From: iang at systemics dot com (Ian Grigg)
Subject:  Obituary - Gary Howland - 197? - 2002
Date: Tue, 17 Dec 2002 12:34:47 -0500
To: Digital Bearer Settlement List <>

Obituary - Gary Howland - 197? - 2002

I first met Gary in 1990.  I was the team leader for a
big telecoms project and he was one of the 1000 CVs that
crossed my desk that summer.

Of those 1000, I interviewed about 50, and we ended up
with a technical team of 20.  Most were contractors from
the huge pool of British labour, but from my jaundiced
view, only 4 on our team rated as contractors.

Gary was one of those 4.  He was only just out of college,
the polytechnic at Brighton.  But his CV included all that
splattering of Unix acronyms that made you feel that here
was a kindred spirit, one who learnt in spite of the academic

We shared that time together, the vast tense year at ICL
where we all made too much money and lived like there was
no impending recession.  Hard coding, hard driving;  Gary
in his girlfriend's 924 was as fast as I was, at track day
with the Porsche club, in my 928.

He was fast with the code, too, when a fire could be lighted
under him.  He once replaced a 3 month project in 3 days.
For the most part he was slow and careful, thoughtful,
complete and perenially late.  But when a deadline hit,
he could fly.  He was the only person I could trust the
sys admin role to, and he was the lowest paid contractor
in the building.

Fast forward to 1995.  I'd had my Spanish adventure, Gary
had done his contracting stint in Germany, where he met
his long term girlfriend, Inka.  He'd hooked up with a
new outfit in Amsterdam, some crazy guys doing money on
the net, called DigiCash.

Gary fed me the papers and fed me the story.  Using
cryptography, David Chaum had invented a way to solve
the privacy problem so that coins could be simulated on
the net.  As I sat in finance classes in London, I
realised that bonds were just a more broad definition
of money.  We agreed that there was more to this than
the guys at DigiCash had thought about, so we agreed to
try out our hand at the finance area.

Gary was one of the first true financial cryptographers.
He intuitively knew that DigiCash would fail.  Not because
of their software, which was good, but because their business
was misdirected.  He also knew that the bearer idea wouldn't
survive.  Not because it wasn't beautiful - it was the most
extraordinary discovery in the last decade - but because it
didn't solve the bank robbery problem.  He was a superlative
cryptoplumber, but he understood intimately how the real
action was in determining the business requirements without
being blinded by the science.

Our early plans, hatched over email, assumed we could
license DigiCash's software, but that was scotched pretty
quickly.  So, Gary took on the task of designing a payment
system for our venture.

It wasn't easy.  We had to address the bank robbery problem,
and we had to retain the privacy.  Those goals were eventually
to coalesce as contradictions, and the way he walked the line
became known as SOX.

I believe SOX is Gary's legacy to the world.  It is capabilities
for the Internet.  It is strong crypto, and it is private.  It
is extensible, it is flexible, and reliable.  I mean, reliable
in a deterministic way:  we can guarantee correct results over
SOX transactions that can only be imagined in other protocols.

It technically dominated the bearer model, in a way that only
a few could grasp.  It was also a computer science solution,
a value that only came to be fully appreciated when we found
how trivial it was to add David Chaum's bearer tokens to SOX.

Gary, Mike and I, built the SOX protocol into Ricardo, a
complete payment system that operated as the settlement
and transfer layers for financial trading.  We ran bonds,
trading them at night so that all our bond holders around
the world had a chance to access the market.  At 9.15 pm
every night, Gary's 100MHz desktop blared out the theme
song for the James Bond movies, to announce the start of
trading;  his workstation was also our one and only
Issuance server, as well as the Exchange.

While they were at it, they wrote Cryptix.  Gary did the
Perl code for all our needs, and supervised Mike on the
first version of the Java native interfaces, all to Gary's
design and core library in C.  When we published Cryptix as
complete open source crypto for Java and Perl, it was the
first and only crypto available for Java, then, an emerging

Our decision to put out the Java cryptography libraries,
later rewritten by Gary to be pure Java, set the scene for
all Java crypto.  It was critical in forcing Sun to write
a crypto API that was relatively open, even though they
were under tremendous pressure from the US government.
In a silent, secret and private war, Gary fought against
the behemoth known to us all as "the TLAs" in their bid
to control the worldwide flow of information over our

When the Clinton administration capitulated in early 2000,
it was because of Gary Howland and other fellow spirits
- the authors of Crypto++, SSLeay, and all of the Cryptix
programmers to follow in his footsteps.  Their committment
to always keep the art of cryptography an accessible, open
tool for the people survives Gary.  We will always publish
free crypto as long as we remain free programmers, and a
free people.

Like so many of the dotcom dreams to come, our trading
adventure ran out of cash, and we took pause.  We split,
we both went back to contracting, and we paid off our debts.

He and Inka lived for a while on the island of Anguilla.
There, the Financial Cryptography conference had employed
him in '97 and '98 to teach the art of payment systems at
"boot camp".

Gary worked with Vince Cate's SAXAS for a while, and when I
caught up with him over a Grolsch in an Amsterdam bar, we
laughed as he told me how he had spent most of the time
trying to inject SOX ideas into SAXAS.  We had great visions
of Anguilla being the financial cryptography centre of the
universe; at one stage, there were over 10 people working
there on various projects, but, like many things, the dream
faded as the field failed to take off, and frustration with
the local bureaucracy scared too many people away.

We both believed SOX was perfect.  I contracted him to rewrite
it in late 1998, and he did so.  Except for the minor disaster
of using x.509 certificates, the OpenPGP-based SOX-2 is what
we use today, four years later.  As always, it has been open
sourced, protocols that good deserve to be free.

Gary died last week of a heroin overdose in a friend's London
appartment.  He'd been on it for a long time, but was well
used to keeping the secret.  I only learnt of his affliction
well after we had split up.

I often wondered whether I'd change my mind about drugs when
someone close was killed.  Maybe I'd go rabid and insist on
all those bastards being killed or incarcerated without trial,
as seemed to be the response of others.  Maybe I'd sign on
for a term of service with the War on Drugs.  (These days,
it would be Homeland Defence, licensed to hack.)

On reflection, I can only say that Gary's death underscores
futility of the War on Drugs.  The developments in Europe,
Australia, and now some states in the US, as country after
country seeks to decriminalise drugs, remain our only hope
of a civilised response to the health problem that is addiction.
If Gary had lived in a society that hadn't forced the dirty
secret on him, he might have got the support and community
that would have helped him.  I don't know that I could have
done anything there, but maybe someone else could have.

Financial cryptographers don't die, they just cease to be
atomic.  Wherever he is, Gary would have laughed to know
that his work will be the subject of scrutiny by the TLAs,
once again.  This time, from the other side;  in the same
week that Gary died, we filed all forms imaginable - four
boxes-worth carried by hand in through the doors of the SEC
headquarters in Washington, D.C. - to start a new financial
system in the USA.  Using Gary's SOX, of course.