Monday, May 16, 2016

Does this leak information?

Here are four fictional stories though inspired by real world events or TV shows (I forget which is which). My question is, was a confidence broken or was some information leaked that should not have been? I do not have answers.

Tenure: The candidate DOES find out the vote (e.g., 18 yes, 2 no) but DOES NOT find out who voted what. But what if the vote is 20 Yes 0 No. Then the candidate DOES know the vote. (Worse if it was 20 NO, 0 yes). I am sure this has been studied in crypto. Here is one solution: randomly flip one bit.


CLIENT: I have roughly X dollars counting all of my assets. Are you the right firm to handle my estate?


CLIENT: Do you always say that?

LAWYER: No. If you had log(X) money then we would recommend a cheaper firm since your estate would not need our complex services. And if you had X^{10} money then there are other firms that are more familiar with investments at that level.

CLIENT: So, for example, Mitt Romney is not a client.

LAWYER: That is correct.

Did the lawyer break a confidence by saying that Mitt Romney was NOT a client? Could CLIENT goto lots of law firms and play this game and eventually find out Mitt Romney's  lawyer?

Nobel Prize: If he committee leaks that the winner has been notified THAT he or she won, but not WHO it was, is that a breach?

Someone has confessed to a priest that he murdered someone (a staple of TV shows and movies). The wrong man is in jail, whose  name is Bob.

PRIEST TO COP: You have the wrong man.

COP: How do you know.

PRIEST: I can't say how I know, but I know.

COP: Oh, It must be that the guilty man confessed to you but you can't break the seal of the confession. I won't ask you to. But here is a question: Has Bob been to confession lately?

PRIEST: No! (and he seems relieved to have gotten the message through)

Did the Priest betray the killers confidence?

People in Crypto (and elsewhere) define information, Knowledge, Security, similar terms formally so they can have protocols and try to prove things. Are their defintinitions realistic? In the above scenario's, are the above cases breaches or not? Is that even a rigorous question?


  1. In all of your examples, the set of possible answers is reduced by the information. (For example, in the Nobel prize scenario, we could rule out any candidates we know to be out of contact, like on field work or vacationing in a remote spot.) Thus, all your examples leak information in an information-theoretic sense, as you gain a few bits about the answer.

    Also, a lawyer should never answer the direct question "Is X a client?", even in jest. (However, the earlier response constraining the client base by net worth leaks some information.)

  2. The priest leaked information. Now the police can get all camera footage from near the church from the time or the murder until they spoke with the priest and run facial recognition against all prior suspects and/or generate a list and then do a search for any connections between anyone on that list and the victim.

  3. Assuming that only law firms who aren't familiar with dealing with estates the size of Romney's answer the question, and there's more than one law firm familiar with dealing with estates that large, you can reduce the set of law firms which have Romney as a client, but you cannot deduce it.

    If every law firm truthfully answers the question whether Romney is a client then of course you can by asking all law firms (and you still can if the law firm which has Romney as a client refuses to answer the question, but all other law firms deny he is their client).

    But in either case, it requires that 1) all the law firms answer truthfully, and 2) you actually believe the answers.

    In the Nobel prize case, perhaps, in a theoretical sense, some information may be leaked. But I doubt it's useful information in practice. Andrew mentions a few scenario's, but I don't think they're valid, as we don't know *when* the winner was informed. It's hard to imagine that in the current world someone is unreachable for weeks at a time.

  4. The first example (Tenure), it is a kind of Differential privacy. The output should be indistinguishable for neighbour "databases". The problem here is that there are neighbour databases that lead to different outputs (professor gets a tenure or not).

  5. Hi Lance, I appreciate the questions. Something that gets me in them, though, is that it all assumes that secrets can exist, or in other words, that information can be hidden.

    Let's say that's not the case. Let's say that one day, we found out that nothing could be hidden. Is it ethical to pursue knowledge then? I mean, do you feel the end of man is to know? If so, then where is the ethical dilemma in pursuing or communicating the information in a world where secrets are possible?

    I mean, let's say you could read anyone and everyone's private thoughts or writings including those close to you. Is it wrong to keep this ability to yourself? Does the fact that you can do this in the instance (A) that nobody knows you can do this or (B) everyone knows you can do it or (C) everyone knows you can do it and so can they (let's say at relatively the same time) change your answer?

    Is privacy real? Sure, we as humans feel the need to lie for whatever reason - this is an interesting trait. But is there any value in taking something on faith? Perhaps not in medicine, but what about personal relationships? If you could know everything about anyone any time you wanted without asking, and they could do the same with you, would there still be value in asking? If you asked would you validate?

    The best answer I can come up with is that taking things on faith is very important. My reasoning or proof: Does it feel better when you run your fingers through your own hair, or when your spouse does? Why?

    1. Secrets are Lies.
      Sharing is Caring.
      Privacy is Theft.