back, looked around again. “I got signing keys for four of the most commonly deployed secure enclaves.” He looked around *again*.

44/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“I think I know what that means, Danny, but maybe you could spell it out? I’m just a dumb old accountant, not a cryptographic legend like yourself. And for God’s sake, stop looking around. I’ll let you know if I see anyone sneaking up on us.”

45/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Sorry, sorry. Okay. The secure enclave gets a program, runs it, and signs the output. The secure enclave’s little toy operating system says that it does this reliably and without exception. You see a signature on a program’s output, you know the program produced it.

46/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"That toy OS, it’s simple. Stupid. Brutal. Does about six things, very well, and nothing else. You can’t change that program. Secure enclaves are designed to be non-­serviceable. Even taking them off the mainboard wrecks them.

47/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"You get them into a lab and decap them and hit them with an electron-­tunneling microscope, you still won’t be able to recover the signing keys or force a false sig.

48/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“But if you have the signing keys? You can just simulate a secure enclave on any computer. Then you can run any operating system you want on it, including one that will forge signatures. You do that, and you can *falsify the ledger*.

49/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"You can move unlimited sums from any part of the balance sheet to your part of the balance sheet. You can jackpot the whole fucking thing.”

50/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

I blew out air. “Well, that seems like a defect in the system, all right.”

“It can’t be helped. We call it Trustless, but there’s always some trust in a system like this. You’re not trusting the other users of the system or the company that made the software.

51/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

You’re trusting that a couple of leading manufacturers of cryptographic coprocessors and sub-­processors, companies with decades of experience, will maintain operational security and not lose control of the keys that their entire business...

52/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"—­and the entire business of all their customers and their customers’ customers—­are dependent upon. You’re not trusting the other users, but you’re trusting them.”

53/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“And yet,” I said, looking over at Sethu, who was painting away and performing an excellent simulation of someone who wasn’t eavesdropping, “you found someone willing to sell you some of those keys.”

54/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Yes,” he said and gave me a calm, no-­bullshit, eye-­to-­eye stare. “I did. It’s useful to have those, especially when you’re first kicking a new cryptocurrency around.

55/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"You make a smart contract with a bad line of code in it, you create a bug bounty with an unlimited payout. So in the early days, when you’re figuring this stuff out, you do a little ledger rewriting.”

56/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“You do rewriting on a read-­only ledger that no one is ever supposed to rewrite.”

He rolled his eyes. “Ethereum did it early on, moved fifty mil in stolen payout from a bad smart contract out of the crook’s account and back into the mark’s account.

57/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"No one made too much of a fuss. I mean, the immutable ledger sounds like a great idea until someone no stupider than you gets taken for fifty mil, and then rewriting the ledger is just sound fiscal policy in service to fundamental justice.”

58/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“But Ethereum told everyone they were doing it. Sounds like you did it all on the down low?”

“We were early. No one was even paying attention. All we wanted was a ledger whose early entries weren’t an eternal monument to my stupid mistakes as I climbed the learning curve.”

59/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Fine. Vain, but fine. Still, getting those keys meant a lot of power for a little reputation laundering.”

He sighed and looked away. “Yeah. The thing is, I’m not the only one who makes mistakes. We are aiming for trillions secured on our chain. Trillions, Marty.

60/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"Ten to the twelve. It’s an unforgiving medium, and the stakes are high. The Ethereum lesson was clear: a couple of divide-­by-­zeros or fence post errors, a single badly typed variable or buffer overrun, and the whole thing could sink.

61/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

"I needed an eraser. Not on day zero but well before I attained liftoff.”

“Every hacker builds in a back door, huh?”

“Don’t call it that. Call it an Undo button.”

62/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023

“Okay, then. An Undo button in a system whose cryptography is supposed to prevent undo at all costs. But not a back door.”

63/

— Cory Doctorow (@pluralistic@mamot.fr) (@doctorow) April 19, 2023