investigator collecting gun as evidence at crime scene (PRESSLAB/Shutterstock.com)

Advanced encryption powers privacy-protecting gun registry

Just as discussions about gun control on the rise in the wake of recent mass shootings, researchers at Brown University announced they have developed a proof of concept for a national, decentralized privacy-protecting gun registry that places control of the database in the hands of county officials, rather than the federal government.

The proposed system protects privacy with advanced encryption that allows the database to be searched without being decrypted. A global directory would contain only the make, model and serial number of legally owned guns in each participating county. It would connect the guns to their owners with a registration number, rather than to constituents’ personally identifying information.

County officials would control the decryption key with a device like a Yubikey. Officials would insert the token into a laptop to allow their county’s data to be searched by authorized users such as law enforcement, county officials or gun sellers.

If police officers wanted to find the owner of a gun found at a crime scene, for example, they could use the gun’s serial number to search the entire system. Without ever decrypting the data, the system would identify which county database contained a gun with that serial number. If the county official controlling the local database allows, the officers could then decrypt the relevant record.

“All of the servers that are storing the data and all of the computers that are doing these operations, they're just processing encrypted data and they never actually see anything,” Brown computer science professor Seny Kamara said. “That provides really strong privacy throughout the process because none of the data can ever be seen without the decryption key.” If a county decides to end its participation in the network, “the official just pulls that hardware token out of the laptop and that’s it -- nothing works,” he said. “The data is encrypted and the key is unavailable, so nothing can happen.

Creation of the registry was prompted by Sen. Ron Wyden (D-Ore.), who was looking for ideas on how such a database might be constructed.

“The senator’s office had this idea for a database where counties are incentivized to participate, but they could pull out at any time,” Kamara said. “For the senator’s office, that ability for counties to walk away and basically pull their data offline was really important.”

The fact that participation is voluntary obviously limits the system’s usefulness, but the researchers told Wired that participation a policy issue, “outside the scope of their work.” They were focused on giving each county control of their data, they said. 

For the study, the researchers used synthetic data to show that searches were computationally practical, with results returned in a minute or less. While the proof of concept needs refinement, it would likely be relatively inexpensive for participants. Each county database could be stored for less than $1,000 per year, and the global directory would cost less than $500 per year, Brown officials said.

People imagine gun registries as publicly searchable databases, “but with advanced cryptography, that’s not necessarily true,” Kamara. “This is an example of how you can have technology folks and policymakers working in concert, and it changes the conversation. It’s been a really great collaboration."

The research paper was accepted to the IEEE Symposium on Security and Privacy and will be presented in May.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected