USA PATRIOT Act Survives Amendment Attempt (fwd from brian-slashdotnews at hyperreal.org)

[alan]

On Fri, 9 Jul 2004, Thomas Shaddack wrote:

> 
> On Fri, 9 Jul 2004, Steve Schear wrote:
> 
> > Quite a few book stores (including the local Half-Priced Books) now keep no
> > records not required and some do not even automate and encourage their patron
> > to pay cash.  In California book sellers to such used/remaindered stores must
> > identify themselves for tax purposes.
> 
> The Patriot gag orders lead me to a thought.
> 
> Is it possible to write a database access protocol, that would in some 
> mathematically bulletproof way ensure that the fact a database record is 
> accessed is made known to at least n people? A way that would ensure that 
> either nobody can see the data, or at least n people reliably know the 
> record was accessed and by whom?
> 
> When somebody comes with a paper and asks for the data, the one currently 
> in charge of the database has to give them out, and may be gag-ordered. 
> However, when way too many people know about a secret, which the protocol 
> should ensure, it's better chance it leaks out, and less likely to 
> identify the one person responsible for the leak, who could be jailed 
> then. Especially when at least one of n is outside of the reach of the 
> paws of the given jurisdiction.
> 
> The question is this: How to allow access to a specific file/db record in 
> a way that it can't be achieved without a specified list of parties (or, 
> for added system reliability, at least m of n parties) reliably knowing 
> about who and when accessed what record? With any attempt to prevent the 
> parties from knowing about the access leading to access failure?
> 
> Note a peculiarity here; we don't ask for consent of the parties (that 
> would be a different threat-response model), we only make sure they know 
> about it. (We can deny the access, when at least (n-m)+1 parties refuse to 
> participate, though.)

That would crash the system.