In the United States, the idea of a federal gun registration database for all firearms is endlessly controversial. Gun rights advocates and libertarians decry it as overreach, while gun control proponents view it as an important step toward accountability. After decades of gridlock, and with an eye toward potential new legislation, cryptographers from Brown University have now proposed a system that could satisfy both sides of the debate.
They envision a platform that can be deployed nationally while also being fully encrypted and decentralized. Rather than a consolidated federal repository, each county would control its residents' firearm data. Yet officials anywhere in the country could still query the system, as they would a regular centralized database, for information about people or guns located elsewhere. Led by Brown's Seny Kamara, the researchers started the work in 2018 after staffers for US senator Ron Wyden (D-OR) reached out about whether such a project might be feasible.
Gun registry databases are so controversial because gun rights proponents see them as a precursor to outlawing more firearms. The National Rifle Association has also long fought registration, arguing that criminals often use illegally trafficked weapons and aren't going to license them. Proponents of a national gun registry say it would make it easier for law enforcement to trace guns, as they already do cars. They also say that comprehensive registration would make it much more difficult for people who are legally barred from owning firearms, like those who have been convicted of domestic abuse charges or served more than a year in prison for other types of crimes, to acquire them. The new research proposes a method by which the US could reap the benefits of a database without fear of intrusion or overreach.
“This is a sensitive issue, and people in different parts of the country are going to feel differently about it, so the idea was to design something like a national gun registry that could potentially be voluntary. It wouldn’t necessarily be mandated," Kamara says. "So an important part of the design was to be able to guarantee to counties that they would manage the data, would have control over that data, and would be able to take their data offline if at some point they no longer wanted to participate.”
The fact that counties could decline to participate is an obvious potential issue in terms of how useful the database would be. But the researchers say that's a policy issue, outside the scope of their work. From a technical perspective, the goal was to give each county or entity real and full control of the data they hold.
Kamara and his colleagues, Brown's Andrew Park and Lucy Qin, and Tarik Moataz of Aroki Systems, specialize in encrypted databases. When information is in its scrambled, garbled, encrypted form, it's more difficult to manage and query it, because the system can't rely on reading the actual information in plaintext. Such databases are much more secure, though, and cryptographers have devised mathematical techniques and procedures in recent decades to make them more usable.
The idea of a decentralized firearms registry adds even more challenges, though, because thousands of county officials would need to hold the decryption keys for their locality's data, maintain those keys over time as people change jobs, and establish some sort of trusted entity that still wouldn't be able to see all of the data in aggregate, but could act as a gatekeeper for systemwide queries. Once those components are established, the data can remain fully end-to-end encrypted at all times, making it extremely difficult for an attacker to steal the information when it's sitting around “at rest” in the database, or snoop on it while it's “in transit” across the internet. It's what cryptographers call a “secure multiparty computation” problem.
“The real-world implications of this were something I cared about and wanted to think about more,” Brown's Qin says. “I knew we needed to put our minds together, because to me it did not seem obvious at first how you would do all of this. Secure multiparty computation is quite resource-intensive, and we needed to accommodate the legislative nuances.”
On top of all the other challenges, the system also needs to be easy to use for government officials who most likely wouldn't have any specific knowledge of cryptography. And it requires other protections built in as well, like “rate limiting,” so officials could automatically prevent someone running a suspicious number of queries.
The basic structure of the system the researchers devised looks like this: Each local official who manages the gun registry data in their county would hold the encryption key for that data on a physical authentication token, like a Yubikey. To answer queries—release data, in other words—about the county's current or former constituents, the official would authenticate themself and authorize data queries by producing the physical key. When a new person took over the job, the outgoing official would hand over the physical token as they would the key to a filing cabinet.
The system has a mechanism to reconstruct the key in the event that a local official is indisposed or loses their token. It works by having the official give “key shares” to colleagues, or trusted peers in neighboring counties. At least two of the three shares must come together to authenticate. The idea is to create a fallback mechanism that allows officials to choose like-minded or otherwise trusted custodians, reducing potential concerns about misuse. The key shares could also be revoked, so when a job turns over the new official can appoint their own key share holders.
To query the database at a national level, or run a gun trace, there needs to be some type of “global directory,” as the researchers call it, that indexes all the data in some form. This way someone making a query is automatically redirected to the right place rather than having to individually ask if someone has registered a firearm in each of the 3,006 counties in the US. But if the global directory simply compiled all of the data, it would defeat the purpose of the entire project. So the researchers devised two crucial components to solve the problem.
First, the global directory only indexes identifiers like firearm serial numbers and registrant IDs, rather than a full suite of information. And a more nuanced feature the researchers propose is that two or more groups, potentially nongovernmental organizations with opposing interests, hold key shares that are required to query or even update the global directory. The researchers use the National Rifle Association and the American Civil Liberties Union as examples of entities that likely would not have an interest in colluding to undermine the integrity of the system by putting their shares together to authorize abusive activity. But if both agreed to be custodians of the global directory, they would provide their shares for legitimate queries and system maintenance.
These organizations wouldn't be able to clandestinely access information in the global directory without the other, and even if they could, the information in the global directory is limited, and everything in it remains fully encrypted at all times. The only decrypted information that's accessible to entities authorized to run queries is the information that would come back if local officials chose to release it.
“The global directory points people to the right local databases, and then the local officials in charge of those databases have to approve it in order to actually get the entire record,” Kamara says. “The idea of the global directory is that there's no single entity that manages it. It's a coalition, and nobody ever actually sees what's happening in the black box. The keys, the queries, and the responses are all done cryptographically, so everything about it remains secret."
The system obviously has a lot of requirements both technical and societal. But the researchers say their goal was to work through the cryptographic challenges to show that such a system could be built. The political and ideological hurdles are for lawmakers to surmount, they say.
Senator Wyden is still working on legislation that will incorporate these findings, but he says he hopes the collaboration will be a model for others in Congress who may not currently feel empowered to seek sophisticated technical solutions to public policy problems.
“Far too often, lawmakers write bills without having a good grasp of technology, especially when it comes to encryption,” Wyden told WIRED in a statement. “My view has always been that making good public policy depends on knowing what is possible on the technical side. So when I had the idea to create a new kind of secure gun registry, I was hoping Professor Kamara could give me a gut check on whether this was a harebrained idea or not.”
Getting groups like the NRA and ACLU to collaborate on governing a national gun registry may seem truly outlandish. But the fact that the technology now exists to do it could at least make the improbable a little more possible.
- 📩 Want the latest on tech, science, and more? Sign up for our newsletters!
- 2034, Part I: Peril in the South China Sea
- My quest to survive quarantine—in heated clothes
- How law enforcement gets around your phone's encryption
- AI-powered text from this program could fool the government
- The ongoing collapse of the world's aquifers
- 🎮 WIRED Games: Get the latest tips, reviews, and more
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones
