[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Data Vaults (vs. Data Havens)



Alan Bostick wrote:

> Pat Cadigan, in her novel SYNNERS, had the off-beat idea of having
> crucial data encoded into graphical images and tattooed onto the skins
> of beach bums.  
> 
> I've heard of worse ideas. . . .

She's a better novelist than an information theorist...

All the talk recently about data havens [secure storage variety] got
me to thinking. 

(In case you're wondering, I specified [secure storage variety]
becuase there seems to be some confusion, or at lest conflation, about
what a "data haven" does. Is it for selling illegal data publically?
Is it for storing sensitive material, privately? Something else?)

Anyway, for securely storing data that one wishes to be able to later
retrieve, but wishes thieves and authorities not to have, here are
some major possibilities:

1. The old stand-by. Keep copies of data at a friend's house. (This is
what I do, to guard against fires or thefts or ransackings by the
Thought Police.)

(Knowing where the stuff is stored is part of the "key" to getting it,
and only adds a few bits to the overall key lenth in most cases. That
is, not much security against a capable adversary, But fires are
usually pretty dumb, and cops not much smarter, so this works pretty
well.)

2. True secure storage, using a commercial service. Mineshafts, salt
domes, concrete buildings, etc. are commonly used for this. Corporate
records, etc. Pay a fee, store your files, etc. Of course, a subpoena
will get the data posthaste.

2A. Offshore secure storage, in a jurisdiction that will no honor
subpoenas form one's country. Lots of obvious issues here: bribery of
the vault, pressures applied locally, black bag jobs, etc.

3. Encryption, with either local or remote storage. 

3A. Encrypted, but local. This is by far the most common scenario, the
one most of us use all the time. Can the authorities force disclosure
of a key? I have a *lot* on this in my FAQ, so I won't repeat it here.
Basic conclusion: has not been tested, but it is unlikey that a
defendent who claims to have "forgotten" his passphrase, or who just
clams up, will get zapped for this, per se.

3B. Encrypted, offshore. Actually, this is similar to the above. If
the court can compell decryption, it can certainly compell retrieval
of files. And if it can't compell decryption, the files are no less
safe if stored locally.

(But I admit that the realities are not so simple. Offshore storage
offers some additionaal advantages. For one, "duress codes" that the
site owner in Belize that the person requesting the material, in LA,
is actually under duress. The site operator can then report back a
convenient "disk crash" and the authorities will be screwed. This
stratagem is harder to do cleanly in the U.S., for example, where the
site owner might be subpoenaed.)

4. Purloined Letter. Hide it in plain site. Steganography, in one of
your hundreds of DATs, or in GIFs and PICTs, etc. Without the key,
they won't know where it is.

(I've been pushing this since 1988, in postings on sci.crypt and
elsewhere. Romana Machado and others have implemented the image-based
version.) 

5. A variant is to use ftp sites. Encrypt the data and place it in an
ftp site that allows write access. Use remailers if you wish. Then,
your secret data is stored in encrypted, unidentifiable form on
someone else's computer, retrievable by you later.

(Lots of issues here. Our never-realized "anonymous anonyomous ftp"
capability could mean the storer would not even know what continent
the site was on.)

Well, these are just some of the ideas. Me, I stick to simply
encrypting sensitive files and keeping a couple of copies in safe
places. 

I don't think we ought to call these uses "data havens." Save the term
"data haven" for those places, in cyberspace or in real space, that
sell access to Nazi medical experiments, that sell illegal birth
control information, that buy weapons secrets, and so on. 

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
                       | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay