Software and Methods Supporting Legal Proceedings: Speculative and Home-Brewed or Verifiably Reliable and Definitive?
Abstract
Software-based tools are often used to collect evidence for court proceedings. Some are well-tested and commercially available. Others are not. Over the last fifteen years, tens of thousands of lawsuits claiming copyright infringement using BitTorrent networks have been brought by media companies. The software-based tools used to report copyright infringement are not commercially available, not qualified by third parties, yet promoted as “forensic tools”. Explained is how wrongfully accused users are harmed; how Daubert [6] addresses admissibility of evidence; how BitTorrent seeders share infringing movies in pieces with peers; how such BitTorrent monitoring software collects pieces of movies from IP addresses; and why IP addresses do not distinguish infringers from non-infringers. The tools collect only a few pieces of movies from targeted IP addresses, while no pieces are collected from seeders holding infringing copies. The methods speculate about infringement rather than definitively collecting complete playable copies for validation. The software does not overcome critical failure modes including abandonment, piece-unavailability, space-depletion, and choking. Explained is how repeatability and reproducibility testing, completeness, playability, transaction validation, and audio-visual matching yield verifiably reliable software and infringement reporting for acceptance in software engineering and forensics communities. Using unreliable software for forensics purposes is malpractice.
Agent-Based Digital Identity Architecture
Abstract
At PNSQC 2015 [1] I highlighted the weaknesses of digital identity schemes and suggested how to overcome them. Many identity systems have been proposed since then, each yielding marginal benefits. The Internet remains far too dependent on server-centric password-based identity solutions.
This paper describes an identity architecture powered by collaborating software-based agents and so-called self-sovereign digital identities. The architecture decentralizes control over identity from web services to individuals with identity agents installed on their personal devices. The agents manage digital identities and private data on behalf of their owners to prove who they are, reduce dependency on passwords, securely interoperate, protect their identifying information, and delegate access to their private data. To facilitate ease-of-use and technology adoption, identity agents virtualize digital identities mimicking physical credentials in one’s wallet. Digital identities specify private/public key-pairs for digitally signing, encrypting, and sealing digital identities, consent tokens, private files and other digital artifacts. Identity agents exploit identity-proofing, digital sealing, and attestation to elevate authentication and identity assurances associated with digital identities. A reference model for identity agent implementation is presented. Various aspects of the identity architecture are published in US patents [2-5], an unpublished patent application [6], conference proceedings, and technical journals [15-19].