Nowadays, it is no surprise that most of our private data is stored on our devices. Though, what is surprising is that every day there are tens of thousands of court orders requesting our private data. These types of data breaches are, in a sense, important. They do prevent crime and keep people safe. We also understand that these requests need to be secret so that investigations aren’t compromised.
However, the court orders are usually temporarily hidden from the public. Even when some results do emerge, it is impossible for the public to be sure that nobody tampered with them. Up until now, it seemed that the gap was impossible to overcome. It was necessary for data to be secret and yet public and protected from abuse. However, with the new technology of blockchain and cryptography MIT crypto aims to improve transparency amongst police and solve this problem.
The New System Called AUDIT
Modern cryptography can simultaneously achieve both accountability and secrecy. The system aims to increase the transparency and accountability of the Electronic Communications Privacy Act (ECPA), which allows law enforcement agencies to request data about users from tech companies.
On one side we need to make sure most of the records stay public. On the other, to maintain enough privacy for the police to do their jobs properly. The system that will enable that is called Accountability of Unreleased Data for Improved Transparency, or AUDIT for short.
The AUDIT’s design is around a public ledger where government officials can share information about data requests. When a law enforcement agency secretly requests data from a company, they have to make an unbreakable promise to make the data request public. They do that in the form of a “cryptographic commitment”. That means that a party cannot change the value or statement after they commit to it. The information about it stored on the system and the court decides if they have to release the correct documents to the public. If the courts decide not to, then the refusal will be public as well.
Methods of AUDIT’s operations
AUDIT makes sure the actions of law-enforcement agencies are consistent with what a court order actually allows. For example, if a court order leads FBI to Amazon to get the records about a specific customer, AUDIT can prove that the FBI’s request is legal using a cryptographic method called “zero-knowledge proofs.” It is a method by which one party can prove to another party that she knows a value x, without conveying any information apart from the fact that she knows the value x. A great way to understand that is by understanding some abstract examples. They are called “The Ali Baba cave” and “Two balls and a color-blind friend”.
Another element of AUDIT is that it aggregates statistical information so that that it can study the extent of surveillance at a larger scale. This way, the public can ask all sorts of tough questions about how they share the data. What kinds of cases are most likely to prompt court orders? How many judges issued more than 100 orders in the past year? How many issued more than 10 requests to Facebook this month?
Utilizing multi-party computation, higher and lower courts can disclose information, skipping the institutional middleman, and grant the public transparency into data requests. Therefore, anyone using blockchain can rest assured. Once you record something on a blockchain, it is going to be safe and secure. This system is still a work in progress. However, MIT hopes to work with federal judges to build a real-world version in the near future.