Writing for Inverse, Matthew Phelan says that a cryptographic ledger could hold the key to prevent surveillance dystopia.
When it comes to law enforcement requesting access to user data from tech companies, that number grows each year. Apple, Google, Facebook, Microsoft, and others are routinely subpoenaed for information.
We know how many requests these companies get every year, but that’s it. We don’t know how much private data is shared with law enforcement. Part of that is by design of course. Criminal cases might be compromised if we knew too much about how data sharing works. Jonathan Frankle, an MIT researcher, told Inverse:
It’s completely reasonable for government officials to want some level of secrecy, so that they can perform their duties without fear of interference from those who are under investigation. But that secrecy can’t be permanent … People have a right to know if their personal data has been accessed, and at a higher level, we as a public have the right to know how much surveillance is going on.
A potential solution is a cryptographic ledger similar to a blockchain. Mr. Frankle and others at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) are working on a system called the Accountability of Unreleased Data for Improved Transparency (AUDIT).
Next week they will present AUDIT at the USENIX Security conference in Baltimore. Here’s how the system works: When a judge issues a secret court order, or law enforcement asks a tech company for data, that action is combined with a series of publicly available cryptographic notifications.
It’s almost like PGP keys with encrypted email. The cryptography is tied to that court action, and also to the data handed over to them. So when these court records are eventually made public, the crypto-hash can be compared against the public ledger.
Additionally, watchdog groups could use the public ledge to pull statistical information out of the court system. That could be used to determine how the judicial system and law enforcement are using private user data.