Centralized Data - Philosophical vs Pragmatic

[uncompromise]

This is a question, not a suggestion, as I have nowhere near the technical intelligence to answer this. One of the core issues with gun control seems to be the ability to quickly and easily gain information about weapons used in felonies. The lack of a centralized database is clearly a core restriction in improving this, and yet the concerns about a centralized database are what, specifically?

Other than a philosophical objection to having the government know who owns what, what is the difference between a centralized database on weapons ownership, vs a centralized database on passports, or drivers licenses, or vehicle registrations? The government already knows way more about most people than most people consider, and are certainly capable of tracking through to specific time-stamped purchases via credit card, or subscriptions via banking, should the need arise.

If the concern is more philosophical than pragmatic - ie, the thought of a centralized database makes gun owners nervous, and therefore unlikely to comply with a proposed model that includes it - is there any way to utilise a blockchain style database that would support discrete interrogation of a serial number without ever being able to access the entire dataset?

Or is this both philosophically and practically unachievable.

Again, I note my lack of understanding about what is technically achievable, I'm just curious to know if there is a both/and possible with data so that law enforcement can be more effective, while simultaneously respecting the intrinsic rights of law-abiding citizens.

[nalanbar]

There are no centralized databases for drivers licenses or registrations. The idea of a central registry is odious for a few reasons, not the least of which being that the point of the second amendment is to allow American citizens to defend themselves, not only from wrong doers, but from the government themselves. Giving the government a list of who has what goes a long way toward removing that protection. As far as tracking guns found at crime scenes, I'm under the impression that police are able to do that already. The serial numbers are stored at the selling ffl for years, I think ten. A court can supply a warrant that for that information. On Wed, Jun 22, 2016 at 8:23 PM Cameron notifications@github.com wrote:

This is a question, not a suggestion, as I have nowhere near the technical intelligence to answer this. One of the core issues with gun control seems to be the ability to quickly and easily gain information about weapons used in felonies. The lack of a centralized database is clearly a core restriction in improving this, and yet the concerns about a centralized database are what, specifically?

Other than a philosophical objection to having the government know who owns what, what is the difference between a centralized database on weapons ownership, vs a centralized database on passports, or drivers licenses, or vehicle registrations? The government already knows way more about most people than most people consider, and are certainly capable of tracking through to specific time-stamped purchases via credit card, or subscriptions via banking, should the need arise.

If the concern is more philosophical than pragmatic - ie, the thought of a centralized database makes gun owners nervous, and therefore unlikely to comply with a proposed model that includes it - is there any way to utilise a blockchain style database that would support discrete interrogation of a serial number without ever being able to access the entire dataset?

Or is this both philosophically and practically unachievable.

Again, I note my lack of understanding about what is technically achievable, I'm just curious to know if there is a both/and possible with data so that law enforcement can be more effective, while simultaneously respecting the intrinsic rights of law-abiding citizens.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jonstokes/shootercontrol/issues/11, or mute the thread https://github.com/notifications/unsubscribe/AANBk5sZn-fvh0kSCGhiqfiihf29lVpZks5qOdIXgaJpZM4I8WMF .

[uncompromise]

Thanks @nalanbar. The point of a blockchain style database is that it's a distributed database. So accessing information about a particular firearm would not, from my technical understanding, permit access to information about every other firearm. It would be facilitate the interrogation of a single unique record (ie a single serial number) and would be functionally incapable of permitting access to any other record without knowledge of that specific piece of information (ie another specific serial number).

While I understand that serial numbers are stored at point of purchase, that seems to preclude subsequent sales of that firearm through private sale. Again, I may be missing something here, but my interest is in how technology can facilitate a both/and - respecting the constitutional rights of the individual, while respecting the need for law enforcement to be able to rapidly track ownership of a particular firearm that may have changed hands multiple times since it was originally purchased.

I should note that I am not a US citizen (although I live in the US fulltime) and am therefore not able to possess a firearm in the US. That my comments may indicate a lack of understanding of process are as a result of this.

[tsgsjeremy]

Unfortunately, I don't see any way to make this work without some centralized information. At a minimum, membership data - like contact info, membership status, network history, etc. - would be required. Specific firearms data wouldn't be required, but in my opinion that's irrelevant.

From what I've seen on the subject of a national firearms database, people don't want the government to know what guns they own because then they would know where to go to confiscate the guns. I would say that even without knowing what guns people own, any list of gun owners could be used for the same purpose. The government would still know you had guns, just not which ones or how many.

So my proposal is to implement strict access controls. I am currently and IT guy and in a past life I held various security clearances. Those experiences have informed my thinking on this subject. The technical part of my brain envisions high level encryption, "black box" hardware, distributed computing, and tiered access policies. The security part of my brain calls for varying classification levels including SAP, physical security, and two person integrity.

[jonstokes]

I would say that even without knowing what guns people own, any list of gun owners could be used for the same purpose. The government would still know you had guns, just not which ones or how many.

It's not quite the same, though. I think most gun owners are aware at this point that the feds know who has guns and who doesn't. Anyone who's paying attention and who's heard the name "Snowden" knows that some three-letter agency or other probably has a better idea of what guns a person owns than that person's spouse does.

But if there's no registration requirement (assuming that such a requirement also includes the requirement to update the serial number => buyer link whenever there's a loss or transfer of a firearm), then when the feds show up you can just claim the proverbial "boating accident" took them all, or (if you live in a state like TX) you sold them to some anonymous guy on Craiglist for cash. If you weren't required to report a loss or transfer to a central registration authority, then what are they going to do to that claim? They can search your property, but that's it.

[tsgsjeremy]

@jonstokes Yeah I probably shouldn't have glossed over that.

[uncompromise]

If you weren't required to report a loss or transfer to a central registration authority, then what are they going to do to that claim?

So does this mean that a distributed database that parses this registration information is a functional necessity, if not philosophically problematic? What if each group that @jonstokes proposes has their own encrypted key(s) for accessing their own unique data records, with perhaps a requirement for multiple authorisations simultaneously from the same network to access and alter that information?

I'm still trying to approach this conversation pragmatically, not philosophically. I would like to know what is functionally possible that respects the already articulated constraints, before shifting the discussion to what is pragmatically achievable on the basis of human bias and belief.

[tsgsjeremy]

@uncompromise We are in a golden age of technology where almost anything is possible.

• Current encryption methods are incredibly strong - at least until quantum computers come online. By then I suspect we'll move to some sort of one time pad type methods.
• Hardware can be custom built with software algorithms hard wired into the circuitry to prevent tampering. Sometimes called Black Boxes because they can act as one-way valves, or dedicated encryption channels for point to point comms.

I like your idea for a distributed DB with localized data and encryption keys. For background checks a central server could be permitted to do searches of all networks but only for a single individual at a time. The restriction could be implemented through software or hardware.

Then for reporting and statistical information the local network could run more detailed queries. After all, if they are functioning as intended they should already know everything about all the other members.

FYI - I run into this chicken and egg problem a lot when working on software projects. Clients need to know what's possible so they know what to ask for, and I need to know what they're asking for so I can tell them what's possible. Usually takes several iterations before everyone is on the same page, so keep firing questions until you get satisfactory answers. :)