From: iang at systemics dot com (Ian Grigg) Subject: Obituary - Gary Howland - 197? - 2002 Date: Tue, 17 Dec 2002 12:34:47 -0500 To: Digital Bearer Settlement List <dbs@philodox.com> Obituary - Gary Howland - 197? - 2002 I first met Gary in 1990. I was the team leader for a big telecoms project and he was one of the 1000 CVs that crossed my desk that summer. Of those 1000, I interviewed about 50, and we ended up with a technical team of 20. Most were contractors from the huge pool of British labour, but from my jaundiced view, only 4 on our team rated as contractors. Gary was one of those 4. He was only just out of college, the polytechnic at Brighton. But his CV included all that splattering of Unix acronyms that made you feel that here was a kindred spirit, one who learnt in spite of the academic environment. We shared that time together, the vast tense year at ICL where we all made too much money and lived like there was no impending recession. Hard coding, hard driving; Gary in his girlfriend's 924 was as fast as I was, at track day with the Porsche club, in my 928. He was fast with the code, too, when a fire could be lighted under him. He once replaced a 3 month project in 3 days. For the most part he was slow and careful, thoughtful, complete and perenially late. But when a deadline hit, he could fly. He was the only person I could trust the sys admin role to, and he was the lowest paid contractor in the building. Fast forward to 1995. I'd had my Spanish adventure, Gary had done his contracting stint in Germany, where he met his long term girlfriend, Inka. He'd hooked up with a new outfit in Amsterdam, some crazy guys doing money on the net, called DigiCash. Gary fed me the papers and fed me the story. Using cryptography, David Chaum had invented a way to solve the privacy problem so that coins could be simulated on the net. As I sat in finance classes in London, I realised that bonds were just a more broad definition of money. We agreed that there was more to this than the guys at DigiCash had thought about, so we agreed to try out our hand at the finance area. Gary was one of the first true financial cryptographers. He intuitively knew that DigiCash would fail. Not because of their software, which was good, but because their business was misdirected. He also knew that the bearer idea wouldn't survive. Not because it wasn't beautiful - it was the most extraordinary discovery in the last decade - but because it didn't solve the bank robbery problem. He was a superlative cryptoplumber, but he understood intimately how the real action was in determining the business requirements without being blinded by the science. Our early plans, hatched over email, assumed we could license DigiCash's software, but that was scotched pretty quickly. So, Gary took on the task of designing a payment system for our venture. It wasn't easy. We had to address the bank robbery problem, and we had to retain the privacy. Those goals were eventually to coalesce as contradictions, and the way he walked the line became known as SOX. I believe SOX is Gary's legacy to the world. It is capabilities for the Internet. It is strong crypto, and it is private. It is extensible, it is flexible, and reliable. I mean, reliable in a deterministic way: we can guarantee correct results over SOX transactions that can only be imagined in other protocols. It technically dominated the bearer model, in a way that only a few could grasp. It was also a computer science solution, a value that only came to be fully appreciated when we found how trivial it was to add David Chaum's bearer tokens to SOX. Gary, Mike and I, built the SOX protocol into Ricardo, a complete payment system that operated as the settlement and transfer layers for financial trading. We ran bonds, trading them at night so that all our bond holders around the world had a chance to access the market. At 9.15 pm every night, Gary's 100MHz desktop blared out the theme song for the James Bond movies, to announce the start of trading; his workstation was also our one and only Issuance server, as well as the Exchange. While they were at it, they wrote Cryptix. Gary did the Perl code for all our needs, and supervised Mike on the first version of the Java native interfaces, all to Gary's design and core library in C. When we published Cryptix as complete open source crypto for Java and Perl, it was the first and only crypto available for Java, then, an emerging language. Our decision to put out the Java cryptography libraries, later rewritten by Gary to be pure Java, set the scene for all Java crypto. It was critical in forcing Sun to write a crypto API that was relatively open, even though they were under tremendous pressure from the US government. In a silent, secret and private war, Gary fought against the behemoth known to us all as "the TLAs" in their bid to control the worldwide flow of information over our Internet. When the Clinton administration capitulated in early 2000, it was because of Gary Howland and other fellow spirits - the authors of Crypto++, SSLeay, and all of the Cryptix programmers to follow in his footsteps. Their committment to always keep the art of cryptography an accessible, open tool for the people survives Gary. We will always publish free crypto as long as we remain free programmers, and a free people. Like so many of the dotcom dreams to come, our trading adventure ran out of cash, and we took pause. We split, we both went back to contracting, and we paid off our debts. He and Inka lived for a while on the island of Anguilla. There, the Financial Cryptography conference had employed him in '97 and '98 to teach the art of payment systems at "boot camp". Gary worked with Vince Cate's SAXAS for a while, and when I caught up with him over a Grolsch in an Amsterdam bar, we laughed as he told me how he had spent most of the time trying to inject SOX ideas into SAXAS. We had great visions of Anguilla being the financial cryptography centre of the universe; at one stage, there were over 10 people working there on various projects, but, like many things, the dream faded as the field failed to take off, and frustration with the local bureaucracy scared too many people away. We both believed SOX was perfect. I contracted him to rewrite it in late 1998, and he did so. Except for the minor disaster of using x.509 certificates, the OpenPGP-based SOX-2 is what we use today, four years later. As always, it has been open sourced, protocols that good deserve to be free. Gary died last week of a heroin overdose in a friend's London appartment. He'd been on it for a long time, but was well used to keeping the secret. I only learnt of his affliction well after we had split up. I often wondered whether I'd change my mind about drugs when someone close was killed. Maybe I'd go rabid and insist on all those bastards being killed or incarcerated without trial, as seemed to be the response of others. Maybe I'd sign on for a term of service with the War on Drugs. (These days, it would be Homeland Defence, licensed to hack.) On reflection, I can only say that Gary's death underscores futility of the War on Drugs. The developments in Europe, Australia, and now some states in the US, as country after country seeks to decriminalise drugs, remain our only hope of a civilised response to the health problem that is addiction. If Gary had lived in a society that hadn't forced the dirty secret on him, he might have got the support and community that would have helped him. I don't know that I could have done anything there, but maybe someone else could have. Financial cryptographers don't die, they just cease to be atomic. Wherever he is, Gary would have laughed to know that his work will be the subject of scrutiny by the TLAs, once again. This time, from the other side; in the same week that Gary died, we filed all forms imaginable - four boxes-worth carried by hand in through the doors of the SEC headquarters in Washington, D.C. - to start a new financial system in the USA. Using Gary's SOX, of course. -- iang