[Cryptography] Hope Apple Fights This!

Henry Baker hbaker1 at pipeline.com
Thu Feb 25 17:00:36 EST 2016 

At 01:24 PM 2/25/2016, Jerry Leichter wrote:
>> I'd like to see cloud services that are located in multiple countries, but which never store more than a small % *of any one cust's data* in that particular country.  Think RAID (or in this case, Redundant Array of Independent Countries).
>
>The US is currently suing Microsoft to gain access to data stored only on a server in England.  If they win, where you put the data becomes irrelevant.
>
>Many countries are beginning to require that anyone doing business in that country store its data there.  The arguments are a bit different depending on where you are - the Europeans claim it's to protect their citizen's privacy by preventing the movement of their data to places where the privacy protections aren't as strong.  (It's been argued that the hidden forces behind these proposals are the intelligence services of those countries, which want to be able to get at their own citizen's data more easily.)
>
>Your proposal is akin to all sorts of notions of data havens that have been around for years.  None has produced anything much, and given the direction laws have been going, they are unlikely to do much now.

So let me understand: exactly *where* is my data?

If I have a file full of random numbers in country #1 and another file full of random numbers in country #2 and another file full of random numbers in country #3 and so on, so I guess my "data" is in *all* of the countries.

But only I know the function that will transform the data stored in all of these countries into a form that might actually be useful, so my "data" is also in *none* of the countries.

Now, there will also be hundreds/thousands/millions of files of random numbers that belong to other people, but may also visible to the world at large.

I am free to incorporate (or not) those files into my computation.  (Assume that the files are readonly/appendonly for the time being; it makes the system easier to contemplate.)

I have been thinking about a file system in which everyone's files are actually *public*, so Microsoft, e.g., would simply respond to every warrant with a browser manual and a "knock yourself out" email.

Having all bits public may actually make the whole thing more private, because everyone can take advantage of the randomness of everyone else's encrypted data.

More information about the cryptography mailing list