Wed, 02 Jul 2008
Owner Free Filesystem
It seems that somebody finally got the eight years old idea of Schizzors (which is essentially a one-time-pad) with respect to the absurdities of the copyright law into something useful in a real world: meet the owner free file system.
The interesting feature is that in theory, you don't need to have the whole 2*n bytes of "random" data stored for retrieving n bytes of the data you want - the "truly random" seed can be reused to some degree: for example, if I want to store the files A and B (for the sake of simplicity suppose they have the same length of n bytes), you have to generate another n bytes of truly random data (let's call it C), and then store three files: A xor C, B xor C, and (for example) A xor B xor C. From them, either A, B or C can be retrieved, while all three stored files are "truly random" data, i.e. provably by themselves bear no relations to the original data A or B.
What this brings is not (only) an easy way to commit a copyright violation, but it allows the storage subsystem (i.e. a P2P network) to plausible deny the responsibility for the actual data they store, because they are truly random and bear no relation to the possibly copyrighted material. For example - I would happily offer my free hard disk space and bandwidth to some distributed computing project or whatever, but the risk of somebody storing a copyrighted material on my file system and then police seizing my computer is too high. With OFF client and protocol, the situation might be different, as no possibly copyrighted data is actually stored.
6 replies for this story:
I can't see any difference between XOR encryption and just other encryption from point of view of legality. If you dive into copyright law you will see it doesn't bring to you any benefits. The only difference is XOR is unbreakable teoretically, other strong encryption is unbreakable only practically. Local notes: In Czechia, server owner is not responsible for data somebody else stores or retrieves. In UK, you are obligated to reveal decrypted plain text disregarding wheter you know the key. In France, you are forbiden to use strong encryption. Desicion to seize your server and analyse it doesn't depend on your screams `I don't know the content'.
Yenya wrote: Re: petr_p
The problem is not in "encryption". The problem is that the three data files bear _no_ relation to the original file. You can safely say that it is just a redundant way to obtain file B, which is your personal photo collection, without having your photo collection on a set of untrusted servers. The fact that also file A can be obtained from them (if you know how to do it) can be completely hidden. So yes, if you publish the recipe how to obtain (copyrighted) file A, you are committing a crime in certain countries. But by distributing the three data files you are not. BTW, in .cz the server owner is not responsible, but probably has to comply with a takedown order. With OFF, the takedown order on each of the three files can be easily dismissed as unwarranted.
The three data files (OFF(A,B,C)) are related and you need permission to modify and share the modifications of original ones (A,B,C). If you haven't, you will infringe copyright law. So, once you do it, you are the bad guy. If you are asked to reveal all plain data and you show only B, then you lie a trick the justice. The only thing you can protect itself without breaking law in some countries is to reject revealing plain data at all. So I still don't see any argument why distribution of any file from OFF(A,B,C) separetelly or together could be legal.
In other words: A xor C is random noise from point of view of mathematics. However it's derivated work from point of view of legislation. So you have two points of view, both of them are fine but in contradiction. Guess which of them choose the judge.
Yenya wrote: A xor C
A xor C is not a derived work of anything (or, more precisely, in the same way it might be a derived work of everything). Think of it as a "compression" or better "file retrieval" algorithm: you have a world full of "random" blocks, and the "compressed file" is an algorithm saying "take block 123, 456, and 789, xor them, and you have the final file". This algorithm is actually the compressed file which you are prohibited to distribute under a copyright law. Not any single of the files 123, 456, 789 (esp. when you can also use some them for constructing different copyrighted files, possibly such that you own their copyright). As for the earlier comment (I don't know whether it was also yours) - in many countries including .cz you are not obliged to tell the truth (or event the whole truth) as a defendant in a criminal case. But then, we agree that publishing recipe how to obtain the copyrighted file A may be a crime. What I am trying to emphasize is that with OFF, publishing any of those random noise files separately is not a crime. So the mafiaa-like agencies would finally have to go against the real copyright infringers, and not against the storage providers.
petr_p wrote: Re: A xor C
"This algorithm is actually the compressed file which you are prohibited to distribute under a copyright law." – Then you can say any (encryption) algorithm is prohibited by law because it can be applied to some suitable data. However that's not true because you need data beeing processed by the algorithm. That means that only complete set of data together with algorithm can infringe law. But then you can say that sharing any data minus first bit is fine because it doesn't provide complete data. Then copyright holder can say he holds rights for first and second halfs of the data block. Then you can remove bit from every part of data block and this process can recurse to 1-bit long data subblocks. And that's obviously false because we forget on the order of data subblocks. But the order can be expressed as another data block and we have the same problem. Thus copyright law solves only obvious cases and requires some fuzzy level of similarity. And such obviousity is based on posibility to exhibe data decryption on the court. And here we go to the next part: "you are not obliged to tell the truth as a defendant in a criminal case" – No, you are obligated to say truth or to be quiet (in Czechia; in UK you it doesn't cover revealing encrypted data). You are not allowed to say lies. And final part: "agencies would finally have to go not against the storage providers" – That's true and Czech law sais storage providers has no reponsibility. Take down can be demand only by judge order.