The Secure Public Data Repository?

jducoeur writes "So Hailstorm has died an unlamented death. But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient. So here's a timely question looking for wild speculation: how would a truly secure, public data repository work? How would your data be stored? Would it be centralized or distributed? How would you grant access to specific elements within it? What would the business case for running such an archive be? Maybe if we can come up with a good design now, we can head off the next inevitable bad one..."

Why Public...

[Peridriga]

We already have systems such as SourceForge to handle programs and other CVS systems exist...

My data... public?

I don't think so... I'll buy another 100gig drive before sending it off over the net to a public storage facility..

If I wanted secure off-site storage, I would turn to Sea Land

20 Miles from anywhere and it doesn't respect any court of law in the world... So thats what I call secure (Even from the DMCA).

How I'd do this system! [registrars, trust models]

[vkg]

Firstly, all standards must be open and unencumbered.

Secondly, XML is the right way to do this for political not technical reasons. But still use XML.

Thirdly, and very importantly, all information held in the system is (C) the user, licensed under strict contract to the Information Repository to use. This is a protection against somebody buying the system if it becomes successful and changing the terms of service.

Fourthly, information has to be protected in three important ways:

• Every piece of information about you has to be accessable without linking it to any other piece of information about you (i.e. no Unique ID) - more on the technical aspects of this later.
  
• Every site/organization which wants access to your information must agree not to use it in conjunction with other public information to compile a profile of you.
  
• You must be able to revoke any and all information at any point.
  

Fifth, no unusual public key cryptography should be used in the system. SSH/SSL yes, PGP/GPG no - this is to protect from the government's ire. Symmetric key ciphers for protecting your own information (i.e. passwords) seem OK to me.

Sixth, two different sites/organizations, both accessing the same data about you, should not be able to tell from that request that they are accessing information about the same person: i.e. if A asks for your DOB, and B asks for it, they should not both be accessing UID234234.DOB. One scheme for this is that "permissions" are given to different organizations, of the form:

HASH (organization_pass_word + your_pass_word + your_unique_ID + index_of_data_you_wish_to_reveal + data_store_added_noise)

This protects your identity and prevents cross-correlation of different databases.

Seventh, the standard should work like email: standard infrastructure can provide a server, anybody can operate one, and you have control of your use of these systems. No single operator.

Eighth, and most importantly, none of this is worth shit without a constitutionally guaranteed right to privacy. Without that, any scheme can be forced over time into revealing more about users than they wish to reveal, either by legal, economic, social or political means.

Strong cryptography is nothing without strong laws, and strong laws are something without any cryptography at all. Support GeekPAC! (the Geek Political Action Committee

vkg.