We describe a design for a reputation system that increases the reliability and thus efficiency of remailer services. Our reputation system uses a MIX-net in which MIXes give receipts for intermediate messages. Together with a set of witnesses, these receipts allow senders to verify the correctness of each MIX and prove misbehavior to the witnesses.
Privacy Engineering in Digital Rights Management Systems
Joan Feigenbaum, Michael J. Freedman, Tomas Sander, and Adam Shostack
ACM Workshop in Security and Privacy in Digital Rights Management
(Associated with ACM Communication and Computer Security)
Philadelphia, PA, November 2001.
Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users' privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting user' privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of "privacy engineering" principles for DRM systems, some of which are easy to implement and potentially quite effective.