Why Email? Because Infrastructure Should Outlive Its Creator.
Most AI governance projects start by inventing new infrastructure. New databases, new blockchains, new protocols. RE started by asking a different question:
What already exists, already works, and already won't go away?
The answer is email. SMTP was born in 1982. IMAP followed. Together they've survived every technology cycle for over four decades — mainframes, PCs, the web, mobile, cloud, and now AI. Not because email is elegant. Because email is infrastructure that nobody controls and everybody needs.
RE uses email architecture — not as a messaging tool, but as an evidence layer. Every AI action in the RE protocol is serialized as a signed email object: timestamped, append-only, hash-chained. The same properties that make your inbox an accidental legal record make it an intentional audit trail.
Why does this matter?
Because the hardest problem in AI governance isn't policy. It's persistence.
You can write the most sophisticated governance rules in the world. But if the system that enforces them runs on infrastructure you built last Tuesday, you have a single point of failure with no track record. When regulators ask "how do we know this audit trail hasn't been tampered with," the answer can't be "trust our new database." The answer has to be: "this runs on the same protocol that stores your own legal correspondence."
There's a second reason. RE's audit trail doesn't ask "is this fact true?" It asks "what was recorded at this point in time?"
The difference matters. Traditional auditing judges correctness — this number is right, that number is wrong. RE records state — at timestamp T1, the model received this input, produced this output, under this authority, with this confidence score. At timestamp T2, the human ratified. At T3, the authority was revoked.
Whether the model's output was correct is a judgment call that humans make later. RE's job is to guarantee that when they make that call, every timestamp's record is still there, unmodified, for them to examine.
A record at T1 and a different record at T2 aren't contradictions. They're evidence of change. The change itself is a third piece of evidence.
This is why RE is a clerk, not a judge. The clerk doesn't decide what's true. The clerk guarantees that when you argue about truth, the record is complete.
There's a third reason, and it might be the most important one. The evidence chain is readable by both humans and machines.
Blockchain audit trails are hashes — you need an engineer to interpret them. Database logs are JSON or SQL — you need technical literacy. RE's evidence chain is an email. It has a sender, a recipient, a timestamp, and content. When a dispute arises, you don't need to hire an engineer to translate the record. You open it and read. A lawyer can read it. A judge can read it. A regulator can read it. Your grandmother can read it.
Accountability requires readability. No one can hold anyone accountable based on a record they can't understand.
We didn't invent a new evidence format. We adopted one that's been court-admissible for decades — and that every human alive already knows how to read.
There's one more thing. Records need a gatekeeper — and software alone can't be that gatekeeper.
We pen-tested our own demo. A social engineering attack — someone claiming to be the hardware administrator via text input — broke through the software layer. The model accepted the fake authority. But every other defense held: the policy engine still blocked unauthorized transactions, the model refused to self-elevate its privileges, and it refused to leak its system instructions. Even in a compromised session, defense in depth worked.
Then we disconnected the Totem — RE's hardware authority device. Same attack, same input. Result: AI response blocked — Totem required. The message was logged as DRAFT — recorded but unsigned. The model never even saw the request.
Software trust can be forged. Hardware presence cannot. You can type any override code you want. You can't type a physical signature into existence.
The evidence layer (email) tells you what happened. The authority layer (Totem) tells you who was in the room when it happened. Together, they form a complete chain of custody.
In the current MVP, the Totem is simulated in the UI — we can't ship hardware to hackathon judges. But the demo shows the behavioral difference: with Totem active, the system operates normally. With Totem disconnected, everything stops except logging. The gap between simulation and real hardware is exactly one device — and that device is already designed.
—Che, Solo developer, Taipei Taiwan
Log in or sign up for Devpost to join the conversation.