Law enforcement routinely secures orders requiring that tech companies hand over data, but the targets of those requests don’t always know if they’ve been under the microscope — especially if there were never charges in the first place. MIT’s CSAIL may have a way to hold officers more accountable for those decisions. Its researchers are developing a cryptography-based system that could help track these requests while still protecting investigations and police. AUDIT (Accountability of Unreleased Data for Improved Transparency) would require that law enforcers submit requests to a public ledger sometime after the fact using a “cryptographic commitment.” The approach would ensure that police and courts send all the right documents in a way the public can see, but would keep the agencies’ actions confidential.
AUDIT would also make it easier to track law enforcement surveillance at a larger scale. It would use multi-party computation (where different groups work on the same project) across higher and lower courts to disclose large volumes of info without asking institutions to share info between each other. You could get transparency into data requests without having to talk to multiple services.
The approach is still a proof of concept at this stage, although CSAIL is considering the possibility of working with federal judges to craft a real-world version. The team would also like to refine the system to handle more sophisticated requests.. However, the greater challenge may be getting support for the idea in the first place. Law enforcement is sometimes less than fond of transparency, and it may be reluctant to adopt a public ledger even if data showed up well after an investigation was over.
Source: IACR (PDF)