RTP Discussions

[sqeaky]

I think the idea of using cryptography to prove innocence is interesting. I also think it cannot work even if the cryptography and software is perfect.

For the same reason that no "Digital Rights Managment" ( DRM ) ( https://en.wikipedia.org/wiki/Digital_rights_management ) scheme can work. The "Analog Hole" ( https://en.wikipedia.org/wiki/Analog_hole ) insures that no matter how sound the encryption that videos, music and even the content of video games, which can have encryption embedded into them, must exist on the end users' device unencrypted at some point. Since the end user has physical access he ultimately controls the hardware. It only takes one end user to figure how to defeat a system for everything to spin out of the cryptographers control. Please see Sony XCP ( http://www.itproportal.com/2005/11/21/d ... icky-tape/ ) which cost millions and can be defeated by the users choice of scotch tape or permanent marker. Please see how Ubisoft's Assassin's Creed 2 always on DRM was defeated in 24 hours ( http://www.ps3news.com/PC-Tech/ubisofts ... -in-a-day/ ).

I will admit that these don't seem obviously related to secure identification and surveillance. It has to do with where the data is generated. Ultimately all information must be created and consumed outside of cryptographers domain. How is the information outside the encrypted system validated. Ultimately it will come down to a question of trust: "does the end user trust a data source?", not "will a court trust this source?" and certainly not "as an elected official will my constituents trust this source?".

I can lie to this system I can say that with confidence even though it does not exist yet. Even if devices must signed and certified before they talk can to it I will still be able to lie to it. I can damage the device, change its software, run it in debug mode to feed it my data or even replace parts with parts that will do my bidding. Me, personally, I can do and have done these things to electronics. A head of state will have access to millions of people at least as smart as me. Who would trust his devices?

This would become another opt-in security system where legitimate users get screwed, just like music and video game DRM. If I want a game for free no DRM can stop me. If I want to feed false data to a system on my equipment nothing can stop me. The people who choose not to educate themselves will trust that what it says is the only way, they are the ones who are blocked by DRM from copying their own songs and movies, they are the ones who will believe the technology cannot be defeated.

It is very hard to fix a social issue with technology. This is the wrong social issue and the wrong technology.

PS: Something I completely ignored is how difficult it is to get the populous to trust something that is trustworthy. Encrypting web traffic with TLS 1.2 works to the point where you can expect to keep the NSA out, but some people believe the silliest things about it. Some believe the NSA inserted backdoors, some think the keys are stored on a centralized server others don't even know to look for a little lock icon in their browser. What kind of misconceptions will people have about this system?

[HarryStottle]

The problem of trusted data creation is indeed a major issue and although - as you suggested - it is not directly tied to identity issues, it is fundamentally tied to "history" (given that all relevant events will either have been digitally created or recorded) and given that I've argued elsewhere that merely establishing someone's identity is meaningless unless you can also establish their history, I have to accept it is a major "overall" security issue.

It is particularly important in regard to my Trusted Surveillance proposals because it is vital when relying on digital footage to prove or disprove a claim, that we can trust the provenance of the footage. My own tentative proposals for dealing with that require the manufacturers of the principle recording devices to incorporate trust mechanisms into their devices. Here's a sketch of some of the ideas I've had to date.

If a device is to be trusted:
1 All such devices should have verifiably unique ids (which may take the form of a key chain, where two one time keys are embedded in each capture - a randomly selected "current" key and the previous key used - to provide chain of custody)
2 Users should have the option of embedding sundry metadata in any digital captures.
3 Those metadata (all optional) should include:
3.1 The device UID
3.2 A trusted timestamp marking the start of a capture
3.3 Geolocation data
3.4 User Identity Data
3.5 Brief User Narrative
4 Captures should be hashed and the hashes stored, with another trusted timestamp, preferably immediately but, at least, asap, on an Immutable Audit Trail

Of the above, the most important elements required to enhance trust are items 3.1,3.2 and 4.

The tricky bit is 3.2. Whereas it's easy to explain that an event could not have happened AFTER the upload of a timestamped hash, it's somewhat more difficult to prove that it could not have happened BEFORE the first timestamp. For this reason I'm suggesting the adoption of what I'm provisionally calling a "Kidnappers Protocol" timestamping system.

The idea is that we shouldn't trust - say - a youtube video of a UFO landing on the White House Lawn if we can't verify that the footage was not doctored prior to upload. Part of such verification is a straightforward forensic examination of the footage by experts in that field. But another route to assurance is by proving that there was no time for such doctoring to take place.

Lets say we have some footage which claims to have started at 1.15 pm and ended at 1.23 pm

The first thing we can check is whether a hash of the footage was uploaded at, or very soon after 1.23 pm. And does the footage still hash to the same value. If it does, then we can prove it hasn't been changed since. But that doesn't preclude fake footage having been created days earlier but only hashed and uploaded at 1.23 pm. How do we close that door?

My answer is that, to be trusted, every frame of the relevant footage must include the "kidnapper's hash". Or possibly a hash chain, where the first frame includes the kidnapper's hash, the second contains the hash of the first frame, the 3rd includes the hash of the 2nd etc (which proves sequence)

The kidnapper's hash is constructed by hashing data which could not have existed prior to the relevant time. (like the kidnapper sending a photograph of the victim holding the front page of today's Times or whatever)

How we achieve that is up for grabs. There are various "hash chained timestamping" authorities who would claim to have already done that but I would personally prefer something that any ordinary citizen could verify. What I have in mind is an agency that continually collects - say - the output of half a dozen major global news channels (BBC World, Al Jazeera, CNN, etc) and stores 60 second slices of them, hashes the result and timestamps it. These hashes are publicly posted and anyone who wants to incorporate them into data, just grabs them as required.

The recording devices would pick up the current hashes at the beginning of their captures (If the device is not a mobile phone, I'm anticipating that it's tethered to one) and incorporate those hashes into the data. In the event of any dispute, the trail leads back to video footage of international news footage which is as self verifying as the front page of a recognised newspaper.

That being done, we're in a position to prove that - whatever else may have been done - this footage could not have existed before the first timestamp and must have been concluded by the last one. That at least reduces the opportunity for post event manipulation. It doesn't, of course, eliminate that possibility that the event was staged or otherwise faked at said times. But it is a step in the right direction.

I'll add something on the other aspects of your argument later (real time digital fakery and citizen trust)

[HarryStottle]

I have a tentative answer to the real time digital fakery but it's only really applicable to video (which, conveniently, has separate frames, unlike, eg, audio). And it's quite simple - have a second camera watching the first, whose footage is protected in exactly the same way. Better still, like we occasionally have, by accident, with real news stories, an arrangement which involves both cameras capturing the meaningful action whilst in shot of each other.

For really serious protection (journalists, anyone taking footage designed to be an official record, citizens who don't expect to be believed etc), they could even share their hash chains, so that frame 2 of camera 2 includes not only the hash of frame 1 of but also of the most recent frame captured by camera 1 etc. I think this ought to work for any activity where there is real time physical activity which can be captured on camera.

Given the use of the kidnapper's hash and the uploading hash to restrict the time window for capture and manipulation, I'd be keen to hear how you think that arrangement could be compromised.

A key difference between the TS proposals and what you're criticising in the DRM world is that I'm only seeking to protect real time event capture. DRM situations, almost by definition, allow virtually unlimited access to the target with no fear of time restriction.

The citizen trust issue is one I'm wrestling with as we speak. In my view, the only way we can expect citizens to trust technologies of this kind is if they can arbitrarily prove that the process for any event has legitimately produced the results and authentication being claimed.

This implies arbitrary access to the audit trail (and, of course, the existence OF an audit trail) It also implies a much better interface than anyone has yet managed to master and much better plain language descriptions of the issues and their solutions than anyone has so far managed to master. I actually believe this could be at least as difficult as the technical solutions, so I certainly don't underestimate the problem.

[sqeaky]

[HarryStottle]