WEBVTT

00:00:20.160 --> 00:00:28.000
<v Daina Bouquin>Every night for over seven hundred years, the exact same thing has happened at the Tower of London.

00:00:28.000 --> 00:00:34.240
<v Daina Bouquin>In the dark, the chief yeoman warder walks to the outer gates.

00:00:34.240 --> 00:00:38.560
<v Daina Bouquin>Challenges are called out into the night air.

00:00:38.560 --> 00:00:41.119
<v Daina Bouquin>Passwords are exchanged.

00:00:41.119 --> 00:00:46.880
<v Daina Bouquin>The heavy wooden doors are locked, and the keys are secured until morning.

00:00:46.880 --> 00:00:49.679
<v Daina Bouquin>It has happened through plagues.

00:00:49.679 --> 00:00:53.679
<v Daina Bouquin>It has happened while bombs fell during the Blitz.

00:00:53.679 --> 00:00:57.920
<v Daina Bouquin>The ritual has never been skipped.

00:00:57.920 --> 00:01:03.520
<v Daina Bouquin>We do this because humans have always understood something about security.

00:01:03.520 --> 00:01:12.799
<v Daina Bouquin>Certain things require a ritual, not just because the ritual makes us safe, but because it makes trust visible.

00:01:12.799 --> 00:01:21.680
<v Daina Bouquin>Back in 2008, a security researcher named Dan Kaminsky realized that the internet's core directory was unprotected.

00:01:21.680 --> 00:01:31.760
<v Daina Bouquin>It was a well without a lid, vulnerable to anyone who wanted to secretly poison the water and redirect the world's digital traffic.

00:01:31.760 --> 00:01:40.879
<v Daina Bouquin>He forced the architects of the web to build a heavy cryptographic lid to protect the directory from poisoning.

00:01:40.879 --> 00:01:44.719
<v Daina Bouquin>A master key to lock the internet's route.

00:01:44.719 --> 00:01:48.640
<v Daina Bouquin>That story is its own episode and it's worth your time.

00:01:48.640 --> 00:01:55.519
<v Daina Bouquin>But a master key creates a new terrifying problem.

00:01:55.519 --> 00:02:00.079
<v Daina Bouquin>If you give it to one person, they become a target.

00:02:00.079 --> 00:02:05.519
<v Daina Bouquin>If you give it to a single government, it becomes a weapon of politics.

00:02:05.519 --> 00:02:11.120
<v Daina Bouquin>So they broke the key apart and scattered the fragments.

00:02:11.120 --> 00:02:17.599
<v Daina Bouquin>I'm Daina Bouquin, and this is Lore in the Machine.

00:02:17.599 --> 00:02:26.639
<v Daina Bouquin>There are only 14 people in the world who hold the title crypto officer.

00:02:26.639 --> 00:02:29.840
<v Daina Bouquin>They are not spies or government agents.

00:02:29.840 --> 00:02:45.840
<v Daina Bouquin>They are trusted volunteers, like Swedish internet expert Anne-Marie Eklund Löwinder, who stored a piece of the key on a long metal chain inside a wooden puzzle box with a hidden lock.

00:02:45.840 --> 00:02:49.360
<v Daina Bouquin>Her son made the box in his workshop.

00:02:49.360 --> 00:02:52.000
<v Daina Bouquin>He also made furniture.

00:02:52.000 --> 00:03:06.159
<v Daina Bouquin>Four times a year, a handful of crypto officers pack their bags, get on airplanes, and travel to a secure facility in either Culpeper, Virginia, or El Segundo, California.

00:03:06.159 --> 00:03:09.840
<v Daina Bouquin>They go there to perform a ritual.

00:03:09.840 --> 00:03:22.000
<v Daina Bouquin>If you were to dream up a ritual to protect the global internet, you might imagine a sci-fi fortress, an unassailable tower with an arsenal.

00:03:22.000 --> 00:03:24.800
<v Daina Bouquin>But the reality is much stranger.

00:03:24.800 --> 00:03:32.240
<v Daina Bouquin>It is a bureaucratic fever dream pieced together from mathematics, paranoia, and plastic.

00:03:32.240 --> 00:03:36.960
<v Daina Bouquin>Imagine walking into the El Segundo facility.

00:03:36.960 --> 00:03:40.240
<v Daina Bouquin>The walls are beige and unremarkable.

00:03:40.240 --> 00:03:43.120
<v Daina Bouquin>You hand over your government ID.

00:03:43.120 --> 00:03:47.280
<v Daina Bouquin>Your bag is searched and you are given a badge.

00:03:47.280 --> 00:03:49.680
<v Daina Bouquin>Then you enter a man trap.

00:03:50.319 --> 00:03:53.840
<v Daina Bouquin>It's a small room with doors at both ends.

00:03:53.840 --> 00:03:56.960
<v Daina Bouquin>Only one door can open at a time.

00:03:56.960 --> 00:04:01.120
<v Daina Bouquin>To get through, you need a pin, a card, and your hand.

00:04:01.120 --> 00:04:04.080
<v Daina Bouquin>To exit, you need them again.

00:04:04.080 --> 00:04:09.360
<v Daina Bouquin>Now you wait in a sterile space where lunch is being served.

00:04:09.360 --> 00:04:12.879
<v Daina Bouquin>It looks like a doctor's waiting room.

00:04:12.879 --> 00:04:16.319
<v Daina Bouquin>But it has an Atari arcade machine.

00:04:16.319 --> 00:04:27.199
<v Daina Bouquin>The people who designed this ceremony actually wrote a 5% "dishonesty rate" into its mathematical specifications.

00:04:27.199 --> 00:04:38.720
<v Daina Bouquin>There are over 100 highly scripted actions, and the entire system is built on the assumption that someone in this room is secretly a traitor.

00:04:38.720 --> 00:04:43.519
<v Daina Bouquin>When it's time, the ceremony begins.

00:04:43.519 --> 00:04:50.800
<v Daina Bouquin>There are no passwords exchanged at the door, no challenges called out into the air.

00:04:50.800 --> 00:04:54.560
<v Daina Bouquin>It's more like a heist movie run in reverse.

00:04:54.560 --> 00:05:03.199
<v Daina Bouquin>To enter the hallway, a staff member swipes an access card and presses their palm against a scanner.

00:05:03.199 --> 00:05:10.000
<v Daina Bouquin>To enter the main room, they lean into the red glow of a retina scanner.

00:05:10.000 --> 00:05:23.759
<v Daina Bouquin>When the heavy door clicks shut behind you, you are standing inside a Faraday cage, an enclosure that shields its interior from external electric fields and electromagnetic radiation.

00:05:23.759 --> 00:05:27.519
<v Daina Bouquin>The entire room is completely signal proof.

00:05:27.519 --> 00:05:30.079
<v Daina Bouquin>Nothing can enter or leave.

00:05:30.079 --> 00:05:37.839
<v Daina Bouquin>Inside this room, there is a large metal cage containing two heavy safes.

00:05:37.839 --> 00:05:45.199
<v Daina Bouquin>Once the safe controllers are brought in, the steel door of the first safe is pulled open.

00:05:45.199 --> 00:05:54.160
<v Daina Bouquin>Inside are safe deposit boxes, each requiring two physical metal keys to be turned at the exact same time.

00:05:54.160 --> 00:05:57.519
<v Daina Bouquin>Inside the box is a smart card.

00:05:57.519 --> 00:06:03.680
<v Daina Bouquin>It rests in a hard plastic case, sealed inside a tamper evident bag.

00:06:03.680 --> 00:06:06.720
<v Daina Bouquin>The plastic case was added to the ceremony.

00:06:06.720 --> 00:06:16.399
<v Daina Bouquin>After someone realized that a phantom thief could theoretically slip a microscopic needle through the plastic bag to manipulate the card without leaving a tear.

00:06:16.399 --> 00:06:20.240
<v Daina Bouquin>The second safe is opened next.

00:06:20.240 --> 00:06:23.519
<v Daina Bouquin>Inside is the master lockbox.

00:06:23.519 --> 00:06:26.079
<v Daina Bouquin>It is designed to self-destruct.

00:06:26.079 --> 00:06:34.720
<v Daina Bouquin>If someone tries to cut it, freeze it, heat it, or even shake it too hard, it will instantly wipe its own memory.

00:06:34.720 --> 00:06:37.279
<v Daina Bouquin>Next to it is a laptop.

00:06:37.279 --> 00:06:39.759
<v Daina Bouquin>This laptop has no hard drive.

00:06:39.759 --> 00:06:41.680
<v Daina Bouquin>It has no battery.

00:06:41.680 --> 00:06:44.399
<v Daina Bouquin>It has no memory of its own.

00:06:44.399 --> 00:06:50.240
<v Daina Bouquin>It's completely air gapped, ensuring the master key can never ever touch the internet.

00:06:50.240 --> 00:06:55.199
<v Daina Bouquin>It doesn't even have a tiny backup battery to keep its internal clock running.

00:06:55.199 --> 00:07:05.519
<v Daina Bouquin>When it's plugged into the wall, the time has to be set manually using an isolated drifting wall clock that has been hanging in the room for over a decade.

00:07:05.519 --> 00:07:18.240
<v Daina Bouquin>The ceremony script actually refers to this clock as the quote, "reasonably accurate clock visible to all in Tier 4 (Key Ceremony Room)".

00:07:18.240 --> 00:07:24.800
<v Daina Bouquin>These are hyper serious security measures that border on hallucination.

00:07:24.800 --> 00:07:29.199
<v Daina Bouquin>But because they're performed by humans, they're imperfect.

00:07:29.199 --> 00:07:38.800
<v Daina Bouquin>During a ceremony in 2014, a security controller accidentally slammed the door of the safe too hard.

00:07:38.800 --> 00:07:43.759
<v Daina Bouquin>It triggered a seismic sensor, which immediately triggered the automatic door locks.

00:07:43.759 --> 00:07:49.199
<v Daina Bouquin>The administrators and the key holders were suddenly trapped inside the metal cage.

00:07:49.199 --> 00:07:57.279
<v Daina Bouquin>They stood there in quiet panic for six minutes until someone finally triggered an evacuation alarm.

00:07:57.279 --> 00:08:01.279
<v Daina Bouquin>The sirens blared and everyone piled into the hallway.

00:08:01.279 --> 00:08:04.959
<v Daina Bouquin>They ate Oreos and Cheez-Its until the system reset.

00:08:04.959 --> 00:08:11.600
<v Daina Bouquin>In 2020, the sophisticated lock on one of the safes simply broke.

00:08:11.600 --> 00:08:22.560
<v Daina Bouquin>A certified locksmith had to be called in, and the people holding the keys to the internet had to sit around for over 20 hours while a guy with a drill tried to bust open the door.

00:08:22.560 --> 00:08:27.120
<v Daina Bouquin>There are also backup key holders.

00:08:27.120 --> 00:08:38.399
<v Daina Bouquin>People entrusted with smart cards containing a fragment of code needed to rebuild the key generating machine from scratch in case something calamitous happens.

00:08:38.399 --> 00:08:48.000
<v Daina Bouquin>Once a year, these people take a photograph of themselves holding their key next to that day's newspaper, just to confirm that all is well.

00:08:48.000 --> 00:08:54.240
<v Daina Bouquin>The room also needs to be kept clean, but cleaners aren't allowed inside.

00:08:54.240 --> 00:09:03.360
<v Daina Bouquin>Anne-Marie Eklund Löwinder was known for meticulously vacuuming the room with a $20 dustbuster.

00:09:03.360 --> 00:09:10.559
<v Daina Bouquin>After the room is clean and the cage is unlocked, everything is laid out on a table.

00:09:10.559 --> 00:09:12.799
<v Daina Bouquin>Cameras are recording.

00:09:12.799 --> 00:09:20.000
<v Daina Bouquin>The encrypted requests are loaded via a USB drive.

00:09:20.000 --> 00:09:22.320
<v Daina Bouquin>The smart cards are inserted.

00:09:22.320 --> 00:09:25.519
<v Daina Bouquin>This process takes time.

00:09:25.519 --> 00:09:30.320
<v Daina Bouquin>In all, the ceremony usually takes roughly four to five hours.

00:09:30.320 --> 00:09:35.600
<v Daina Bouquin>But then it's time for the final command.

00:09:35.600 --> 00:09:39.759
<v Daina Bouquin>The Ceremony Administrator types a single letter.

00:09:39.759 --> 00:09:42.159
<v Daina Bouquin>Y for yes.

00:09:42.159 --> 00:09:48.240
<v Daina Bouquin>With that single keystroke, the dramatic portion of the ceremony ends.

00:09:48.240 --> 00:09:52.240
<v Daina Bouquin>The root of the internet is cryptographically signed.

00:09:52.240 --> 00:09:54.879
<v Daina Bouquin>The directory is authenticated.

00:09:54.879 --> 00:09:59.200
<v Daina Bouquin>And the digital world is secured for a few more months.

00:09:59.200 --> 00:10:02.960
<v Daina Bouquin>The logs are printed.

00:10:02.960 --> 00:10:08.240
<v Daina Bouquin>The smart cards are sealed back into new tamper-evident bags.

00:10:08.240 --> 00:10:11.679
<v Daina Bouquin>The heavy safes clang shut and are locked.

00:10:11.679 --> 00:10:17.600
<v Daina Bouquin>And the crypto officers scatter back across the globe, returning to their normal lives.

00:10:17.600 --> 00:10:23.200
<v Daina Bouquin>We like to think the internet is a machine.

00:10:23.200 --> 00:10:29.759
<v Daina Bouquin>An indestructible web built on software, mathematics, and fiber optic cables.

00:10:29.759 --> 00:10:31.759
<v Daina Bouquin>But it isn't.

00:10:31.759 --> 00:10:36.240
<v Daina Bouquin>It is a fragile thing held together by strangers.

00:10:36.240 --> 00:10:48.960
<v Daina Bouquin>Strangers who pack their bags four times a year, who fly across oceans to sit in a windowless room, who submit their eyes to scanners, and turn metal keys in unison.

00:10:48.960 --> 00:10:53.440
<v Daina Bouquin>They don't do it because the code requires an audience.

00:10:53.440 --> 00:10:55.519
<v Daina Bouquin>They do it because we do.

00:10:55.519 --> 00:11:05.519
<v Daina Bouquin>Because we need to know that someone is out there in the dark, calling out the passwords and making sure the gates are locked until morning.

00:11:05.519 --> 00:11:12.080
<v Daina Bouquin>I'm Daina Bouquin, and this is Lore in the Machine.