Capability-based snail mail and ending junk mail

[   security   econ   ]            

Here is a question: why should knowledge of my address grant anyone in the world (inlcuding both L.L. Bean and Unabombers) the capability to cause a physical artifact to be delivered to my place of residence? Moreover, anyone with knowledge of my address retains this capability until the end of time, at least until I move! If we were designing a physical delivery network from scratch today, in the age of software, is this really how we’d choose to set things up? Clearly not! Here is a proposal:

• I have a public/private key pair. If I want to allow Bob to send me something, I cryptographically sign the string "Bob <bob public key> may send me one piece of mail, weighing less than 10 oz, anytime in the next week". If I want Bob to be able to send me something once per month, I sign something to that effect. I send this signed statement to Bob, say in an email. You can see how this is going to work…
• Bob now presents this signed statement to the mail delivery network. They verify that I have in fact signed the statement, and that the sender is in fact Bob (or someone with access to Bob’s private key), and assuming it all checks out, they accept the package, send it through their network, and deliver it to my doorstep. Notice that including Bob’s public key makes these authentication tokens nontransferrable!
• If I buy something online, we can see how this process of authentication could be seamlessly integrated into the normal shopping cart experience.
• What about if someone I don’t know wants to sent me something? They can send me an electronic message of some sort, asking for the privilege. I can choose to have various policies in place (all automatable, with software), like–allow paper letters from anyone I am friends with on Facebook, say, or allow paper letters from anyone providing they pay $50 for the privilege (which both I and the mail carrier get a cut of). Governments needing to send jury duty and tax notices can be granted a token that allows for lifetime delivery of certain types of messages.
• Notice that the extra level of indirection means I only have to update my physical address in one place when I move, and the sender does not learn my physical address as a consequence of my authorizing delivery of a piece of mail! I could even set up rules which direct mail from senders I don’t know to one location (a PO box I check once a month) and mail from senders I’ve whitelisted to my home mailbox.
• Also notice this system eliminates junk mail. I explicitly opt in to what mail I do receive. If I do choose to allow mail from strangers, I set the price strangers pay for this capability, and I receive a cut of the proceeds. By definition, any mail I receive is mail I want! Contrast this with the current system, where the mail carrier sets the price, gets all the money, and the consumer is left with piles of junk mail to go through every week.

Will such a system ever be adopted? Probably not. If the quantity of junk mail I receive is any indication, the postal service is a lot closer to an advertising-supported business. They make most of their money selling ‘ads’ (the right to deliver junk mail I haven’t asked for). Like any ad-supported business, they are torn between enacting policies that are good for ad revenue and enacting policies that benefit their users. These two forces aren’t always (or often) aligned. It doesn’t help that the postal service has a legally enforced monopoly on letter delivery—private companies are simply not allowed to use my physical mailbox, even if I wanted to allow it! Whereas at least Google, Facebook, Twitter, and the like have some incentive to not make ads too annoying (lest users migrate to other services), the postal service has a captive market and no real impetus to innovate, at least in the area of letter delivery.