Alan Gottlieb, of SAF, posted this on Twitter this morning:
I will share more information about White House calls about gun legislation at the Gun Rights Policy Conference this weekend. It will be live streamed on the Second Amendment Foundation’s Facebook page.
GRPC is this weekend in Phoenix. Walk registration is available. I highly recommend attending this.
I got call from White House staff. Gave me details on what the President is considering to support with regard to gun legislation. They considered my comments and ideas and we were on the same page. I like the red lines that they have drawn to protect Second Amendment rights.
What Sean posted about the other day may be what we are looking at.
I’m not sure about Sean’s thing.
Is it possible to build an app (an on-line system) that lets you do background checks without enabling a registration database? Probably yes; it seems like some sort of anonymizer problem that can be solved by skillful application of cryptography. It’s a problem I enjoy reading about but I’m not good enough at higher math to create such solutions myself.
On the other hand, the simple scheme Sean described doesn’t seem good enough. In fact, it is precisely a registration database: the buyer records his intention to buy with the feds, the seller checks that the buyer is ok, done. The only way this is not a gun registry is if you are willing to believe the federal government (current or future versions) isn’t preserving all this information but is instead discarding the record of each transaction as soon as it is complete.
Details are important. This is even if it is implemented in a way that appears to creating registration database.
Suppose the “key code” (I’ll use “token” to save keystrokes and other reasons) is obtained at no cost, is valid for 30 days, and is good for multiple transactions.
This allows lots of interesting things:
As for a cryptographic solution which doesn’t directly enable a registration database here is my first cut at it.
The buyer’s identity information plus a truly (or very close to) random, large, number are combined and a cryptographically secure hash is made of that information. The hash (token) given to the buyer and stored “forever” with the expiration date while the original identity information is deleted. Any seller can validate the token but only the buyer knows the identity of the token owner. The random number could probably just be the RGB values of the scan of the buyers drivers license.
There are some loopholes here. Someone could sell tokens to criminals.
The loophole could be plugged with two “tokens” issued to the buyer. One is actually a private key which “unlocks” (decrypts) the second “token” and is kept by the Feds. The seller validates the Feds issued the key and then uses the key to decrypt the second “token” retained by the buyer. This results in the face picture of the buyer from their identification card. All sales would have to be face to face (or via a video call) so some anonymity would be lost but I don’t immediately see a big drawback to this scheme.
This is actually what I’m looking for. Anonymity through mass worthless data. Crypto and other stuff is probably a waste of time. The “token” would have to return a name to the seller so he could check ID. But there’s not one single reason to believe that each and every time the token is scanned that a gun transfer happened. Gun owners SHOULD start telling people that the only way they’ll hire a babysitter/workman is with a NICS check. Gun owners could (and should) keep an open token available at all times and then randomly scan that token with everyone who can be persuaded to play along.
The idea is to generate such a mass of useless data that it would be worthless as a registry. I’m sure that some bright boys could use network analysis to see who the biggest troublemakers are, but there’s really no way to make a list of guns and owners to round up out of a trillion random token scans.
Also, thanks for the link!
It probably wasn’t as clear as it should have been but my idea was that no name is required. The token could just enable the viewing of a picture of the buyer.
One crypto angle I was thinking about: have the token contain a digital signature made by the checking authority. With that, you don’t need to connect to a server to verify the token; all that is needed is a signature check which is an off-line operation.
So the token might look like:
“21 Sep 2019, John X. Doe, DC drivers license 12387321789413, has passed the Federal Instant Check. This token valid through 21 Dec 2019. Signed, Uncle Sam 136781236182631263182367162381763128761382”
I really like that for a return token, say with a 3d barcode on it that one could scan with any of the barcode apps and it would return the same above info from a approved .gov site.
Because the token is only valid for ~90 days, in the case you provided, giving it a 15 place hex check number that you could put in to same website if you did not want to use the barcode, and it would return the rest of the info, with no other input about why this check was being validated.
If the check number is a digital signature, as I suggested, then you don’t need a government web server to validate it. Anyone could build a validator since all it requires is knowing the signing public key and running the signature check algorithm. So even if you do it on-line, you could do it without appearing in a government database. Just ask the JPFO signature checker to check for you rather than the FBI’s checker. 🙂
If the background check system becomes a way to run a BGC for your babysitter, handyman, youth group volunteer or other individual it greatly masks the identities of gun buyers.
Of course there are also some issues with making it impossible for people to ever outrun their past. Just because someone was convicted of a misdemeanor that could carry more than a years sentence in their past doesnt mean they should have a black mark for life employment.
The White House being on the same page as the guy who bragged that he helped write the previous Manchin-Toomey bill, backed bump stock regulation, and sabotage the work against WA background checks (I-594) by diverting resources to his I-591 which would have allowed UBC.
King Chaim has spoken. Everyone calm down and get back in line. The Train is almost here…
If the screenshot of the checked person is run thru “Faces”, a permanent record CAN AND WILL be made. There is NO such animal as an untraceable Internet transaction, also. No such animal as overloading the metadata, either. It’s all archived and any transaction can be broken at any time.
Well… anonymous transactions are not easy, but you can get there with the help of crypto plus helpful servers. There may be legal complications, though.
At one time there was an anonymous email service run out of Finland. It was served with a court order to disclose its customer list; it shut down instead. Similarly, TOR is a network of connection-wrapping servers spread all over the world. You can in principle do traffic analysis on the TOR network, but that would be quite hard. If the servers do store and forward with random delays (not good for TOR, but perhaps useable here) and the request arrival interval is well below the average delay, the traffic analysis picture gets buried in noise.
Some of this stuff requires serious crypto skills to get right. I have a book full of relevant algorithms that are mostly over my head (Menezes, Handbook of Applied Cryptography). Bitcoin is also a relevant example; the original paper by “Satoshi Nakamoto” is fascinating and requires a lot of care to understand.