> Secret sharing refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine their 'shares', the secret may be reconstructed.^1
I imagine a system where users upload a 'share' of each file to a number of servers located in different countries. The user can then download the minimum number of shares whenever they want to view a file.
Secret sharing schemes guarantee that zero information can be extracted from any single share. If a server in a country does not, in isolation, contain any intelligible regulated information, how would laws on regulated information apply?
1. https://wikipedia.org/wiki/Secret_sharing
A 2-of-3 secret sharing scheme can guarantee that a breach of any single server would not result in any information being revealed, and the destruction of any single server would not result in any information loss.
A more costly 6-of-8 scheme can guarantee that 5 servers can be breached without information revealed and 2 servers can be destroyed without information loss.
The more servers the data is spread between, the greater the guarantees of privacy and redundancy become.
Space usage is similar but worse than error correcting codes. 10 1TB shares can store 7TB of secrets while tolerating two failures. 10 1TB drives in RAID can store 7TB of data while tolerating 3 failures.
Latency is not multiplied but you get the worse case more often.
Previous discussions: https://news.ycombinator.com/item?id=24917679
The thought experiment you really need to think about is "What legal jeopardy could I face if I held an encrypted copy of an illegal file, but the only copy of the key was held by my friend in a non-extradition country?". Lawyers would probably say "It depends", but I'm guessing that a judge would interpret that situation as if you had 99% of an illegal file, and then they would round it up to 100%, especially if the prosecution could show that you had knowledge of (and/or intent to possess) what the (pre-encryption) contents of the file were.
A better thought experiment, though, would be "What would happen if large numbers of strangers were all using a protocol which allowed fixed size blocks of random-looking data to be hosted on each other's behalf?". Someone using this system might take a pre-existing random block (call it "P") and XOR it with an illegal file ("Q", padded to the right length), then upload the resulting block ("R"). They could then communicate out-of-band to someone that they only need to download P and R to recreate Q. However, if someone else found this property of (the seemingly random data in) P and R, the creator of R could claim that someone must have downloaded their R and generated P from it using Q (since XOR is reversible like that), which the accused could claim to have no knowledge of.
An idea similar to this, using XOR, was actually implemented and was called the Owner-Free File System[0]. I can't vouch for how effective it was at any of its goals, and I don't endorse it, but it's a useful way to think about things like plausible deniability. Also, to pre-empt the objection that just running such a "block sharing/hosting" application would itself be evidence of malicious intent, it's worth considering the liability of Tor nodes (especially exit nodes) and people running BitTorrent clients that make their computer contribute towards the operation of a distributed hash table.[1]