This is an opinion editorial by Christopher Allen, founder and executive director of the Blockchain Commons.
*Quotes from this article stem from sources here and here.
Increasingly, attorneys in the United States are asking courts to force the disclosure of cryptographic private keys as part of discovery or other pre-trial motions, and increasingly courts are acceding to those demands.
Though this is a relatively recent phenomenon, its part of a larger problem of law enforcement seeking back doors to cryptography that goes back at least to the U.S. governments failed introduction of the Clipper Chip in 1993.
Unfortunately, todays attacks on private keys in the courtroom have been more successful, creating an existential threat to digital assets, data and other information protected by digital keys. That danger arises from a fundamental disconnect between this practice and the realities of technologies that leverage public-key cryptography for security: private-key disclosure can cause irreparable harm, including the loss of funds and the distortion of digital identities.
As a result, we need to support legislation that will protect digital keys while allowing courts to access information and assets in a way that better recognizes those realities. The private-key disclosure law currently being considered in Wyoming is an excellent example of the sort of legislation that we could put forth and advocate for in order to maintain the proper protection for our digital assets and identities.
Wyoming Senate Filing 2021-0105
No person shall be compelled to produce a private key or make a private key known to any other person in any civil, administrative, legislative or other proceeding in this state that relates to a digital asset, other interest or right to which the private key provides access unless a public key is unavailable or unable to disclose the requisite information with respect to the digital asset, other interest or right. This paragraph shall not be interpreted to prohibit any lawful proceeding that compels a person to produce or disclose a digital asset, other interest or right to which a private key provides access, or to disclose information about the digital asset, other interest or right, provided that the proceeding does not require production or disclosure of the private key.
The forced disclosure of private keys is deeply harmful because it fundamentally runs at odds with how private keys work. Attorneys (and courts) are usually trying to force the disclosure of information or (later) the relinquishment of assets, but theyre treating private keys just like theyre physical keys that they can demand, use and give back.
Private keys do not match any of these realities. As Wyoming State Legislature Senate Minority Leader Chris Rothfuss says:
"There is no perfect analog for a modern cryptographic private key in existing statute or case law; it is unique in its form and function. As we build a policy framework around digital assets, it is essential that we appropriately recognize and reflect the characteristics of the underlying public / private key and cryptographic technologies. Without clear, unambiguous legal protection for the sanctity of the private key, it is impossible to ensure the integrity of the associated digital assets, information, smart contracts and identities.
That appropriation recognition and reflection requires us to understand that:
1. Private keys are not assets.
Private keys are fundamentally the way we exert authority in the digital space, an interface between our physical reality and the digital reality. They may give us the ability to control a digital asset: to store it, to send it or to use it. Similarly, they may give us the ability to decrypt protected data or to verify a digital identity. However, they are not the assets, the data nor the identity themselves.
Its the obvious difference between your car and your electronic key fob. The one is an asset, while the other lets you control that asset.
As Jon Callas, Director of Technology Projects at the Electronic Frontier Foundation (EFF), says:
They don't even want the key, they want the data; asking for the key is like asking for the filing cabinet rather than the file.
2. Private keys are not the proper tool for discovery.
Treating private keys as a tool to ensure the discovery of information fundamentally misunderstands their purpose. Private keys are not how we see something in digital space, but instead how we exert authority in digital space!
Turning back to comparisons, its the difference between a ledger and a pen. If you wanted accounting information, youd ask for the ledger; you wouldnt ask for the pen especially not if it was a pen that allowed you to write undetectably in the handwriting of the accountant!
Former federal prosecutor Mary Beth Buchanan, when offering testimony in favor of Wyomings private-key disclosure law, said:
The court could order a disclosure or an accounting of all the digital assets that are held, and then those assets could be disclosed and the location of whether they are held across different platforms or even different wallets. But giving the key is actually giving access to those assets. That is the difference.
Fortunately, there is an electronic tool that meets the needs of discovery: public keys.
Wyoming has recognized that in their legislation, which says that a private key should never be required if a public key would do the job (and they parenthetically noted at hearings that their current understanding is that a public key will always do the job). If our concern is revealing information that will help to catch and prosecute criminals, then public keys are the answer.
3. Private keys are not physical.
Electronic private keys and physical keys are very different. A physical key could pass through many hands and there could be the expectation that it was very likely not duplicated (especially if it were a special key, such as a safe-deposit box key), and that when the key was returned to the original holder, they would once again have control of all of the linked assets. The same is not true for a private key, which could be easily duplicated by any of the many hands it passed through, with no way to ascertain that that had happened.
Returning to the example of a cars key fob, it would not be appropriate to force the disclosure of the unique serial number stored within a car fob for the same reason its not appropriate to force the disclosure of a private key. Doing so would give anyone who gets that serial number the ability to create a new fob and steal your car!
4. Private keys serve many purposes.
Finally, private keys are likely to have a lot more purposes than physical keys, especially if a court decides to go after not just a specific private key, but the root key from an HD wallet or a seed phrase. Root keys (and seeds) might be used to protect a wide variety of assets as well as private data. They may also be used to control identities and to offer irrefutable proof that the owner agreed to something through digital signatures.
The authoritative uses of private keys are so wide and all-encompassing that its hard to come up with a physical equivalent. The closest analogy, which I explained at one of the Wyoming hearings, is that this would be like if a court demanded access to a hotel room by requiring the hotels master key, which can provide access to all rooms. But, a private key is more than that; it would be as if the court also required that someone with signatory powers at the hotel sign a bunch of blank contracts and blank checks. The potential for harm with the disclosure of a private key is just that high for someone who is using it for a variety of purposes and there will be more and more people doing so as the importance of the digital world continues to increase.
Going beyond the fact that a private key is the wrong tool for courts and that its often being used in the wrong way, there are a number of other problematic realities related to the courts themselves and how and when theyre trying to access private keys.
5. Courts are not prepared to protect private keys.
To start with, courts dont have the experience needed to protect private keys. This danger is made worse by the fact that a single private key is likely to pass through the hands of many different court staff over time.
But, this isnt just about courts. The problem of creating safe ways to transfer private keys is far bigger. Its something that the cryptographic field as a whole does not have good answers for. I attested in Wyoming that the immense difficulties of transferring a private key are a risk that allows bearing of false witness. Putting courts, without cryptocurrency expertise, in the middle of the problem could be catastrophic.
Perhaps cryptographers will resolve these issues in time, and perhaps someday courts will be able to share in that expertise if they decide doing so is a good use of their time and resources, but we need to consider keys whose disclosures are being forced now.
6. Courts are requiring premature disclosure.
The current situation with key disclosure is even more problematic because its occurring as part of discovery or other pre-trial motions. Discovery rulings are almost impossible to appeal which means that in todays environment key holders have almost no recourse for protecting the token of their own authority in digital space.
7. Courts are more demanding of digital assets than physical assets.
We recognize that courts should be able to require the usage of a key. Compelling usage is nothing new, but the private key is not required for that; a simple court order is enough.
If someone refuses to use their private key in a way compelled by a court, thats nothing new either. The physical world already has plenty of examples of people refusing such orders, such as by hiding assets or just refusing to pay judgements. They are handled with sanctions such as contempt of court.
Asking for more from the electronic world is an overreach of traditional judgements that also creates much greater repercussions.
Using the wrong tool for the wrong reasons and putting it in hands not ready to deal with it will have calamitous results. Here are some of the most obvious repercussions.
1. Asset Theft.
Obviously, there is a danger of the assets being stolen, as a private key gives total control over those assets. These assets could go far beyond the specifics of what a court is interested in because of the multitude of uses for keys.
2. Asset Loss.
Beyond the problem of purposeful theft, keys could be lost, and with them digital assets. Former federal prosecutor Mary Beth Buchanan raised this concern in her testimony, saying:
"Evidence is lost all the time."
If that evidence was a private key, which might hold a variety of assets, information, and proofs of identity, the loss could be tremendous.
3. Collateral Damage.
Thefts or losses resulting from the disclosure of a private key could also go far beyond an individual before the court. Increasingly, assets are being held in multisignatures, which may grant multiple people control over the same assets. By requiring the disclosure of a key, a court could negatively impact people entirely unrelated to the proceedings.
4. Identity Theft.
Because private keys might also protect the identifier for digital identity, their loss, theft or misuse could put someones entire digital life at risk. If a key was copied, someone else could pretend to be the holder and even make digital signatures that are legally binding for them.
Protecting private keys is one of the most important things that Blockchain Commons has ever worked on. As I said:
"I find the protections of this Private Key Disclosure bill crucial for the future of digital rights."
Wyoming State Legislature Senate Minority Leader Chris Rothfuss affirmed this, adding:
Christopher Allen has been an invaluable member of our blockchain policy community, bringing a lifetime of technical expertise to advise our committee work and inform our legislative drafting. Mr. Allen has emphasized the particular importance of protecting private keys from any form of compulsory disclosure.
We need your help to make it a reality.
If youre an experienced member of the cryptocurrency or digital asset field or a human rights activist, please submit your own testimony in support of the Wyoming Select Committee on Blockchain, Financial Technology and Digital Innovation Technology. The bill will be coming up for further discussion on September 19-20 in Laramie, Wyoming.
But, Wyoming is just the start. They are doing an excellent job of leading the way, but we need other states and countries to follow. If you have connections to another legislature, please suggest they introduce legislation with similar language to Wyomings bill.
Even if you dont feel comfortable talking with a legislature, you can help by advocating for the protection of private keys as something different than assets.
Ultimately, our new world of digital assets and digital information will succeed or fail based upon how we lay its foundations today. It could become a safe space for us or a dangerous Wild West.
Properly protecting private keys (and using public keys and other tools for legitimate judicial needs) is a keystone that will help us to build a sturdy edifice.
This is a guest post by Christopher Allen. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
Read the rest here:
Saving Private Keys From The Courts - Bitcoin Magazine
- Nexus Of Mathematics, Cryptography, Blockchain Will Redefine Technological Innovation Expert - New Telegraph Newspaper - May 15th, 2024
- What is the purpose of post-quantum cryptography? - Security Boulevard - March 21st, 2024
- Quantum Computing and Networking Poised to Revolutionize Cryptography - BroadbandBreakfast.com - March 21st, 2024
- TM Technologies and Quantum Resistant Cryptography Team Up to Increase Speed and Security of 5G/6G, Satellite ... - Yahoo Finance UK - March 5th, 2024
- Cryptology | Definition, Examples, History, & Facts | Britannica - February 1st, 2024
- What Is Moore's Law, And How Does It Impact Cryptography? - Blockchain Magazine - January 24th, 2024
- Cryptography 101: Key Principles, Major Types, Use Cases ... - Splunk - December 11th, 2023
- Federal agencies take 'most important' first step with inventorying cryptography ahead of quantum migration, OMB ... - FedScoop - December 11th, 2023
- What is Cryptography? - Cryptography Explained - AWS - January 30th, 2023
- What is Cryptography? Definition, Importance, Types | Fortinet - January 22nd, 2023
- What is cryptography? How algorithms keep information secret and ... - CSO - January 22nd, 2023
- What is Cryptography? Definition from SearchSecurity - January 22nd, 2023
- System.Security.Cryptography.CryptographicException: The payload was ... - December 28th, 2022
- NIST Action Will Heat Up Post-Quantum Cryptography Market: Report - TechNewsWorld - December 12th, 2022
- Global Encryption Day: Why quantum-safe cryptography is the future of cybersecurity - World Economic Forum - October 23rd, 2022
- Post-Quantum Cryptography: Anticipating Threats and Preparing the Future - ENISA - October 23rd, 2022
- Cracking the code of cryptography and life The Irish Times - The Irish Times - October 15th, 2022
- Dutch influence standards for post-quantum cryptography - ComputerWeekly.com - October 15th, 2022
- Castle Shield Holdings, LLC Updates the Post-Quantum Cryptography (PQC) Algorithms for Its Data-in-Motion Aeolus VPN Solution - Business Wire - October 15th, 2022
- Yale increases investment in blockchain research - Yale Daily News - October 15th, 2022
- OPPO joins the FIDO Alliance, accelerating the arrival of a new era of passwordless sign-ins - Yahoo Finance - October 15th, 2022
- It's Time To Trust Crypto. Here's Why. - Entrepreneur - October 15th, 2022
- Algorand (ALGO) on its journey to breach the $0.4 mark! - CryptoNewsZ - October 15th, 2022
- Crypto Hackers Gross Over $3 Billion From 125 Hacks so Far This Year Featured Bitcoin News - Bitcoin News - October 15th, 2022
- Bitt and IDEMIA: Winners of the G20 Central Bank Digital Currency TechSprint 2022 - Yahoo Finance - October 15th, 2022
- White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets - Lexology - October 15th, 2022
- The Web3 Foundation taps edX for free courses on blockchain and Polkadot - Cointelegraph - October 15th, 2022
- CoinGeek Weekly Livestream: Jad Wahab and Marcin Zarakowski discuss honest nodes and their role in Bitcoin - CoinGeek - October 15th, 2022
- What Is Cryptography? Definition & How It Works | Okta - October 7th, 2022
- What Is Cryptography in Cyber Security: Types, Examples & More - October 7th, 2022
- Decentralized Identifiers (DIDs) is Officially an Internet Standard, Says The World Wide Web Consortium (W3C) - bitcoinke.io - October 7th, 2022
- Cloudflares post-quantum cryptography protects almost a fifth of the internet - VentureBeat - October 7th, 2022
- Nobel Prize in Physics goes to scientists who paved the way for quantum computing - Space.com - October 7th, 2022
- The 2nd Annual Encryption Consulting Conference is Back! - PR Newswire - October 7th, 2022
- Quantum Computing And The Threat Posed To Bitcoin - The Dales Report - October 7th, 2022
- Cryptocurrency users with gambling affinity are more involved mentally and financially than non-gambling users - PsyPost - October 7th, 2022
- Cardano (ADA) and Algorand (ALGO) Are Two Blockchains To Watch Next Bull Cycle, Says Coin Bureau Here?... - The Daily Hodl - October 7th, 2022
- The Guardian view on the Rosetta Stone: a monument to code-breaking - The Guardian - October 7th, 2022
- Still think everything is awful? Here are three reasons for hope - Colorado Newsline - October 7th, 2022
- Sleep Disorders And Quantum Cryptography Win Big At The Breakthrough Prizes 2023 - IFLScience - September 29th, 2022
- Lecturer in Cryptography job with KINGS COLLEGE LONDON | 310005 - Times Higher Education - September 29th, 2022
- Microsoft venture fund M12 invests millions in advancing cryptography and 'smart contracts' - OnMSFT.com - September 29th, 2022
- Sectigo's Chief Strategy Officer and CISO Advisor David Mahdi Accepted To Fast Company Executive Board - StreetInsider.com - September 29th, 2022
- Fundamental Cryptography in Theory and Python - iProgrammer - September 21st, 2022
- Web Crypto API - Web APIs | MDN - Mozilla - September 21st, 2022
- Cryptomathic appoints Laurent Lafargue as CEO of the pioneer in cryptography - FinanceFeeds - September 21st, 2022
- Blockchain and POW are the leading technology behind Bitcoin. - Deadline News - September 21st, 2022
- NTT Research Names Takashi Goto Head of the Technology Promotion Team - Business Wire - September 21st, 2022
- Investigating the Use of Blockchain to Authenticate Data from the Statistics Canada Website - Statistique Canada - September 21st, 2022
- 6 Technological Innovations in the New York Sports Betting Industry - Qrius - September 21st, 2022
- EMVCo reports on the future of contactless payments - NFC World - September 13th, 2022
- Quantum eMotion to Present at the H.C. Wainwright 24th Annual Global Investment Conference in New York - Digital Journal - September 13th, 2022
- The emerging role of cybersecurity in the automotive sector - The Financial Express - September 13th, 2022
- Jack Dorseys Web5 is a solution to a problem thats already been solved - VentureBeat - September 5th, 2022
- What is Cryptography in security? What are the different types of ... - September 5th, 2022
- RKVST Launches RKVST Free and RKVST Team SaaS Supply Chain Integrity, Transparency and Trust Solution - Business Wire - September 5th, 2022
- The United States Is Behind the Curve on Blockchain - War on the Rocks - September 5th, 2022
- $3.7 Billion Worldwide Blockchain in Retail Industry to 2027 - Featuring Cognizant, Infosys and Oracle Among Others - ResearchAndMarkets.com -... - September 5th, 2022
- Research Fellow in Applied Cryptography And Data Security job with UNIVERSITY OF SURREY | 306274 - Times Higher Education - August 28th, 2022
- ASPG, Inc. Announces Release of CryptoZ, Innovative New z/OS Cryptography Reporting and Administration Sy - Benzinga - August 28th, 2022
- UN: monitoring the use of cryptography can make the Internet safer - The Cryptonomist - August 20th, 2022
- Keyfactor Named to the 2022 Inc. 5000 List for Third Consecutive Year and Recognized as the Fastest Growing PKI and Cryptography Leader in America -... - August 20th, 2022
- Cryptography 101: Giving a framework to the brimming blockchain businesses of India - Times of India - August 20th, 2022
- Godfather of Crypto expresses concerns over current state of blockchain privacy - CryptoSlate - August 20th, 2022
- Nine Benefits of FIDO Authentication | HYPR - Security Boulevard - August 20th, 2022
- Now That Authorities Have Sanctioned Tornado Cash, Is Bitcoin Next? - Bitcoin Magazine - August 20th, 2022
- Meet the world's first carbon-negative blockchain - wknd. - August 20th, 2022
- 'FutureFi': Crypto is transforming the green finance universe | Greenbiz - GreenBiz - August 20th, 2022
- Philippine Regulator Warns the Public of Engaging With Foreign Crypto Service Providers Regulation Bitcoin News - Bitcoin News - August 20th, 2022
- What Is Cryptography: Definition and Common Cryptography Techniques - August 12th, 2022
- What is Cryptography? Types of Algorithms & How Does It Work? - August 12th, 2022
- What is Cryptography? - Kaspersky - August 12th, 2022
- Former Google CEO: Bitcoin is a remarkable achievement of cryptography - The Cryptonomist - August 12th, 2022
- Protect your privacy with cybersecurity and cryptography - Geeky Gadgets - August 12th, 2022
- NTT Research and NTT Corporation Engage in Breakthrough Research at Crypto 2022 - Business Wire - August 12th, 2022
- Can WhatsApp messages be secure and encryptedbut traceable at the same time? - EurekAlert - August 12th, 2022
- Why 2023 is the year of passwordless authentication - TechTarget - August 12th, 2022
- Sony unveils a new way to protect images from theft, manipulation - Popular Photography - August 12th, 2022
- Cameron Whitehead wins again, taking top honors in the CyberForce Program's Conquer the Hill Reign Edition Competition - EurekAlert - August 12th, 2022
- Criminals steal $4 million from Solana as theft trend hits its crypto blockchain - SC Media - August 12th, 2022