WIRED.COM – January 29, 2021 – IN THE UNITED States, the idea of a federal gun registration database for all firearms is endlessly controversial. Gun rights advocates and libertarians decry it as overreach, while gun control proponents view it as an important step toward accountability. After decades of gridlock, and with an eye toward potential new legislation, cryptographers from Brown University have now proposed a system that could satisfy both sides of the debate.
They envision a platform that can be deployed nationally while also being fully encrypted and decentralized. Rather than a consolidated federal repository, each county would control its residents’ firearm data. Yet officials anywhere in the country could still query the system, as they would a regular centralized database, for information about people or guns located elsewhere. Led by Brown’s Seny Kamara, the researchers started the work in 2018 after staffers for US senator Ron Wyden (D-OR) reached out about whether such a project might be feasible.
Gun registry databases are so controversial because gun rights proponents see them as a prerequisite to outlawing more firearms. The National Rifle Association has also long fought registration, arguing that criminals often use illegally trafficked weapons and aren’t going to license them. Proponents of a national gun registry say it would make it easier for law enforcement to trace guns, as they already do cars.
They also say that comprehensive registration would make it much more difficult for people who are legally barred from owning firearms, like those who have been convicted of domestic abuse charges or served more than a year in prison for other types of crimes, to acquire them. The new research proposes a method by which the US could reap the benefits of a database without fear of intrusion or overreach.
“This is a sensitive issue, and people in different parts of the country are going to feel differently about it, so the idea was to design something like a national gun registry that could potentially be voluntary. It wouldn’t necessarily be mandated,” Kamara says. “So an important part of the design was to be able to guarantee to counties that they would manage the data, would have control over that data, and would be able to take their data offline if at some point they no longer wanted to participate.”
The fact that counties could decline to participate is an obvious potential issue in terms of how useful the database would be. But the researchers say that’s a policy issue, outside the scope of their work. From a technical perspective, the goal was to give each county or entity real and full control of the data they hold.
Kamara and his colleagues, Brown’s Andrew Park and Lucy Qin, and Tarik Moataz of Aroki Systems, specialize in encrypted databases. When information is in its scrambled, garbled, encrypted form, it’s more difficult to manage and query it, because the system can’t rely on reading the actual information in plaintext. Such databases are much more secure, though, and cryptographers have devised mathematical techniques and procedures in recent decades to make them more usable.
The idea of a decentralized firearms registry adds even more challenges, though, because thousands of county officials would need to hold the decryption keys for their locality’s data, maintain those keys over time as people change jobs, and establish some sort of trusted entity that still wouldn’t be able to see all of the data in aggregate, but could act as a gatekeeper for systemwide queries.
Once those components are established, the data can remain fully end-to-end encrypted at all times, making it extremely difficult for an attacker to steal the information when it’s sitting around “at rest” in the database, or snoop on it while it’s “in transit” across the internet. It’s what cryptographers call a “secure multiparty computation” problem. [full article source]