Strong Privacy

[A.M. submitted some interesting ideas in the form of issues combined with his views on how they should be dealt with. Only the issues belong here—discussion is for class Tuesday—so I have rewritten those submissions accordingly.]

(A.M. + D.F.) In order to protect themselves, firms need to encrypt information both for transmission and for storage. This raises the risk that the firm could lose access to its own essential data by losing the keys needed to decrypt it, accidentally or otherwise. How might firms protect against that risk?

(A.M. + D.F.) In what other ways might firms want to make use of the technologies associated with strong privacy, and what technical or legal issues might they raise? If firms arrange to have encryption keys held by  third parties, are there ways in which the technology can be used to make sure the third parties do not use them to access information without authorization?

(A.M.) There is a constitutionally protected right to freedom of speech, and many have argued that anonymous/pseudononymous speech should be similarly protected. Even Benjamin Franklin published pseudononymously. But strong encryption can protect the transmission of money just as it protects the transmission of messages. Anonymous electronic commerce poses taxation and regulation problems. If the law distinguished between strong encryption used to secure communication and strong encryption used to secure commercial transactions, would this distinction have any meaning?

[A similar situation arose with JF; I seem to have been insufficiently clear about just what I wanted. In some cases I have truncated and slightly edited what he sent.]

(JF) During WWII reports claim Allied forces broke the German enigma code, yet despite having advance information of some attacks, Allied commanders did not give warnings for fear of revealing that the code had been broken. What legal issues might arise in similar circumstances, whether during war or peace, in the future, where an injury to A is permitted to take place in order to avoid revealing the possession of valuable information, such as the ability to decrypt, possessed by someone who might have prevented it?

(JF) If party A claims that strong privacy exists, and party B relies on the claim, does liability attach if the privacy is violated?  Does party B have a claim against party A?

(JF) Does a site like; <http://www.afn.org/~afn21533/rgdprogs.htm>http://www.afn.org/~afn21533/rgdprogs.htm
have liability if a company loses TradeSecret protection having used one of the posted codes if it is broken and the secrets exposed?

Does it matter if a "disclaimer of liability" does not appear on the page?

(JF) What is a reasonable time for the statute of limitations on the tort of privacy loss?
Two years?
Don't people have a much longer expectation?
Since we can't forecast technology process, how can any representation be made about the strength or weakness of any encryption method?

(JF) What role does insurance play, if loss occurs because encryption claims fail?
What insurance markets will develop as a result?

(JF) What do standards of reasonable security mean in quantum computing scenarios? Historically, "impracticability of decoding" in time and resources has been claimed to offer security. Yet the rate of global grid computing expansion shows that trillions of machine cycles are available on the internet to solve problems.

What is the measure of Strong Privacy, for example; 1 Teraflop-Decade?

(JF) The importance of channel monitor detection, at least today, is that it allows us to control three privacy elements:
1. A channel can be tested for monitoring, before initiating the message.
2. A message can be passed in units, with knowledge if the unit was monitored.
3. Unit level security assurance is perhaps all that can be done day, since it ensures that at most only one unit of the message may be intercepted.

Does the law need to treat the "channel" and "message" differently?


(DF) My private key somehow comes into the hands of a third party who uses it to impersonate me. What is my liability? Am I bound by agreements signed with my private key? Does it make sense, in this context, to distinguish between obligations of my cyberspace persona, enforced via private law (does a bond posted online in ecash forfeit, say) and obligations of my realspace persona? [Someone might find it interesting to do a search for old cases involving seals--physical objects used to authenticate documents.]

(DF) Suppose I give my private key to someone else--say my girlfriend. How does that affect my legal responsibility for documents signed with that key? Her responsibility if she passes it on to someone else--say her new boyfriend?

(DF) You are setting up a public key infrastructure--producing software for certifying agencies to produce certificates, for individuals to create, use and check keys, etc. How might you design it to minimize problems of this sort?

(DF) An obvious weakness of any system to protect privacy by encryption is its vulnerability to human error--individuals who reveal information that the system treats as secret, as in the example above. How might you design a system to minimize that risk?

(DF) The police have evidence that you have been engaged in some illegal enterprise such as gambling or drugs and have seized your computer--only to discover that all the files on it are encrypted. Under current law, can they penalize you for refusing to decrypt the documents? You might want to think about constitutional arguments for and against

(DF) Suppose Congress, frightened at the down side of strong privacy, passes a law forbidding anonymous online speech--perhaps by requiring all internet service providers to filter out any communication from their customer that is not digitally signed with a signature that checks against some official list of registered public keys.  

1. Under current law, what constitutional arguments can be made against the requirement?

2. As a technical matter, would such a requirement be enforceable?

(PYS) Currently in order to impliment electronic surveillance (in the form of Carnivore...) I believe a law enforcement agency (FBI...) must obtain the order of a proper court. However, they do not need to acquire in order to moniter the "subject line" of an email, or pen register/trap and trace (follow to who and from a party communicates with). However, with the usage of encryption in the subject line, and the usage of an anonymous remailer, it is clear that there would be an increased expectation of privacy. Therefore, what effect would this have on the ability of law enforcement agencies to electronically survey the subject line and who an individual commicates with without a court order?

(PYS) A virtual company designs a widget and anonymously contracts with another company to manufacture the widget. Shipments are made directly from the manufacturer, or from a warehouse that has also been contracted with anonymously. A purchaser is injured by a widget and seeks to sue for product liabilty (defective design). Can/should the manufacturer be held liable even though they had no involvement in the product design?

(PYS) As the number of people using remailers increases, it will become more expensive to provide such services, so anonymity may only come for a price. If e-cash based micro-payment schemes are successful, charging for anonymity seems even more likely. In such a scenario, can the anonymous remailer/rebrowser be held liable for hiding the identities of its users? [note that "can" has two relevant meanings--does the law permit it, and, if so, can it be done? Note also that "hiding" might mean "concealing information the remailer has" or "arranging not to have the information." D.F.]

(PYS) It is currently illegal to hack into a computer. Should an exception be made so plaintiffs may try to hack into an anonymous remailer so as to identify a defendant in law suit?

AM: Adam Marcus
 
DF: David Friedman

JF: John Figueroa

PYS: Previous Year Student

Some Relevant Law

Table of contents page

Course page

My Home Page