This is an assessment publication by Christopher Allen, pioneer and leader head of the Blockchain Commons.
Increasingly, lawyers in the United States are requesting that courts force the exposure of cryptographic confidential keys as a feature of revelation or other pre-preliminary movements, and progressively courts are consenting to those demands.
Though this is a somewhat ongoing peculiarity, it’s essential for a bigger issue of policing secondary passages to cryptography that returns basically to the U.S. government’s bombed presentation of the Clipper Chip in 1993.
Unfortunately, the present assaults on confidential keys in the court have been more effective, making an existential danger to advanced resources, information and other data safeguarded by computerized keys. That peril emerges from a key disengage between this training and the real factors of advancements that influence public-key cryptography for security: private-key exposure can inflict damage, including the deficiency of assets and the contortion of computerized identities.
As an outcome, we really want to help regulation that will safeguard computerized keys while permitting courts to get to data and resources such that better perceives those real factors. The private-key revelation regulation currently being considered in Wyoming is a great illustration of the kind of regulation that we could advance and supporter for to keep up with the appropriate security for our computerized resources and identities.
“No person shall be compelled to produce a private key or make a private key known to any other person in any civil, administrative, legislative or other proceeding in this state that relates to a digital asset, other interest or right to which the private key provides access unless a public key is unavailable or unable to disclose the requisite information with respect to the digital asset, other interest or right. This paragraph shall not be interpreted to prohibit any lawful proceeding that compels a person to produce or disclose a digital asset, other interest or right to which a private key provides access, or to disclose information about the digital asset, other interest or right, provided that the proceeding does not require production or disclosure of the private key.”
The Realities of Private Keys
The constrained exposure of private keys is profoundly unsafe on the grounds that it on a very basic level runs in conflict with how private keys work. Lawyers (and courts) are typically attempting to drive the exposure of data or (later) the surrender of resources, yet they’re treating private keys very much like they’re actual keys that they can interest, use and offer in return.
Private keys don’t match any of these real factors. As Wyoming State Legislature Senate Minority Leader Chris Rothfuss says:
“There is no perfect analog for a modern cryptographic private key in existing statute or case law; it is unique in its form and function. As we build a policy framework around digital assets, it is essential that we appropriately recognize and reflect the characteristics of the underlying public / private key and cryptographic technologies. Without clear, unambiguous legal protection for the sanctity of the private key, it is impossible to ensure the integrity of the associated digital assets, information, smart contracts and identities.”
That appropriation recognition and reflection requires us to understand that:
1. Private keys are not assets.
Private keys are fundamentally the way we exert authority in the digital space, an interface between our physical reality and the digital reality. They may give us the ability to control a digital asset: to store it, to send it or to use it. Similarly, they may give us the ability to decrypt protected data or to verify a digital identity. However, they are not the assets, the data nor the identity themselves.
It’s the obvious difference between your car and your electronic key fob. The one is an asset, while the other lets you control that asset.
As Jon Callas, Director of Technology Projects at the Electronic Frontier Foundation (EFF), says:
“They don’t even want the key, they want the data; asking for the key is like asking for the filing cabinet rather than the file.”
2. Private keys are not the proper tool for discovery.
Treating private keys as a tool to ensure the discovery of information fundamentally misunderstands their purpose. Private keys are not how we see something in digital space, but instead how we exert authority in digital space!
Turning back to comparisons, it’s the difference between a ledger and a pen. If you wanted accounting information, you’d ask for the ledger; you wouldn’t ask for the pen — especially not if it was a pen that allowed you to write undetectably in the handwriting of the accountant!
Former federal prosecutor Mary Beth Buchanan, when offering testimony in favor of Wyoming’s private-key disclosure law, said:
“The court could order a disclosure or an accounting of all the digital assets that are held, and then those assets could be disclosed and the location of whether they are held across different platforms or even different wallets. But giving the key is actually giving access to those assets. That is the difference.”
Fortunately, there is an electronic tool that meets the needs of discovery: public keys.
Wyoming has recognized that in their legislation, which says that a private key should never be required if a public key would do the job (and they parenthetically noted at hearings that their current understanding is that a public key will always do the job). If our concern is revealing information that will help to catch and prosecute criminals, then public keys are the answer.
3. Private keys are not physical.
Electronic private keys and physical keys are very different. A physical key could pass through many hands and there could be the expectation that it was very likely not duplicated (especially if it were a special key, such as a safe-deposit box key), and that when the key was returned to the original holder, they would once again have control of all of the linked assets. The same is not true for a private key, which could be easily duplicated by any of the many hands it passed through, with no way to ascertain that that had happened.
Returning to the example of a car’s key fob, it would not be appropriate to force the disclosure of the unique serial number stored within a car fob for the same reason it’s not appropriate to force the disclosure of a private key. Doing so would give anyone who gets that serial number the ability to create a new fob and steal your car!
4. Private keys serve many purposes.
Finally, private keys are likely to have a lot more purposes than physical keys, especially if a court decides to go after not just a specific private key, but the root key from an HD wallet or a seed phrase. Root keys (and seeds) might be used to protect a wide variety of assets as well as private data. They may also be used to control identities and to offer irrefutable proof that the owner agreed to something through digital signatures.
The authoritative uses of private keys are so wide and all-encompassing that it’s hard to come up with a physical equivalent. The closest analogy, which I explained at one of the Wyoming hearings, is that this would be like if a court demanded access to a hotel room by requiring the hotel’s master key, which can provide access to all rooms. But, a private key is more than that; it would be as if the court also required that someone with signatory powers at the hotel sign a bunch of blank contracts and blank checks. The potential for harm with the disclosure of a private key is just that high for someone who is using it for a variety of purposes — and there will be more and more people doing so as the importance of the digital world continues to increase.
The Realities Of Courts
Going beyond the fact that a private key is the wrong tool for courts and that it’s often being used in the wrong way, there are a number of other problematic realities related to the courts themselves and how and when they’re trying to access private keys.
5. Courts are not prepared to protect private keys.
To start with, courts don’t have the experience needed to protect private keys. This danger is made worse by the fact that a single private key is likely to pass through the hands of many different court staff over time.
But, this isn’t just about courts. The problem of creating safe ways to transfer private keys is far bigger. It’s something that the cryptographic field as a whole does not have good answers for. I attested in Wyoming that the “immense difficulties of transferring a private key are a risk that allows bearing of false witness.” Putting courts, without cryptocurrency expertise, in the middle of the problem could be catastrophic.
Perhaps cryptographers will resolve these issues in time, and perhaps someday courts will be able to share in that expertise if they decide doing so is a good use of their time and resources, but we need to consider keys whose disclosures are being forced now.
6. Courts are requiring premature disclosure.
The current situation with key disclosure is even more problematic because it’s occurring as part of discovery or other pre-trial motions. Discovery rulings are almost impossible to appeal which means that in today’s environment key holders have almost no recourse for protecting the token of their own authority in digital space.
7. Courts are more demanding of digital assets than physical assets.
We recognize that courts should be able to require the usage of a key. Compelling usage is nothing new, but the private key is not required for that; a simple court order is enough.
If someone refuses to use their private key in a way compelled by a court, that’s nothing new either. The physical world already has plenty of examples of people refusing such orders, such as by hiding assets or just refusing to pay judgements. They are handled with sanctions such as contempt of court.
Asking for more from the electronic world is an overreach of traditional judgements that also creates much greater repercussions.
The Repercussions Of Disclosure
Using the wrong tool for the wrong reasons and putting it in hands not ready to deal with it will have calamitous results. Here are some of the most obvious repercussions.
1. Asset Theft.
Obviously, there is a danger of the assets being stolen, as a private key gives total control over those assets. These assets could go far beyond the specifics of what a court is interested in because of the multitude of uses for keys.
2. Asset Loss.
Beyond the problem of purposeful theft, keys could be lost, and with them digital assets. Former federal prosecutor Mary Beth Buchanan raised this concern in her testimony, saying:
“Evidence is lost all the time.”
If that evidence was a private key, which might hold a variety of assets, information, and proofs of identity, the loss could be tremendous.
3. Collateral Damage.
Thefts or losses resulting from the disclosure of a private key could also go far beyond an individual before the court. Increasingly, assets are being held in multisignatures, which may grant multiple people control over the same assets. By requiring the disclosure of a key, a court could negatively impact people entirely unrelated to the proceedings.
4. Identity Theft.
Because private keys might also protect the identifier for digital identity, their loss, theft or misuse could put someone’s entire digital life at risk. If a key was copied, someone else could pretend to be the holder and even make digital signatures that are legally binding for them.
Support This Legislation
Protecting private keys is one of the most important things that Blockchain Commons has ever worked on. As I said:
“I find the insurances of this Private Key Disclosure bill urgent for the future of computerized rights.”
Wyoming State Legislature Senate Minority Leader Chris Rothfuss affirmed this, adding:
“Christopher Allen has been an invaluable member of our blockchain policy community, bringing a lifetime of technical expertise to advise our committee work and inform our legislative drafting. Mr. Allen has emphasized the particular importance of protecting private keys from any form of compulsory disclosure.”
We need your help to make it a reality.
If you’re an experienced member of the cryptocurrency or digital asset field or a human rights activist, please submit your own testimony in support of the Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology. The bill will be coming up for further discussion on September 19-20 in Laramie, Wyoming.
But, Wyoming is just the start. They are doing an excellent job of leading the way, but we need other states and countries to follow. If you have connections to another legislature, please suggest they introduce legislation with similar language to Wyoming’s bill.
Even on the off chance that you feel awkward conversing with a council, you can help by upholding for the security of private keys as something else than assets.
Ultimately, our new universe of advanced resources and advanced data will succeed or fall flat in view of how we establish today groundworks. It could turn into a place of refuge for us or a hazardous Wild West.
Properly safeguarding private keys (and involving public keys and different devices for genuine legal requirements) is a cornerstone that will assist us with building a solid edifice.
This is a visitor post by Christopher Allen. Suppositions communicated are completely their own and don’t be guaranteed to mirror those of BTC Inc or Bitcoin Magazine.
#Saving #Private #Keys #Courts