[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to eliminate liability?




Bill,

Thanks for your response.  Such a simple idea, I kinda figgered (was 
hoping) that it was already thought of, but I hadn't heard of it.  I 
have been meaning to buy Schneier's book...

One of my points, however, is that if the division of the encrypted 
information is done properly, even if the private key were deduced by 
whatever means, all they would find is (for instance) the high order 
bits and some ECC, but nothing that could be used to regenerate any 
meaningful information without the other parts.  Because of this, I have 
been asking myself, how could any one datahaven operator be held 
responsible for holding classified, porn, or other information if they 
only have a meaningless slice of it?

Perhaps this is more a legal question (even more out of my league) than 
anything...  Any comments?


>Secret Sharing is easy, and there are a number of implementations with
>useful properties like being able to read the original from K of N 
parts.*
>The problem is how to implement it in ways that protect the server
>operators as well as the information providers.  For instance,
>the author's client software can do the split and send the shares too
>different servers, and make sure the readers know how to find the 
pieces;
>this can even be automated enough to make it convenient.
>This not only makes it hard for the Bad Guys to find the pieces,
>it makes it impossible for the data haven provider to know what's
>being stored there, and even if the site is siezed it doesn't give up
>the critical information.  This is a Good Thing, and we've discussed 
it.
>
>On the other hand, what happens if a Bad Guy wants to entrap the 
operator,
>by planting child pornography, pirated software, and TOP SECRET data
>in the data haven, advertising on Usenet and then calling the cops.  
>Anybody, including the cops, can retrieve the contraband and bust them.
>So what are the alternatives, besides obviously encrypting your disks
>so it's harder to determine what's on them besides the plant,
>and the ever popular "don't let them find your physical location"?
>Perhaps the data haven can do the split and farm the data out to
>other data havens - but how do they know the data they're receiving
>is really a slice of contraband data instead of Yet Another Plant?
>It gets pretty convoluted.
>
>[* You can read about secret sharing in Schneier. ]
>				Thanks! 
>					Bill
>Bill Stewart, [email protected]
>PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639
>


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com