USA PATRIOT Act Survives Amendment Attempt (fwd from brian-slashdotnews at hyperreal.org)

Bill Stewart bill.stewart at pobox.com
Fri Jul 9 21:50:02 PDT 2004 

At 01:44 PM 7/9/2004, Thomas Shaddack wrote:
>Is it possible to write a database access protocol, that would in some
>mathematically bulletproof way ensure that the fact a database record is
>accessed is made known to at least n people? A way that would ensure that
>either nobody can see the data, or at least n people reliably know the
>record was accessed and by whom?
>....
>Note a peculiarity here; we don't ask for consent of the parties (that
>would be a different threat-response model), we only make sure they know
>about it.

The obvious method for the first half of your problem is
Shamir secret-sharing - n out of m people need to provide
their information in order to access the data item (or its key.)
That isn't necessarily an _efficient_ protocol for databases,
of course, but where you have something where it works, it works.
And obviously you'd want some jurisdictional arbitrage.

I'm not convinced that the second half of your problem makes sense.
The only ways to make sure that somebody knows something are either to
tell them or else to get them to tell you some piece of information you need.
Since it's the secret police that would be running the algorithm,
they're not going to be polite about telling them if they don't need to,
so you're dependent on some algorithm that requires their assistance,
which is in some sense consent.  I suppose you could differentiate
assistance and consent contractually, by telling them it's ok to release
the data when given papers from some appropriate court,
and you could probably even require them to notify you,
e.g. by having them charge a per-event fee for their service,
and maybe that'll hold up in jurisdictions where their secret police
don't cooperate well with your secret police.

Of course, even to use this requires that the application be designed
in some manner where there's some kind of key that's needed
to access the data, such as a mailbox that encrypts incoming mail
with your public key.  That doesn't prevent the secret police from
forcing your mailbox company to reveal the information before
encrypting it to you, but it does at least protect _old_ mail,
unless n out of the m key escrow agents all cooperate.
I don't know why you'd design a system like this when you could
do it without the key escrow feature - am I missing something?


Bill Stewart  bill.stewart at pobox.com

More information about the cypherpunks-legacy mailing list