By Bitcoin 杂志 - 1 年前 - 阅读时间:10 分钟
从法院保存私钥
Courts and regulatory entities shouldn’t be allowed to impose their uninformed thoughts on Bitcoin private keys in the form of law.
This is an opinion editorial by Christopher Allen, founder and executive director of the Blockchain Commons.
*Quotes from this article stem from sources 此处 和 此处.
Increasingly, attorneys in the United States are asking courts to force the disclosure of cryptographic private keys as part of discovery or other pre-trial motions, and increasingly courts are acceding to those demands.
Though this is a relatively recent phenomenon, it’s part of a larger problem of law enforcement seeking back doors to cryptography that goes back at least to the U.S. government’s failed introduction of the Clipper芯片 。
Unfortunately, today’s attacks on private keys in the courtroom have been more successful, creating an existential threat to digital assets, data and other information protected by digital keys. That danger arises from a fundamental disconnect between this practice and the realities of technologies that leverage public-key cryptography for security: private-key disclosure can cause irreparable harm, including the loss of funds and the distortion of digital identities.
As a result, we need to support legislation that will protect digital keys while allowing courts to access information and assets in a way that better recognizes those realities. The private-key disclosure law 目前正在怀俄明州考虑 is an excellent example of the sort of legislation that we could put forth and advocate for in order to maintain the proper protection for our digital assets and identities.
“在本州与数字资产、其他利益或私钥相关的任何民事、行政、立法或其他程序中,不得强迫任何人出示私钥或将私钥告知任何其他人。除非公钥不可用或无法披露与数字资产、其他利益或权利相关的必要信息,否则提供访问权限。 本段不应被解释为禁止任何强制个人生产或披露由私钥提供访问权的数字资产、其他利益或权利或披露有关数字资产、其他利益或权利的信息的合法程序,但前提是程序不需要出示或披露私钥。”
私钥的现实
The forced disclosure of private keys is deeply harmful because it fundamentally runs at odds with how private keys work. Attorneys (and courts) are usually trying to force the disclosure of information or (later) the relinquishment of assets, but they’re treating private keys just like they’re physical keys that they can demand, use and give back.
Private keys do not match any of these realities. As Wyoming State Legislature Senate Minority Leader 克里斯·罗斯福斯 说:
"There is no perfect analog for a modern cryptographic private key in existing statute or case law; it is unique in its form and function. As we build a policy framework around digital assets, it is essential that we appropriately recognize and reflect the characteristics of the underlying public / private key and cryptographic technologies. Without clear, unambiguous legal protection for the sanctity of the private key, it is impossible to ensure the integrity of the associated digital assets, information, smart contracts and identities.”
这种拨款承认和反思要求我们理解:
1. 私钥不是资产。
私钥基本上是我们在数字空间中行使权力的方式,是我们的物理现实和数字现实之间的接口。 它们可能使我们能够控制数字资产:存储、发送或使用它。 同样,它们可能使我们能够解密受保护的数据或验证数字身份。 然而,它们不是资产、数据或身份本身。
这是您的汽车和电子钥匙链之间的明显区别。 一个是资产,而另一个让您控制该资产。
正如电子前沿基金会 (EFF) 技术项目总监 Jon Callas 所说:
“They don't even want the key, they want the data; asking for the key is like asking for the filing cabinet rather than the file.”
2. 私钥不是合适的发现工具。
Treating private keys as a tool to ensure the discovery of information fundamentally misunderstands their purpose. Private keys are not how we see something in digital space, but instead how we exert authority in digital space!
回到比较,这是分类帐和笔之间的区别。 如果你想要会计信息,你会要求分类帐; 你不会要钢笔——尤其是如果它是一支可以让你在会计师的笔迹中无法察觉地书写的钢笔!
前联邦检察官玛丽·贝丝·布坎南(Mary Beth Buchanan)在提供 见证 支持怀俄明州的私钥披露法,他说:
“法院可以下令披露或核算所持有的所有数字资产,然后可以披露这些资产以及它们是否跨不同平台甚至不同钱包持有的位置。 但提供密钥实际上是提供对这些资产的访问权限。 这就是区别。”
幸运的是,有一种电子工具可以满足发现的需要:公钥。
怀俄明州已经认识到,在他们的 立法, which says that a private key should never be required if a public key would do the job (and they parenthetically noted at hearings that their current understanding is that a public key will 时刻 do the job). If our concern is revealing information that will help to catch and prosecute criminals, then public keys are the answer.
3.私钥不是物理的。
电子私钥和物理密钥有很大不同。 物理钥匙可以通过许多人的手,并且可能期望它很可能不会被复制(特别是如果它是特殊钥匙,例如保险箱钥匙),并且当钥匙被归还给原始钥匙时持有人,他们将再次控制所有相关资产。 对于私钥而言,情况并非如此,它可以很容易地被它通过的许多人中的任何人复制,而无法确定是否发生了这种情况。
Returning to the example of a car’s key fob, it would not be appropriate to force the disclosure of the unique serial number stored within a car fob for the same reason it’s not appropriate to force the disclosure of a private key. Doing so would give 任何人 who gets that serial number the ability to create a new fob and steal your car!
4. 私钥有多种用途。
最后,私钥可能比物理密钥有更多的用途,特别是如果法院决定不仅要追踪特定的私钥,还要追踪 HD 钱包的根密钥或助记词。 根密钥(和种子)可用于保护各种资产和私人数据。 它们还可用于控制身份并提供无可辩驳的证据,证明所有者通过数字签名同意某事。
The authoritative uses of private keys are so wide and all-encompassing that it’s hard to come up with a physical equivalent. The closest analogy, which I explained at one of the Wyoming hearings, is that this would be like if a court demanded access to a hotel room by requiring the hotel’s master key, which can provide access to 所有 rooms. But, a private key is more than that; it would be as if the court also required that someone with signatory powers at the hotel sign a bunch of blank contracts 和 blank checks. The potential for harm with the disclosure of a private key is just that high for someone who is using it for a variety of purposes — and there will be more and more people doing so as the importance of the digital world continues to increase.
法院的现实
除了私钥对法院来说是错误的工具并且经常以错误的方式使用这一事实之外,还有许多与法院本身以及他们如何以及何时尝试访问私钥相关的其他问题现实.
5. 法院不准备保护私钥。
首先,法院没有保护私钥所需的经验。 随着时间的推移,单个私钥很可能会通过许多不同的法院工作人员的手,这一事实使这种危险更加严重。
但是,这不仅仅是关于法庭。 创建安全方式来传输私钥的问题要大得多。 这是整个密码学领域没有好的答案。 我在怀俄明州证明,“转移私钥的巨大困难是允许作假见证的风险。” 将没有加密货币专业知识的法院置于问题的中间可能是灾难性的。
Perhaps cryptographers will resolve these issues in time, and perhaps someday courts will be able to share in that expertise if they decide doing so is a good use of their time and resources, but we need to consider keys whose disclosures are being forced 现在.
6. 法院要求提前披露。
目前的关键披露情况更加成问题,因为它是作为发现或其他预审动议的一部分发生的。 发现裁决是 几乎不可能上诉 这意味着在今天的环境中,密钥持有者几乎没有办法在数字空间中保护他们自己的权威令牌。
7. 法院对数字资产的要求高于实物资产。
We recognize that courts should be able to require the 用法 of a key. Compelling usage is nothing new, but the private key is not required for that; a simple court order is enough.
如果有人拒绝以法庭强制的方式使用他们的私钥,那也不是什么新鲜事。 物理世界已经有很多人拒绝此类命令的例子,例如隐藏资产或拒绝支付判决。 他们受到诸如藐视法庭之类的制裁。
向电子世界索取更多是对传统判断的超越,也会产生更大的反响。
披露的后果
出于错误的原因使用错误的工具,并把它放在没有准备好处理它的手中,将会产生灾难性的结果。 以下是一些最明显的影响。
1. 资产盗窃。
显然,存在资产被盗的危险,因为私钥可以完全控制这些资产。 由于钥匙的多种用途,这些资产可能远远超出法院感兴趣的细节。
2. 资产损失。
除了有目的的盗窃问题之外,密钥可能会丢失,数字资产也会随之丢失。 前联邦检察官玛丽·贝丝·布坎南在她的 见证,他说:
"Evidence is lost all the time."
如果该证据是可能持有各种资产、信息和身份证明的私钥,那么损失可能是巨大的。
3. 附带损害。
因泄露私钥而导致的盗窃或损失也可能远远超出法庭上的个人。 越来越多的资产以多重签名的形式持有,这可能使多人控制相同的资产。 通过要求披露密钥,法院可能会对与诉讼程序完全无关的人产生负面影响。
4. 身份盗窃。
因为私钥还可以保护数字身份的标识符,它们的丢失、被盗或滥用可能会使某人的整个数字生活处于危险之中。 如果密钥被复制,其他人可以假装是持有者,甚至可以进行对他们具有法律约束力的数字签名。
支持这项立法
保护私钥是 Blockchain Commons 做过的最重要的事情之一。 就像我说的:
"I find the protections of this Private Key Disclosure bill crucial for the future of digital rights."
怀俄明州立法机关参议院少数党领袖克里斯·罗斯福斯肯定了这一点,并补充说:
“Christopher Allen 一直是我们区块链政策社区的宝贵成员,他带来了终生的技术专长,为我们的委员会工作提供建议并为我们的立法起草提供信息。 艾伦先生强调了保护私钥免受任何形式的强制披露的特殊重要性。”
我们需要您的帮助来实现它。
如果您是加密货币或数字资产领域的资深成员或人权活动家,请提交您自己的证词以支持 怀俄明州区块链、金融技术和数字创新技术特别委员会. 该法案将于 19 月 20 日至 XNUMX 日在怀俄明州拉勒米市进行进一步讨论。
但是,怀俄明州只是一个开始。 他们在引领道路方面做得非常出色,但我们需要其他州和国家效仿。 如果您与其他立法机构有联系,请建议他们通过 与怀俄明州法案类似的语言.
Even if you don’t feel comfortable talking with a legislature, you can help by advocating for the protection of private keys as something different than assets.
Ultimately, our new world of digital assets and digital information will succeed or fail based upon how we lay its foundations today. It could become a safe space for us or a dangerous Wild West.
Properly protecting private keys (and using public keys and other tools for legitimate judicial needs) is a keystone that will help us to build a sturdy edifice.
This is a guest post by Christopher Allen. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin 杂志。
原始来源: Bitcoin 杂志