Sherry Mayo posted here a while back a reference to Ross Anderson's Eternity service paper, <URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib >. He is also giving an invited talk on the subject this fall at a crypto conference in Prague. The goal of the Eternity service is to make published information permanently and ineradicably available, despite efforts on the part of powerful attackers to destroy it. The attack model explicitly includes governments. This has obvious relevance to current controversies involving copyright, trade secrets, etc. It's difficult to evaluate the proposal because many of the issues seem more legal than technical. Can a service like this, which would seemingly exist largely to circumvent legal restrictions on publishing, possibly be legal? Anderson's basic concept is of a network of storage servers in widely scattered jurisdictions. He uses cryptography so that although the servers store data, no single computer knows exactly what is stored in the encrypted files it holds. Keys to the data are spread across the network using secret sharing techniques, with mutual cooperation among the servers being necessary to decrypt files. (I believe the files themselves are redundantly stored on individual servers, but they are encrypted with keys which are split.) Anonymous communications are used among the network of computers to reply to requests, so that attackers can't tell which computer produced a requested document. The overall goal is apparently to arrange things so that each individual server has a level of deniability if they are accused of having provided information which is illegal in some jurisdictions. It can deny having produced any particular document in question, and if everything is designed properly it is not possible to prove otherwise (other than by subverting a bunch of the other servers). I won't try to go into much detail here (actually I found some of the crypto details kind of hard to follow in the paper, but I will write up my understanding if there is interest) but some of the other ideas are that the service would charge money enough to cover its costs and add new equipment as storage requirements increase (to prevent flooding attacks), and that requests would be submitted by broadcast to the network of servers, and information returned via a remailer network. The documents would be identified by some global names, and one of the documents would be an index file which identifies the others, with descriptions. A few questions for discussion: - Would it be possible in practice to run a network like this? - Would there be much interest in it among users? - Would it be a net benefit to society for such a service to exist? Hal