One of the great things about financial cryptography is that when we get things right, they can cause a chain-reaction of good things spreading to other areas. The canonical hash in the Ricardian Contract was just that: a catalyst that made the rest of the system leap forward in dramatic ways (is double-entry to triple-entry dramatic enough?).
But the downside of that work -- which remains unique it seems -- is that it underscored how delicate it was to find the balance between promise and workability. To achieve the contract fixing, which we called "the rule of one document," we had to reduce everything to text, and create a canonical format (to deal with spaces and newlines) of the hash.
Which means, no PDF. No DOC, no OpenOffice, nothing beyond plain ascii. (OK, we did succeed to extend to UTF-8, but XML was out.)
Now here comes some scientists trying to do it on video (thanks to JP for the tip):
On Tuesday a group of researchers at the University of Washington are releasing the initial component of a public system to provide authentication for an archive of video interviews with the prosecutors and other members of the International Criminal Tribunal for the Rwandan genocide. The group will also release the first portion of the Rwandan archive.This system is intended to be available for future use in digitally preserving and authenticating first-hand accounts of war crimes, atrocities and genocide.
Such tools are of vital importance because it has become possible to alter digital text, video and audio in ways that are virtually undetectable to the unaided human eye and ear.
Let's talk about video. (Looking at audio is more or less the same.) Firstly, by its very nature, it is inexact. That is, we can strip stuff out and it is still good; we can add stuff in and it is still good. Text is a little like that to a small extent, because wecanstripoutthespaces or add.in.some.dots and it still retains its essence. But there is a massive difference in scale: while transformation is strictly limited for text, it is very broad in video. More technically, canonicalisation can work in text, but can it work in video?
We can see this in the tools. If Microsoft Word opens a document, and changes a few things around, two things happen: one is that it changes some of the formatting because it thinks it knows better than you. If you hit save, then you are pretty much guaranteed to change the bytes of the document.
This alone should wipe it out for all the legal world, but it goes further: Microsoft Word encourages a transformation from text into DOC format, which includes vast numbers of things that can't be seen, can't be controlled, and cannot be understood. Wise lawyers now know that a Microsoft Word document is some legal text with a hidden treasure trove of secret clues attached.
The problem is complex, said Michael Lesk, a professor in the department of library and information science at Rutgers University, because not only must you be able to prove that the information has not changed in its original format, but you must also be able to prove that once the format is altered, the original digital hash is still valid.The Long Now Foundation is developing a software tool to easily convert documents between digital formats, said Stewart Brand, a co-founder of the project.
“The idea is to be able to change anything into anything else,” he said.
This transformation process happens in video, but with an added twist: those coincidental features that we don't want in Microsoft Word, we actually want in video. We really truly want them, so much so that OpenOffice is free and FinalCutPro retails above 1000 in major currencies. Why? Life in the video world is about applying transformations. So therefore, we work on a very big file with all the raw material in, because we want as much information as possible in order to the "process" it in a thousand ways. And then we compress it down to something usable:
After capturing five gigabytes of video in 49 interviews, the group began to work on a system that would make it possible for viewers to prove for themselves that the videos had not been tampered with or altered even if they did not have access to powerful computing equipment or a high-speed Internet connection.
Whoops! 5Gb is around 20 minutes of video, which implies strongly that they are already working with the compressed or processed imagery. Which brings us to the next point: You have to show the chain of evidence from the camera to the screen. Which means the camera has to attest, in real time, as to what it is doing.
Which also implies we don't need a tool, we need a standard that can be implemented into cameras, and interpreted by other tools. Which also means we need a non-lossy storage media, or a loss-resiliant hash, a time source, and all this built into the camera. We have practically none of those, at the current time.
How did we get around this difficulty in the financial cryptography? Well, we went outside the box and understood the contracts (yes, that "business"). The following is fairly subtle, and it has to be said that we didn't really understand everything we were doing at the time.
Where text beats video is that we the human can see text with our own eyes. In order to "see video data" and turn it into the image, we have to enter the Matrix, or Mercury Rising or other movie plots. We don't have that problem with text (until we start talking about UTF-8 or homographic domains).
What does this mean? Well, if we have the text of a contract in front of us, we can take it to the person who signed it and say, well, is this it? Did you sign *this document* with the emphasis on the second part of the sentence (cryptographers please note and think hard). After reading the entire document a confirmation can be given, especially with a lawyer to point out all the tricky bits.
With video, that doesn't work. Video is too complex, and there is no lawyer who can "read the video editing tricks". So any technical system that preserves the chain of evidence becomes a black box, like an electoral voting system. Which then sets us up for failure, because as soon as people realise the power of a believable magic black box, it will be perverted for gain.
Contracts can work with canonical hashes because the hashes and the humans work together, in business and in cooperation. If one of the hashes or the humans denies, the other goes wild trying to find out where the problem is. In contrast, in any badly constructed system of security, if the hash denies the video, the court will ignore it because there are "bugs in the system" and if the accused denies it, the court will ignore her because "there are no bugs in the system." Justice will not be done, mistakes will be made, losses mount, and eventually the public will lose faith in the system.
This is a tough problem. It is like a DRM system for good purposes. My hat is off to the guy who solves it, but we already showed that DRM doesn't work, in an economic, business, evidentiary or moral setting. Tough call to go where others have failed, but I guess that is all in a day's work for financial cryptography :)
Posted by iang at January 27, 2009 09:46 AM | TrackBackYou probably know this one ! ...
Back a few years, it was often possible to very simply LOOK INSIDE WORD DOCUMENTS, AND YOU WOULD SEE EARLIER VERSIONS of the letter in question, not to mention comments etc from the company creating the document!
this had to be one of the great security leaks of all time.
I remember once (must have been in the late 90s?) telling a client in NY, look you've accidentally left old version stuff "inside" this innocuous business letter, where you are talking about me, my competitors, your staff, costs, etc !!
Heh!
Msft MUST have improved this problem, but still.
Posted by: Jape at January 27, 2009 11:21 AM