[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] plausible deniability

David Molnar writes:
> In one of the course meetings, this came up. The idea we were
> kicking around was a system in which a content publisher does the
> following:
> 	1. prepares the pads as Roger and David Madore have outlined
> 	(or more generally -- secret sharing) 
> 	Destroys the original secret. 
> 	2. performs a broadcast OT with a collection of servers.
> 	(whose identities may not necessarily be known to the publisher;
> 	c.f. Usenet)

This is similar to Matt Blaze's protocol for "oblivious multicast".
This was intended as an alternative to the key escrow proposals being
advanced a few years ago.  The idea was that you'd split your key
into many parts and then broadcast the pieces in such a way that you
wouldn't know who ended up with which piece.  Then if Society decided
that someone's secret key needed to be exposed, volunteers would reveal
their shares and the key could be reconstructed.  It is described in
his paper at http://www.crypto.com/papers/netescrow.pdf (or .ps).

> What still needs solving, however, is the retreival part. Because if
> retreival identifies specific pads on specific servers, you're toast
> under the DMCA. Also if retreival is too cumbersome to be used for 
> "useful" things such as, oh, online backups, the entire system may
> be vulnerable to challenge as a "pirate's tool." 

Right, the problem with OT is that no one knows where the shares are,
hence no one can reconstruct the data.

[Quoting Hal:]
> > Somehow you need to offer the judge a legitimate reason for continuing
> > to publish the pad.  You will be charged with doing it to help other
> > people infringe copyright.  You need to come up with a *convincing*
> > story for why you needed to publish that data, without admitting that
> > your intention was to help people break the law.
> There seem to be at least two approaches to answering this:
> 	1) Create a system in which a single pad is used for more
> 	than one message. Pad X on server Y can be XORed with 
> 	pad X' to yield a Britney Spears album...but it can also be
> 	XORed with X'' to yield the Declaration of Independence.
> 	Revoking or unpublishing pad X causes not only the infringing
> 	material to be removed, but lots of other material as well.

The problem with these and similar approaches is that you and I know
that in fact this whole system is being constructed so that we can keep
illegal documents around.  At the same time we need to have a plausible
story that says that no, this wasn't the reason for the design, but we
really did want to split up the shares for reasons X, Y and Z.

I'm not sure this shared-pads idea makes sense if your goals are fully
legal.  And likewise with the "location agnostic" approaches where
the servers can't really tell which pieces they hold and have to do
some kind of MPC to recover the data.  We need to come up with a good,
sound reason, something that would make sense as a *business* reason,
for storing data in this way.

Otherwise I still think the judge would just shut the whole thing down.