Wikiright

D. A. Arbatsky

June, 2009

Abstract

Wikiright is a technology of protection of copyright for products presented in digital form. It is practically of zero net cost (for computer users) and it requires usage of technologies and net resources that already exist. An author of a product protected by wikiright has an opportunity (if thinks expedient) to make the audit of the copyright free for all users of the Internet. In this paper the wikiright technology is described and concrete recommendations of its usage are given. Also I give comparison with other, already known, technology of “trusted timestamping”. It turns out that the wikiright technology is easier to use, and, after proper development, it has quite a few essential advantages.

How it works

Suppose, you have created some file and you want that in future you would be able to confirm your copyright for it. Is that file text, musical, graphical, video or some other does not matter. Further you need to do the following:

  1. Attach to that file your personal data with indication of your authorship. If that is a text file you can write them directly to the text. If the file is a picture, you can, for example, make a caption just on the picture. If the format of your file does not provide an opportunity of such a modification, then you need to write a separate text file with a description and indication of your authorship and join the produced files packing them in an archive by any archiver. (The latter alternative is also more preferable in the case when you want to protect your authorship of several files at once.)
  2. Calculate a collisions resistant hash function of the obtained file. (Hash function is just some string containing several dozens of digits and letters, that corresponds to your file.) At present, a good variant seems to be, for example, the hash function SHA-256. The algorithm of its calculation is well-documented and realized on main computer platforms in the form of numerous hash calculators. (If you work in Windows and do not want to independently search for and test hash calculators, you can try the following two: HashX and HashCalc. Both of them are free and easy to use. But I am not their developer and do not guarantee anything about them.)
  3. Publish the hash function on any Internet site, that indicates the precise time of publication. As such a site you can use, for example, Wikipedia. The advantages of Wikipedia are the following:
    1. It remembers the precise time of each data record made.
    2. Its owners have gained some confidence of the Internet community.
    3. The project of Wikipedia seems to be quite long-range.
    The usage of Wikipedia for this purpose seems to be legitimate at present, because Wikipedia policy does not prohibit (yet) such usage of the resource. And such usage can be considered as pointed at the aims of development of Wikipedia, because it supplies to the Wikipedia community additional verifiable sources of facts.
    For publication of hash function in Wikipedia I suggest the following procedure:
    1. Go to the wikiright page.
    2. Delete everything written before you and write your hash function.
    3. Go to the page History.
    4. Find the last record (it is first in the list and it corresponds to your publication) and go by the link with the date to the page containing your publication. At that time in the address bar of your browser you will see the permanent address of your hash function. (example)
    5. Write down the permanent address of your publication.
  4. Carefully organize the storage of the hashed file. This is especially important: not even one bit in the kept file can be changed. If even one bit changes, you will not be able to confirm your authorship by the way described here.

In fact, this is all. If you want to afford an opportunity to check your authorship to all users of the Internet, then make additional step:

Now any user of the Internet will be able to download your hashed file, independently calculate its hash function, and after that compare it with the published. If there is no discrepancy, then that person can be sure, that you really possessed the hashed file at the moment of publication of the hash function.

Possible notation

For notation of wikiright I would suggest to use a special symbol: (symbol U+24cc in Unicode). This symbol should be placed near the name of the author and the date of creation of a document, and it can serve as a hyperlink to the resource describing that particular case of wikiright.

Juridical aspect

Naturally the question arises: to what extent the suggested technology is legal, and will such a proof be accepted in the court of law, if necessary?

If you understand Russian, you can read the discussion of this topic in the Russian version of this paper. The discussion is based on the Civil Code of the Russian Federation and on the Code of Civil Procedure of the Russian Federation. The conclusion is that wikiright is already completely legal (in Russia). The fact that this technology is new and is not (yet) described in legislation separately, does not play a role of principle.

Prospects

If wikiright becomes widespread, it seems to be reasonable to organize specialized sites in the Internet: hash function depositaries. They could not only collect, store, and provide dated hash functions, but also these depositaries could control each other. The database of any such a depositary (or, for example, each part of it corresponding to one month) can be hashed and certified in other depositary. In addition, the database of a depositary can be made available for downloading and saving to an indefinite circle of people. So, it seems, we can get unprecedented (in the sense of protectability against falsifications) in history system of dating of historical documents.

Comparison with trusted timestamping

At present somewhat other computer technology works — trusted timestamping. Briefly, it boils down to the following:

  1. In the same way you attach to your file data about authorship, calculate the hash function and send the hash function to a specialized Internet timestamping service.
  2. The service attaches to your hash function the record about the time of receiving of the hash function and signs the resulting digital sequence with its digital signature. (In other words, it puts on your hash function its “time stamp”.)
  3. After this the hash function with the time stamp is returned to you.
  4. You organize the storage of the hashed file and also of the hash function with the time stamp. You may put them in free access in the Internet.

If somebody wants to check the authenticity of your time stamp, that person makes the following:

  1. Downloads from the site of the timestamping service its public key (this is some fixed sequence of several hundreds digits and letters, that belongs to that service; it is unique for that service and is not connected with a concrete hash function).
  2. Using that public key and using a special program checks the authenticity of the time stamp.
  3. Checks the identity of the hash function in the time stamp and the hash function of the original file.

In comparison with trusted timestamping wikiright has substantial advantages:

  1. Wikiright is more simple and more intuitive. For the people not familiar with cryptography it is easier to master it.
  2. Wikiright allows as a part of the technology usage of some physically irreversible process. For example, from time to time the depositary can burn the database with hash functions on a write once CD. This leads to the result that computer break-in of the depositary does not lead to too fatal consequences. When a break-in is revealed, an investigation of the technology of the break-in is performed, the software is patched, and the database of hash functions is restored from the CD. But with the technology of timestamping situation is much worse: as soon as the so called private key of the timestamping service comes to an intruder, immediately all time stamps, signed with the use of that key, lose their evidential force. Especially upsetting is the fact that the stealing of the key can remain unrevealed for indefinitely long time.
  3. The technology of timestamping is essentially based on trust. And the work of people, who are trusted, can not be verified (in the frame of this technology). Such an ideology can be capable (at the best) for protection of rights of the “regular people”. But the problem of dating can sometimes concern interests of whole corporations or states. In such a situation the technology based on unverifiable trust turns out invalid in principle. In contrast, wikiright suggests that depositaries from time to time will certify their databases to each other (and also allow to download and save their databases to an indefinite circle of people). In the conditions of the multipolar world no center of force (government) will be able to independently falsify any dating without compromise of the depositary under its control. “Authority” of a concrete depositary will be established not by the “authority” of the government, that controls it, but just by the time of unstained work of the depositary.