Live, From Twenty Minutes Into The Future

by Robert Auerbach <robert@robertauerbach.us>

Live, From Twenty Minutes Into the Future is ©2025, Robert Auerbach. It is released under the Creative Commons Attribution-NoDerivs license (viewable at that link).

There was an amazing late-1980s science fiction television show called Max Headroom. The central conceit can be summed up in its subtitle: “20 Minutes Into the Future.” It made quite an impression on me at a formative age because the Gibsonian future it painted was (a) just twenty minutes away, and (b) so plausible. In one episode, a hacker digitally alters a recording such that it misrepresents history, and this turns into an important plot point.

Bear with me, I’m getting somewhere.

About that same time I attended GenCon (hi, Dad, remember that trip?) and met a game designer named “Maximum” Mike Pondsmith, who was also a big Max Headroom fan. Mike took me seriously, despite my young age, and we had a good talk about what life would be like in twenty minutes — give or take a decade or two. Mike was deathly concerned history would become multiple choice: once the ability to do photorealistic fakery became commonplace there would no longer be one photojournalistic narrative, but a panoply of competing politically-motivated narratives, with battles of the experts all declaring one to be true and the other fakes. In such an environment, Maximum Mike was concerned, the body politic would fracture with each faction believing it was the only one honestly pursuing the truth, and the others were all deceivers and liars pushing false narratives.

Welcome to 2025. Twenty minutes have passed.

Fake news.

But wait, it’s getting even worse. This week, someone — quite likely a hostile nation-state — used generative AI to mimic the voice of Marco Rubio, and lined up conversations with senior government officials in which fake-Rubio attempted to get people’s logins and passwords for government IT systems. We’re also seeing scam artists go after the ultrawealthy in a similar way, using their mimicked names in attempts to authorize large bank transfers.

In twenty minutes they’ll be targeting retirees.

Already, as in right now, generative AI is good enough that it can mimic you or me without any trouble. It probably can’t sustain it for a full conversation, but it certainly can for one or two messages.

Imagine how much hell could be generated with one or two emails that seem to come from you.

Do you know anyone who would be motivated to do that hell? Do any of them have the tech skills to pull off such an impersonation? Do any of them have the time and resources necessary to do it?

Probably not. But that risk factor only increases over time: it never decreases.

Likewise, right now generative AI can fake you in one or two emails: in the future it will take more and more data to discover the fraud.

Review those questions again in a little bit and you’ll discover the answers have changed, maybe by a little, maybe by a lot, but always in the direction of “things are getting worse.” (“The trouble with ‘normal’ is, it‘s always getting worse!” — Bruce Cockburn)

Magic 8-ball hazy: try again in twenty minutes.

The good news is that for email, at least, there’s something we can do to make this harder on grifters and frauds. Not impossible, but harder: and if you know me, you know what my standards are for saying a technical task becomes “harder”.

You can start using digital signatures.

Start by considering what it means to multiply two numbers. If I ask you to multiply 37 by 73, it takes under a minute to realize it’s 2701. Multiplication is a very fast problem.

Factorization — discovering what numbers multiplied together yield another — is hard. If I give you the number 2701 and ask you what its factors are, that’s hard. Factorization is a very slow problem.

But some slow problems are only kind of slow. If I give you some information about the problem, solving it becomes trivial. “Factorize 2701. Hint: one of the factors is 73.” Now it’s just long division: 2701 divided by 73 is 37, bang, you’re done. With additional information about the problem, solving it becomes easy.

Congratulations: you now know how asymmetric cryptography works — without any of the annoying mathematical lecture that normally goes along with such. Basically, we convert an email into a math problem that’s easy to solve one way, and ridiculously hard the other, unless you know the trick. These tricks are what we call keys. They make the implausible easy.

Asymmetric cryptography uses two different pieces of data: one is for sharing with the world (the “public key”) and one is to be held by the owner (the “private key”). Anything one key does, the other undoes. You can think of them sort of like addition and subtraction in that way.

The idea is simple: the public key gets shared publicly, put out there for the world to discover. The private key is a closely-held secret.

If I were to encrypt a message using my private key, anyone with the public key could decrypt it and read my message. They would also know something else: only someone with that private key could have encrypted it. So long as you believe I’m the only one in possession of that private key, you can be confident that message originated from me and not some swindler using generative AI.

There are two major standards for email encryption: one is called OpenPGP, the other S/MIME. OpenPGP is, in my opinion, superior, but it’s also harder to use (much harder!) and much less well supported. S/MIME, on the other hand, is reasonably simple to set up and very well supported.

You will discover that all of my recent emails to you have been signed via S/MIME. Often, your email client will tell you (in some subtle way) whether a message bears an S/MIME signature. For instance, on MacOS it looks like this:

/images/SMIME_example.png

Other systems do it differently, of course, and my understanding is free Gmail accounts don’t give any indicator at all. But still.

I’m Robert Auerbach, reporting to you live from twenty minutes into the future, when we have to worry about these things. You at home, twenty minutes in the past, have a little time to prepare appropriately. If twenty minutes ago I lived near you, I was willing to help you get set up with S/MIME; I hope you took me up on that. If I didn’t live near you, well, I hope you were able to find someone near you to sit down with you and get you set up.

Because twenty minutes into the future, you’re going to want to have done this.