Given the secretive and coercive nature of the national security state, we have come to depend upon whistleblowers to tell us of the abuses that are committed by governments. Governments in turn retaliate by threatening to hand out extremely harsh punishments to those caught divulging information they do not want revealed, though high government officials will freely leak secret information to reporters when it serves their interests and such people not only do not get punished, they are rewarded for such actions and even for their deceptions and lies.
As a result, those who are serving as watchdogs on the government keep trying to develop new ways for whistleblowers to release information in the public interest without getting caught. Conor Schaefer of The Freedom of the Press Foundation says that they are testing out a new system called Sunder, “a desktop application for dividing access to secret information between multiple participants” and are inviting people with some expertise in this field (which rules me out) to help them refine it.
While Sunder is a new tool that aims to make secret-sharing easy to use, the underlying cryptographic algorithm is far from novel: Shamir’s Secret Sharing was developed in 1979 and has since found many applications in security tools. It divides a secret into parts, where some or all parts are needed to reconstruct the secret. This enables the conditional delegation of access to sensitive information. The secret could be social media account credentials, or the passphrase to an encrypted thumb drive, or the private key used to log into a server.
Until a quorum of participants agrees to combine their shares (the number is configurable, e.g., 5 out of 8), the individual parts are not sufficient to gain access, even by brute force methods. This property makes it possible to use Sunder in cases where you want to disclose a secret only if certain conditions are met.
The most frequently cited example is disclosure upon an adverse event. Let’s say an activist’s work is threatened by powerful interests. She provides access to an encrypted hard drive that contains her research to multiple news organizations. Each receives a share of the passphrase, under the condition that they only combine the shares upon her arrest or death, and that they take precautions to protect the shares until then.
Secret sharing can also used to protect the confidentiality of materials over a long running project. An example would be a documentary film project accumulating terabytes of footage that have to be stored safely. By “sundering” the key to an encrypted drive containing archival footage, the filmmaking team could reduce the risk of accidental or deliberate disclosure.
I am passing this on to people who might be able to better assess this and even help in it.