1998-01-23 - Re: How to eliminate liability?

Header Data

From: Bill Stewart <bill.stewart@pobox.com>
To: “John M” <cypherpunks@toad.com
Message Hash: 906f447afa5b4e2f1d02c51123287a724a603c8f540389962423494a52e5edcb
Message ID: <3.0.5.32.19980123000851.00839a40@popd.ix.netcom.com>
Reply To: <19980123052334.20406.qmail@hotmail.com>
UTC Datetime: 1998-01-23 08:15:35 UTC
Raw Date: Fri, 23 Jan 1998 16:15:35 +0800

Raw message

From: Bill Stewart <bill.stewart@pobox.com>
Date: Fri, 23 Jan 1998 16:15:35 +0800
To: "John M" <cypherpunks@toad.com
Subject: Re: How to eliminate liability?
In-Reply-To: <19980123052334.20406.qmail@hotmail.com>
Message-ID: <3.0.5.32.19980123000851.00839a40@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 09:23 PM 1/22/98 PST, John M wrote:
>There has been considerable discussion recently about datahavens, how no 
>one physical location in meatspace is safe, and how there is no single 
>place on earth that a datahaven could exist that would accept all kinds 
>of information.
>Well, what about spreading the information out?  Something simple like 
> [...] and spread it to several servers.  This way no one server has all 
>the information necessary to recreate the "offending" information and if 
>one server gets "hit" (killed), the information can still be regenerated 
>from the the information and ECC from the other servers.

Secret Sharing is easy, and there are a number of implementations with
useful properties like being able to read the original from K of N parts.*
The problem is how to implement it in ways that protect the server
operators as well as the information providers.  For instance,
the author's client software can do the split and send the shares too
different servers, and make sure the readers know how to find the pieces;
this can even be automated enough to make it convenient.
This not only makes it hard for the Bad Guys to find the pieces,
it makes it impossible for the data haven provider to know what's
being stored there, and even if the site is siezed it doesn't give up
the critical information.  This is a Good Thing, and we've discussed it.

On the other hand, what happens if a Bad Guy wants to entrap the operator,
by planting child pornography, pirated software, and TOP SECRET data
in the data haven, advertising on Usenet and then calling the cops.  
Anybody, including the cops, can retrieve the contraband and bust them.
So what are the alternatives, besides obviously encrypting your disks
so it's harder to determine what's on them besides the plant,
and the ever popular "don't let them find your physical location"?
Perhaps the data haven can do the split and farm the data out to
other data havens - but how do they know the data they're receiving
is really a slice of contraband data instead of Yet Another Plant?
It gets pretty convoluted.

[* You can read about secret sharing in Schneier. ]
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639






Thread