(fwd) Markus Kuhn on eternity
Markus Kuhn (on ukcrypto) discussing his PhD project: the design of an eternity file system with a distributed administration function system controlled via a cryptographically enforced digital constitution. Comments to follow. Adam ====================================================================== To: ukcrypto@maillist.ox.ac.uk Subject: Re: intangible definitions are hard to pin down Date: Thu, 19 Nov 1998 16:28:21 +0000 From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk> Ben Laurie wrote on 1998-11-19 12:22 UTC:
Ross Anderson wrote:
It will get worse. One of my students is developing a file system that can be spread over a WAN, so that for example you can force all file modifications in directory foo to be backed up automatially using a kind of RCS at a server in America. Useful stuff - real businesses are much more interested in backup and disaster recovery than they are in crypto (and spend a couple of orders of magnitude more money). But how does this sort of system interact with export control?
Cool - is this going to be open source?
Of course.
Presumably, even though, as you say, businesses are less interested in crypto, it will, nevertheless, use crypto for data protection and user authentication?
Of course. The main research aspect of this project is the joint administration of such distributed archives. For spam protection, you still need people who decide, which files are allowed on the distributed server infrastructure, and which are not. This administration is so far the weak link in the Eternity Service concept, because whoever decides that something is not spam takes over some responsibility for the content, and is therefore subject to legal power of national powers. The distributed administration in my system will be controlled via a sort of cryptographically enforced digital constitution (written in a tiny special purpose functional programming language) that determines administrative rights in a freely configurable way for a distributed server architecture (allowing elections, votes, vetoes, impeachment, updates to the constitution, etc.). This way, no single person will be responsible for the maintenance of such international software repositories, but a (usually international) group of democratically controlled volunteers does this. This way, US people can easily contribute to the administration of such distributed archives without having to share any legal responsibility for the fact that the archive also contains export controlled software, because the majority of administrators and not some single citizen alone has decided which files are allowed to use server space. The goal of this project is of course not primarily to by-pass export controls. It will hopefully advance the state-of-the-art of how we use the Internet to distribute information to a point where classical export control laws and national control of Internet content in general are led completely ad absurdum, without enabling at the same time the wide distribution and robust long-term storage of commonly considered despicable material such as child pornography, instructions for building weapons of mass destruction, or unwanted commercial advertising. In fact, by providing easy to configure governmental mechanisms comparable to those national governments are based on for software repositories, we distribute the responsibility in a cryptographically enforced way over the thousands or millions of users of such archives, effectively bypassing any control of national governments, without the negative aspects of complete anarchy (spam). To avoid misunderstandings: the ultimate idea is not to just by-pass national laws, but to offer a productive and democratic alternative technical means for controlling online resources, because the classical options of either national legislation and complete anarchy both have serious problems. Markus (Ross' student, who tries to get a PhD for developing a theoretical foundation and practical implementation of global-scale jointly administrated file spaces) -- Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK Email: mkuhn at acm.org, WWW: <http://www.cl.cam.ac.uk/~mgk25/>
Markus Kuhn wrote:
The main research aspect of this project is the joint administration of such distributed archives. For spam protection, you still need people who decide, which files are allowed on the distributed server infrastructure, and which are not.
I think a better deciding factor of which files remain and which don't is hard, anonymous ecash. Allow the author, or server to charge for storage, and charge for access. Allow readers to contribute ecash to the continued existance of a data. Throw the lot together and let profit maximisation sort the rest out.
This administration is so far the weak link in the Eternity Service concept, because whoever decides that something is not spam takes over some responsibility for the content, and is therefore subject to legal power of national powers.
Anonymous ecash leaves noone (identifiable) deciding anything, just people paying for encrypted secret split data to be stored and for encrypted data to be transmitted.
The distributed administration in my system will be controlled via a sort of cryptographically enforced digital constitution (written in a tiny special purpose functional programming language) that determines administrative rights in a freely configurable way for a distributed server architecture (allowing elections, votes, vetoes, impeachment, updates to the constitution, etc.).
Wew. Re-inventing democracy and all the problems that go with in the electronic world! Sounds like this will re-invent `the tyranny of the majority' syndrome. I would prefer to see this kind imposition of majority views considered a subscriber filtering service ontop of the document space. This is then a canonicalization of the comment that "if you don't like reading X, then don't read it!". And also eternity itself is an attempt to provide an efficient implemention, with cryptographic assurance, of John Gilmore's quote "The 'net views censorship as damage and routes around it". To give an example, subscriber group X, let us say hard line muslims (no images of females exposing any part of their body) choose to set up an approved "view" (in the database sense) of the documents the eternity distributed database then anyone who chooses can subscribe to this view, fund it, vote in it's constitution (or sit passively in it's dictatorship) as they see fit. Similarly anyone is free to set up their own, new filtering services, or to use no filtering service at all! Possibly this is the way you view the filtering service too, though if this is the case I would suggest use of language such as "filter out" in place of "delete", as delete suggests that someone or several someones under a democratic constitution (or any other expressible voting scheme) are able to prevent others from paying for the distribution of data of interest only to a minority.
This way, no single person will be responsible for the maintenance of such international software repositories, but a (usually international) group of democratically controlled volunteers does this. This way, US people can easily contribute to the administration of such distributed archives without having to share any legal responsibility for the fact that the archive also contains export controlled software, because the majority of administrators and not some single citizen alone has decided which files are allowed to use server space.
I think a better solution to the problem of an identitifiable individual being viewed (by governments) as responsible for the existance of a document is anonymity. That way, the factions of the US government interested in controlling bit-flow don't know who submitted the document, nor who voted with hard ecash to keep it there.
without enabling at the same time the wide distribution and robust long-term storage of commonly considered despicable material such as child pornography, instructions for building weapons of mass destruction, or unwanted commercial advertising.
I don't think this is possible, or advisable even. Cash is a better metric of interest in data, trying to think in other terms just means someone else will make the money. John Gilmore's quote in monetary terms. The question is whether one believes in unconditional free speech or not. I suggest that those who believe in conditional free speech would be wrong if their belief led them to try to deprive others of unconditional free speech rather than setting up and subscribing along other like-minded types to filtering services. The muslims in the example above may view images of females showing their faces as extreme heresy, worthy of the death penalty. One has to accomodate differing views of what is acceptable. There is no world view on what is acceptable, therefore I propose that a better solution is to consider filtering. The existance of data does not hurt people. People who object to the availability of data are advocating the creation of `thought crime'.
In fact, by providing easy to configure governmental mechanisms comparable to those national governments are based on for software repositories, we distribute the responsibility in a cryptographically enforced way over the thousands or millions of users of such archives, effectively bypassing any control of national governments, without the negative aspects of complete anarchy (s**m).
Filtering and rating services can provide an effective method of avoiding reading data one is uninterested in. If someone else is interested enough in the availability of data to pay ecash to ensure it's availability why would anyone else be interested to prevent this. In a straight-forward translation of the voting scheme to monetary voting, we might if we were not careful result in a system where others (censors) are able to cast negative monetary votes by paying servers not to distribute certain bit strings. I think an eternity system should view this as a cryptographic attack to be designed around. Design the system so that the server can not be bribed to not distribute certain data by dint of not being able to recognise it. Adam
participants (1)
-
Adam Back