It is sometimes very important to keep certain information secret unless a particular person dies or becomes otherwise incapacitated, in which case the information should be disclosed in a specified way. More generally, it would often be useful to keep information secret until certain conditions occur, and to then disclose the information in a particular way.
Many situations illustrate the need for carefully controlled disclosure of sensitive information. For example, consider wills and other statements made in contemplation of one's death. The contents of a will are often kept secret from most of the people identified in the will until the person who made the will dies. Then, and only then, is the will disclosed to the people and the institutions who are (or are not) beneficiaries under the will.
As another example, consider information discovered by a potential whistle-blower or other witness to some wrongful act or plot. If the wrongdoing is not promptly reported to the proper authorities, a wrongdoer may believe that all of the incriminating evidence can be destroyed, and may attempt to do so, regardless of the harm inflicted on witnesses and others, including innocent bystanders. Evidence is sometimes lost because a witness is reluctant to tell others because the evidence would implicate the witness in lesser but nonetheless serious violations, because the evidence raises questions but is not conclusive evidence of a crime, or because the witness does not wish to place anyone else at risk. Thus, it would be helpful to provide a reliable way for a witness to preserve a description of events (and possibly other information as well), without directly involving another person until disclosure of the information becomes necessary.
Less dramatic but nonetheless important situations calling for carefully controlled disclosure also arise in other contexts. For instance, a software company which licenses only object code versions of its proprietary software may agree to make the corresponding source code versions available to a licensee if the software company goes bankrupt or discontinues support, or if some other stated condition occurs. The source code should be disclosed, but it should be disclosed only to the licensee and only when the stated conditions occur.
As another example, consider the address databases that correlate domain names with IP addresses on the web, password databases, digital certificate databases, marketing databases that correlate email addresses with names and other demographic information, bank account databases, and the many other databases that support electronic commerce. An illicit copy of such a database could be put to many unauthorized purposes, so backup copies should be stored securely. On the other hand, authorized system personnel should have ready access to a copy if necessary to restore operation of the system.
Accordingly, mirroring servers, compressed archives, and other backup tools and techniques are used to create frequent backups and to disperse them geographically to reduce the risk of losing the data. Physical security methods ranging from locked doors to dismounted magnetic tapes to watchdogs are also used, to make sure the backup is available only to authorized system administrators.
More generally, current approaches to controlled disclosure of sensitive information often involve asking someone to act as a guardian of the information. The guardian role may be filled by a coworker, friend, relative, spouse, attorney, journalist, escrow agent, or other person. The guardian is asked to receive the information, to hold it in strict secrecy until some stated condition occurs (typically death, bankruptcy, data loss, or other incapacitation), and to then disclose the information to one or more persons who have previously been identified or described by the person who places the information in the guardian's care.
Unfortunately, present guardianship approaches are vulnerable to natural disasters, wars, terrorist attacks, or even more mundane problems such as record-keeping errors or satellite failures. Such events may destroy all copies of the information. They may also make the copies difficult or impossible to locate, or result in premature or misdirected disclosure of the information.
Guardianship may also fail in other ways. Even if a guardian has the best of intentions, the guardian's copy of the information may be lost or destroyed despite the guardian's efforts. If the information is sufficiently valuable and is perceived to be vulnerable, then the guardian may be the target of extreme efforts, either to prevent disclosure of the information or to obtain unauthorized access to the information. Moreover, approaches which rely on professional escrow agents or attorneys as guardians tend to be relatively expensive, inconvenient, or both.
Modern computer technology provides many tools for managing information, so it is reasonable to ask whether some form of automation might help guardians. However, the diversity of techniques and devices available makes it difficult to determine which tools and techniques are relevant to the problem at hand. To give but a few examples of the available technologies: user interfaces make it easier to control software and hardware; hardware advances make it possible to create ever more complex and adaptable systems; networks (both wired and wireless) connect computers at different locations with different levels of security; platform-independent libraries and languages help make functionally compatible software available throughout a network; visualization tools help present information to viewers in meaningful ways; databases organize information in a way that promotes analysis of the information and provides access to the information; web crawlers create indexes which help locate information; artificial intelligence techniques help process information; identification, authentication, and encryption methods help keep information secret from unauthorized viewers and/or detect tampering; fault-tolerant systems, replication methods, and archival techniques each provide some assurance that another copy of critical data will be available if a given server or link goes down; programming languages and other development tools encourage experimentation and rapid development of prototype computer systems; and tools and economic incentives promote the commercialization and adoption of new computer software and hardware products. The difficulty lies in determining which techniques are useful for controlling disclosure, and how to adapt or combine them for such use.
In short, it would be an advancement to provide an approach which draws on relevant computer technology tools and techniques and combines or develops them in new ways to improve control over the disclosure of sensitive information.
Such an approach is disclosed and claimed herein.