Practical Accountability of Secret Processes

View full paper here:

By Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, and Daniel J. Weitzner

Published in the 27th USENIX Security Symposium (USENIX Security 2018).


The US federal court system is exploring ways to im- prove the accountability of electronic surveillance, an opaque process often involving cases sealed from public view and tech companies subject to gag orders against informing surveilled users. One judge has proposed pub- licly releasing some metadata about each case on a papercover sheet as a way to balance the competing goals of (1) secrecy, so the target of an investigation does not dis- cover and sabotage it, and (2) accountability, to assure the public that surveillance powers are not misused or abused.

Inspired by the courts’ accountability challenge, we illustrate how accountability and secrecy are simultane- ously achievable when modern cryptography is brought to bear. Our system improves configurability while pre- serving secrecy, offering new tradeoffs potentially more palatable to the risk-averse court system. Judges, law enforcement, and companies publish commitments to surveillance actions, argue in zero-knowledge that their behavior is consistent, and compute aggregate surveil- lance statistics by multi-party computation (MPC).

We demonstrate that these primitives perform effi- ciently at the scale of the federal judiciary. To do so, we implement a hierarchical form of MPC that mir- rors the hierarchy of the court system. We also de- velop statements in succinct zero-knowledge (SNARKs) whose specificity can be tuned to calibrate the amount of information released. All told, our proposal not only offers the court system a flexible range of options for en- hancing accountability in the face of necessary secrecy, but also yields a general framework for accountability in a broader class of secret information processes.