The Times points out that Inspector Winter, the anonymous police blogger and Twitterer who made such a name for himself with his “front line” accounts of the London riots in the summer that he got commissioned by this newspaper for a first-person piece, is in fact not a policeman at all. He is a man called Ellis Ward, a 29-year-old fantasist and fraudster who is in jail for credit-card fraud and is under investigation for impersonating a police officer.[From The Times continues its tradition of revealing the identity of police bloggers – Telegraph Blogs]
Here is a perfect example of how cryptography can help. The newspaper needed proof that a blogger was a policeman, but should not be able to identify that policeman or collude with (potentially corrupt) third-parties to uncover the policeman’s identity. (The policeman will not blog if his identity can be uncovered but society as a whole is better off if he does.) How does psychic identity achieve this? It’s through a technique called “blinding”. This is not even remotely new or innovative: It’s twenty years since the cryptographer David Chaum published his seminal article in Scientific American on “Achieving Electronic Privacy” (August 1992, p.96-101) in which he said…
I have developed an extension of digital signatures, called blind signatures, that can restore privacy.[From Achieving Electronic Privacy]
The idea is this: Alice is a policewoman. She generates a random number: let’s call it her WHISTLEBLOWER key. She multiplies this by a number known only to her, the blinding factor, to form the blinded product. She signs the blinded product with her Police Federation key and sends it to them. They know she is a policewoman from the signature.
They extract the blinded product to make a new certificate containing the blinded product and sign it with their key to create an IS_A_POLICEOFFICER certificate which they send back to Alice. Alice divides out the blinding factor so that she now has an IS_A_POLICEOFFICER certificate that contains her WHISTLEBLOWER key but cannot be traced back to her.
Now, let’s say Alice has to prove to The Times that she is a police person. So she pops in to an internet cafe and creates a Hotmail account. She sends a message to The Times signed with the WHISTLEBLOWER key together with the IS_A_POLICEOFFICER certificate. The newspaper checks that the Police Federation’s signature is valid. It is, so they know that owner of the WHISTLEBLOWER key is, indeed a police officer. But even if they send the certificate to the Police Federation, they do not know who Alice is.
Now when the newspaper wants to communicate with Alice they encrypt the message using her WHISTLEBLOWER key and send it to her Hotmail address. Since Alice has the private key that belongs to the public WHISTLEBLOWER key, she is the only person in the world who can read the message. The message can be published on The Times website or in a blog or anywhere else. It doesn’t matter, because no-one else can decrypt the message. Under this kind of scheme, it would be very difficult to forge an e-mail because any newspaper you send it to would expect your to provide a certificate attesting some relevant attribute: that you are an MP or you are French or you have a Portugese fishing licence.
The forged email, sent in May, was subsequently “leaked” to the Independent newspaper, which exposed the message as a fake after attempting to trace the sender.[From Tory MP caught up in Syrian propaganda row with fake ‘colonialist’ email – Telegraph]
This may seem complicated, but it isn’t really and, what’s more, it could easily be under the hood. You could image seeing a menu on your phone that says “create a new identity” and then being offered the choice of a personal identity, a persona (an identity used to create pseudonyms) or a “whistle blowing” identity as described above. Perhaps this might be a corner of the new digital economy that it makes sense for newspapers (and other news sources that want to be trusted) to invest in. After all, they have a direct interest in sorting real from fake sources as well as a tradition of protecting those sources. Why not issue blinded certificates to sources and have them mutually-recognised by news organisations that belong to some kind of international OIX-style group?
Digitally-signed e-mail has been around for years and virtually no-one uses it. But perhaps using cryptography to prove who you are is not as interesting as using it to prove what you are.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers