[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Job for netescrow ? (was Secure anonymouse server protocol...

Peter Allan <[email protected]> writes on cpunks:
> In the talk about replyable nym-mailers I haven't
> yet seen netescrow mentioned.
> You DID all read this ?
> [Matt Blazes  Oblivious Key Escrow paper]
> This all hinges on a policy to be followed by archive holders defining
> the conditions under which they release their shares.  
> This could be receipt of a signed request from the owner (remailer).
> Maybe the table relating nyms to reply addresses could be stored in
> netescrow style so that captured remailers reveal nothing.  The problem
> of operator coercion is not addressed by this.

Just to clarify, if I understand correctly you are proposing a penet
style system with the database held in `netescrow'.

The remailer in normal operation has access to the database by making
requests satisfying the conditions of the secret share holders.

When the remailer is compromised the memory resident key is lost when
the machine is switched off, and the owner refuses to release the key.

Is what you are proposing?

It sounds like a cross between Matt's netescrow and Ross Anderson's
eternity file system.  Your penet database is being stored in a
distributed file system, with shares, and the identity of the share
holders is concealed.  However the aim is not to prevent others
censoring your publically available writings, but to allow a second
avenue of access only in the case of `mob cryptography'.

This changes the system over storing the database encrypted on the
remailer machines own disk in these ways:

1.  When the police shut down the remailer and ask the
    operator to hand over the key he can decline, but they
    can (theoretically) get the database from the netescrow,
    if they can convince enough share holders.

    If the police are unsucessful (seems likely) does this offer the
    operator much solice in his jail time for contempt of court, to
    know that he has a vote of confidence in the moral correctness of
    his decision from a population of the net?

    Does it offer him any legal benefit?  Are the share holders guilty
    of contempt also, does this lessen his guilt, and harshness of
    prosecution?  (Remember that the share holders identity and
    location are unkown to the operator, in the netescrow model, if I
    remeber rightly).

    I'm not sure how useful this part is, unless the possibility of
    `mob cryptography' is the desired feature.  I'd have thought an
    individual remailer operator would be more likely to fold than a
    group of anonymous crypto-anarchists.

2.  You could add the twist of an alternative duress key, that would
    stand a real chance of successfully nuking the database.  More

> Police investigations might apply "angry mob cryptanalysis" to find
> a sender - convincing a sizable number of operators that a crime had
> been committed with some particular piece of traffic.

3.  Negative comment on the system: TLAs have a vested interest in
    themselves being most of the share holders.  True of the ownership
    of the current remailers also of course.

Is the aim of allowing `mob cryptography' the desired feature?

If so this is NAK, `Net Access to Keys'.

Fine by me, as long as it's strongly voluntary :-)  (And hence useless
for it's forced access purposes).

NAK, is interesting in that it puts things to a vote, where the
parties are anonymous, they are on the net, so it's a Net
constitutency that gets to vote.  It seems less evil than GAK.

However I still have problems with it:

problem 1: subterfuge by TLAs, they'll try to become share holders in
a big way, and preventing them from doing this seems difficult without
Chaumian style is-a-person credentials, to prevent multiple voting.
Even with is-a-person TLAs would then target the credential issuer.
(Much the same as the TLAs are able to create fake credit histories,
identities, and so on currently).  Unless there is a way to do a
decentralised web of trust implementation of an `is a person'
credential in such a way that it is difficult for TLAs to target.

Perhaps it would be simpler to require a certain amount of ecash be
paid as a vote, set it high enough that no one can afford to abuse it,
TLAs included.

problem 2: free speech is free speech even if it's unpopular.  The
tyranny of the majority problem.  Non-voluntary NAK forces peer review
on every one, and just because some peoples views rate badly in a lot
of peoples eyes, doesn't mean they should be punished.

Perhaps this problem can be mitigated by constructing the shares such
that 99% of `is a person' checked votes certifying that they believe
they have evidence that the nym in question is in the throws of nuking
a major city for a ransom.

So what do cpunks think of Matt's `Oblivious Key Escrow', formulated
as NAK coupled with either is-a-person, or pay per vote to eliminate
the multiple voter problem.

It would force accountability and openess on our spooks, they have to
explain, document clearly, or at least present some real convincing

At the same time it would provide an argument against GAK, all
legitimate (in the publics eyes, what other opinions count, this is a
democracy isn't it) law enforcement needs met.

However these advantages are balanced against the tyranny of the
majority problem, which is better than tyranny by unaccountable TLAs,
but still a problem,

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1