Scientists at the Massachusetts Institute of Technology have proposed a cryptographically powered system they say could help the public track court orders that let law enforcement access people’s digital data without disclosing too much information.
The system, dubbed Accountability of Unreleased Data for Improved Transparency, or AUDIT, would create a digital ledger of data requests where prosecutors would agree to make their requests public at a later date, assuming court approval. Right now, many court orders approving access to cloud data are designed to be only temporarily sealed, but prosecutors and judges often don’t go back to unseal them once cases are resolved, the scientists say. Digitally committing to unseal the requests would let members of the public track whether the documents are, in fact, later made public.
“While certain information may need to stay secret for an investigation to be done properly, some details have to be revealed for accountability to even be possible,” says graduate student Jonathan Frankle, one of the researchers on the team, in a statement. “This work is about using modern cryptography to develop creative ways to balance these conflicting issues.”
That means that aside from the transparency reports increasingly put out by tech companies that receive such data requests, it’s difficult to track what sort of data is being requested and how trends vary over time, by law enforcement agency and by judge. The system could also aggregate data by court and allow courts to put together statistics about data requests without revealing the substance of the requests, which naturally could tip off people under investigation.
Similar to the blockchains that power bitcoin and other cryptographic currencies, the ledger would be designed to be append-only, so previous entries couldn’t be removed, though the authors write that either a distributed ledger or a ledger maintained by one trusted party, such as the Supreme Court or a court administrative agency, could be used.
“It’s completely reasonable for government officials to want some level of secrecy, so that they can perform their duties without fear of interference from those who are under investigation,” Frankle says. “But that secrecy can’t be permanent. People have a right to know if their personal data has been accessed, and at a higher level, we as a public have the right to know how much surveillance is going on.”
The technology arrives as more U.S. police are turning to technologies like Stingray devices to conduct warrant-less and intrusive data collection. More communities too are demanding increased transparency from law enforcement agencies as well as enhanced oversight of surveillance technologies. In Seattle; Berkeley and Oakland, California; and Somerville, Massachusetts; and elsewhere, grassroots efforts have led to laws that now prevent local police from obtaining surveillance equipment without approval from local policymakers.
Related: Why Body Camera Programs Fail
The team behind the new disclosure system, based at MIT’s Computer Science and Artificial Intelligence Laboratory, also includes professor Shafi Goldwasser, CSAIL recent doctoral recipient Sunoo Park, undergraduate Daniel Shaar, and MIT principal research scientist Daniel J. Weitzner. They plan to present the research at the USENIX Security conference in Baltimore next week.
Future research could involve further evolution of the software and tests with federal judges in the hopes of developing a real-world prototype. Whether the federal court system, which has long been criticized for charging high fees to access court documents, will adopt a complex cryptographic ledger system to track surveillance requests remains to be seen.