USA PATRIOT Act Survives Amendment Attempt (fwd from brian-slashdotnews at hyperreal.org)
Thomas Shaddack
shaddack at ns.arachne.cz
Fri Jul 9 13:44:39 PDT 2004
On Fri, 9 Jul 2004, Steve Schear wrote:
> Quite a few book stores (including the local Half-Priced Books) now keep no
> records not required and some do not even automate and encourage their patron
> to pay cash. In California book sellers to such used/remaindered stores must
> identify themselves for tax purposes.
The Patriot gag orders lead me to a thought.
Is it possible to write a database access protocol, that would in some
mathematically bulletproof way ensure that the fact a database record is
accessed is made known to at least n people? A way that would ensure that
either nobody can see the data, or at least n people reliably know the
record was accessed and by whom?
When somebody comes with a paper and asks for the data, the one currently
in charge of the database has to give them out, and may be gag-ordered.
However, when way too many people know about a secret, which the protocol
should ensure, it's better chance it leaks out, and less likely to
identify the one person responsible for the leak, who could be jailed
then. Especially when at least one of n is outside of the reach of the
paws of the given jurisdiction.
The question is this: How to allow access to a specific file/db record in
a way that it can't be achieved without a specified list of parties (or,
for added system reliability, at least m of n parties) reliably knowing
about who and when accessed what record? With any attempt to prevent the
parties from knowing about the access leading to access failure?
Note a peculiarity here; we don't ask for consent of the parties (that
would be a different threat-response model), we only make sure they know
about it. (We can deny the access, when at least (n-m)+1 parties refuse to
participate, though.)
More information about the Testlist
mailing list