Private Registers and The Jackal Run? (aka Government Blockchains part 3)

That a technique is considered an abomination by civil society has never been seen by the Home Office as a reason not to use it. The “Jackal Run” is the process by which Home Office/Police staff find the identities of dead children to reuse them to deceive members of the public.

Digital registers provide accountability of all actions. With digital tools to verify identity, the Mary Shelly’s in the Home Office want to digitally enable all their current policies. Part of this will come out in the Cabinet Office’s digital economy consultation at the end of next week, in the section around digitising the General Register Office.

As long as the Home Office insists the Jackal Run continues, any use should be amongst the most tightly audited. When it ceases, that same mechanism should ensure the abolition is provable to those responsible for enforcement. (As a related aside, it will be interesting to see if RIPA Part II is covered by Recommendation A of this week’s ISC report).

There are many times that Official Truth has been changed, after rule of law processes that must continue to be honoured.

 

Summary

However Government decides to look at Private Registers, there are two test cases they will have to examine:

  • How would the case of the Birmingham Six be represented at all stages?
  • How will the Jackal Run be audited?

Will there be cryptographic knowledge of who changed what when, or will the mantra be “Trust the Home Office”…

There’ll probably be more tests for different edge cases, but even those two require careful and thoughtful layering of blockchains and merkle trees, and careful API design.

It’s an interesting and problem. If they’re done right, transparently, and accountably, many of the other edge cases around Private Registers and how the public Official Truth is derived become a lot easier.

 

Welcome to Texas

The main point of contention between those who do blockchains, and those who do government data, is whether there should be the ability to change the past.

The blockchain people legitimately say no, as they generally operate without rule of law of a state to back them up. The Government data people know they have a state with the rule of law, so they assume the eternal presence of one, and a single jurisdiction.

Generally, the UK doesn’t have a problem of legislating that pi equals 4, so British civil servants don’t necessarily care. Some of the blockchain people go “that’s fine for you, but we live in Texas”.

Neither are wrong; they’re just different views of the world, with different starting assumptions.

A strong rule of law provides for an “official truth”. The UK’s Gender Recognition Act being a clear piece of Official Truth that is necessary for the UK state to support; witness protection and spent convictions being others. A raw implementation of a generic public blockchain make that impossible.

 

Official Truth

Whatever the reason for a change to the past state, blockchains can’t do that, without undoing all the benefits of a Blockchain beyond just a Merkle Tree – you might as well use a Merkle Tree. It is the chain that causes the “official truth” problem, not the block, and the “leaves” of a Merkle Tree are the blocks of a blockchain.

However, the downside of a Merkle Tree is that you can change any part of it and assert the  only the new truths: “We’ve always been at war with Eastasia”.

Merkle Trees represent the current information (and possibly recent information); but does not contain details of forgotten history.

To prevent tree comparisons (to find changes), those trees should only have specific queries that are run on them, defined questions which provide definite answers, possibly under license. There will need to be legal protections to prevent regenerating copies of trees (which is why the GRO changes are dangerously premature)

The signatures of those trees, and how they are signed, should appended to a time based write only ledger, that is entirely public. Ie, a public govchain.

Government must not be able to deny on Wednesday that it gave the answer it gave on Monday, irrespective of how the Official Truth changed on Tuesday.  That will require the publication of a public part of a signing key that signs a relevant Merkle Tree (and with rapid key change). The public part of those keys must be public even if dated, to provide integrity. That sounds like a blockchain.

Something may turn out to have been a pack of lies, but if it is Official Truth (and you kept a copy of the signature), no one should be able to argue that you were told it was true.

None of the above is particularly hard, particularly contentious, or particularly new.

 

Return of the Jackal

Most changes to Official Truth should not necessarily be public. But they do need to be audited. There is currently a (limited) inquiry into the actions of the Met following from the Jackal Run, which will include looking at what happened when.

To change an Official Truth, there needs to be some way that Official Truth gets updated with changes. Many of those will be legal, many of those will be alternate. It is likely that, much of those original sources, should be private blockchains, where the state on any one day can be reestablished by the authorities. The use of those private data structures should be to provide strict audit, and a data source where they are all processed into an Official Truth for public (and less-than-fully-public) APIs.

Every change the Home Office wishes to make should be written to a private blockchain, and it is those changes in aggregate that appear as Officially True in the public merkle trees. The public tree can see that something was signed, and includes the block identifier from the private tree/chain (although it doesn’t say which it came from – every event should have its own private identifier).  Those private block chains should include separate encryption for those who took actions; and the actions they took. All the different sources of “partial” truth should be merged to change history – all of which should happen automatically, and privately.

Those with a recent Gender Reassignment Certificate then become a key watchdog, because if the Home Office wishes to fake their own audit trails, those block identifiers will change.

When the Public Inquiry into the Jackal Run comes calling, it should be impossible for those who took actions to deny the precise action they took to change Official Truth, and that can be be enough to begin to examine why.

As a side effect, this makes the creation of fake person harder than the theft of a dead child’s identity.  Which is hopefully progress.

(this is an extension of part 2)

posted: 14 Feb 2016

#datasharing2016: A new weak lock on a data-sharing back-door?

Just before Christmas, the Cabinet Office hosted a short-notice meeting about their data sharing plans. The meeting topics reflected a continuation of the different streams from the data sharing work conceived in 2013.

There are few details yet – all we’ve seen are titles – but the title of the “statistics strand” suggests that the major concern of civil society has been entirely ignored. That is going to be a serious problem if it is reflective of the rest of the work that’s been done.

Whether the Cabinet Office have learnt any lessons about data sharing since 2013 is currently an unanswered question. Last year, the Data Sharing bit of the Cabinet Office moved to become part of GDS, looking to benefit from their culture of openness and transparency. If that cultural change has happened, the Data in Government will have a post on all they’ve learnt, and how their current plans have changed as a result. Read more…

posted: 01 Jan 2016