"Better hope nothing happens to me" service.
Here's an interesting problem. In the movies we always see scenes where the good guy is fighting the Evil Conspiracy (EvilCon) and he tells them he's hidden the incriminating evidence with a friend who will release it to the papers if the good guy disappears under mysterious circumstances. Today EvilCon would just quickly mine your social networking platform to find all your friends and shake them down for the evidence.
So here's the challenge. Design a system so that if you want to escrow some evidence, you can do it quickly, reliably and not too expensively, at a brief stop at an internet terminal while on the run from EvilCon. Assume EvilCon is extremely powerful, like the NSA. Here are some of the challenges:
- You need to be able to pay those who do escrow, as this is risky work. At the same time there must be no way to trace the payment.
- You don't want the escrow agents to be able to read the data. Instead, you will split the encryption keys among several escrow agents in a way that some subset of them must declare you missing to assemble the key and publish the data.
- You need some way to vet escrow agents to assure they will do their job faithfully, but at the same time you must assume some of them work for EvilCon if there is a large pool.
- They must have some way to check if you are still alive. Regularly searching for you in Google or going to your web site regularly might be traced.
Some thoughts below...
There are many threat models of EvilCon, of course. For ordinary bad guys you can get away with simpler systems. The hiding company can simply pick some escrow agents at random, send them the info, and erase all knowledge of which ones were picked. They must take care that no accounting records reveal who got paid for escrow. If there are a very large number of escrow agents, it's OK if it's not too hard to figure out who agents are so long as its impossible to search them all.
The agents need not be human beings. They can just be computers waiting for a signal, or more likely the absence of a regular signed message posted in a very public place (like USENET) from you. Of course, you had better be sure to remember to post the message regularly. Don't go off the net for a month.
The fact that you hired the escrow service is not secret, in fact you want that to be provable, to scare Evilcon. As such the escrow service can send you regular reminders to post your "I'm still alive" message.
You might decide to make the system permanent, so you have no way to turn it off, or you might be able to turn it off later if you come to trust EvilCon again. Of course, if you can do this, they might find a way to force you to turn it off. Or try to get your key so they can fake being you. They might even torture you or loved ones to get that key. The only way to stop that is if you have at least some escrow agents who truly are checking for mysterious disappearances, etc. If you're not famous, this could be hard to do without leaving a trail, but you could have agents who just routinely download police reports, death certificates, missing persons etc.
Paying the escrow agents is hard. Paying them on they day they take the work seems out of the question as that would probably leave a trial to them. The government is trying hard to make it difficult to pay people anonymously. One idea I had would be to create a bank account with the fees in it, and then somehow send the agent an ATM card (with known PIN.) They can go to any ATM anywhere, with a ski mask, and get the money. Of course, you can just mail cash, or other instruments like bearer bonds. But you must be sure the record of where you sent them is wiped. An ideal system has the agency not even knowing who or where the escrow agents are, paying them in advance and somehow trusting them to do the job. Or you could send them cryptographic tokens which are not linked to the work but which can later be redeemed for money. They prove the agent did some work, but not what work.
However, all these complications make it harder to imagine the system I describe where you go to a web site, upload your secret encrypted file, distribute your key fragments and paypal $1,000 or less. It may be that the only way to do it cheaply is with machines doing most of the work and trusting the company to destroy the temporary records of how it all got set up.
Thoughts?
Comments
Jnsaff
Wed, 2006-05-03 08:23
Permalink
Why not make the regular
Why not make the regular payment as the notification that I'm still alive? If the escrow does not get the payment then the service is terminated and the information made public.
brad
Fri, 2006-05-05 02:38
Permalink
Payment not enough
Remember, unlike the traditional movie version, where the information is hidden in an unknown place, this modern computerized version actually provides proof that you have hidden the information to be revealed if you die. So unless the service confirms it is you when you pay, the bad guys could just pay for you.
lux
Sun, 2006-05-07 16:11
Permalink
Unless I'm misunderstanding
Unless I'm misunderstanding your challenge, this doesn't sound too hard to do. If your evidence can go onto the 'net, then all you need to do is set up a website that will take a page live on date/time X unless you log into the admin page and manually change the go-live date. IIRC, MovableType already has that kind of functionality out of the box, and even if they don't, it's a pretty trivial hack.
All you'd need is to set up and pay for a hosted website that isn't obviously tied to you. A bit more of a challenge, but if you could find a place that will allow you to pay cash for one of those preloaded Visa debit cards, then you could pay for the account without your actual name being attached it.
You're still vulnerable to being tortured into revealing the location/password, though.
brad
Sun, 2006-05-07 18:23
Permalink
The money flow is hard
Unless you truly can pay cash, it's hard to hide the money flow.
Plus, you may want a system which does not reveal the data when you truly die naturally. In that case, you might be able to disable it as you see yourself getting old, but it's better if other humans verify things. You would want to add emailing the press or other interested parties, but that's not hard.
However, another problem is the web hosting company has the real data, and you don't want anybody to have it until you release it. That's why you need a divided key. You could have several web hosts and divide the key up among them, and have them send it on d-day to the host that has the encrypted data.
However, there is a lot to be said for plans that use existing infrastructure. However, with most of those plans, you can't demonstrate that you really did hide the data in a place it will get revealed, which is your best insurance policy. Ideally you want them to be sure you really did it, but not able to get at it, and for the holders not to be able to read it.
Add new comment