Proving something existed (like code) at a set time.

views:

142

answers:

+2 Q:

Proving something existed (like code) at a set time.

It's easy to prove you created some code after a certain date. Generate a bunch of cryptographic hashes of the binary data of your item with a text appending "Created on x/y/z". You could then use these crypto hashes in a court of law presumably as the probability of them being wrong would be astronomical and since will be going to win an expensive expert wouldn't be a problem to assert this is true.

In the end I chose simply to take several hashes of the data and publish them in a publicly archived paper.

Snail mail a copy to yourself (and don't open it). The postmark proves the date.

cthom06 2010-06-25 15:29:33

Works for just about anything else, too.

Wayne Werner 2010-06-25 15:35:48

Just snail mail the bunch of hashes. There is no need to append the date also.

hoang 2010-06-25 15:35:57

Not for copyright purposes though. See the US Copyright Office's stance on poor man's copyright.http://www.copyright.gov/help/faq/faq-general.html#what

David 2010-06-25 15:36:42

While this used to work, last I heard it was not a good way to prove prior art or protect date of innovation.

Alex Feinman 2010-06-25 17:24:22

+1 A:

How about using news articles? It's just text.

Mau 2010-06-25 15:30:49

+3 A:

Some way of getting it stored in public archives, like putting a classified ad in a newspaper, should do.

moonshadow 2010-06-25 15:32:33

This is a great idea. I will simply publish a cryptographic hash (or 2) in the classifieds.

2010-06-25 15:38:23

The hard part is finding a newspaper that still exists

bta 2010-06-25 17:28:14

+2 A:

If notarizing it would solve your problem, hire a notary, or get someone in your office to be certified as a notary.

MJB 2010-06-25 15:33:27

+1 A:

Document, document, document.

Make sure you keep backups from each day you work on your project. When necessary, send some of it through USPS. It's an old effective legal trick: You send your information to yourself through the mail, they date stamp it, you receive it, and you leave it alone- put it somewhere safe. Since the mail is government regulated, you can use it in a legal trial as evidence, should you have your work plagiarized.

Justian Meyer 2010-06-25 15:34:55

Heard about this one a lot of times but judges don't like it I've heard too - it's possible to open documents and reseal them without evidence you did so.

2010-06-25 15:39:19

It is also possible to send documents through the mail WITHOUT EVER CLOSING THE ENVELOPE. Then you can put whatever you want inside, whenever you want. I would hope the "mail it to yourself" method would not hold up in court, as it is too easy to circumvent.

MJB 2010-06-25 15:52:24

Signed and dated journals, witnessed by 2-3 other people, have stood up well in court.

Alex Feinman 2010-06-25 17:25:08

Maybe consider uploading your daily zips to trusted, commercial repositories. The more locations, the merrier.

Justian Meyer 2010-06-28 15:17:53

Indeed, both of those approaches asserts that your data existed after some date-verifiable event. What you need is something to assert that your data existed BEFORE some date-verifiable event.

When you get something notarized the assertion lies solely in that the notary is trusted not to lie about the date it was signed.

Any other method in which you can assert that your data existed before the method was applied will work. Often people suggest mailing items to yourself and leaving the envelope unsealed as a cheap alternative, but that only works in the assumption you cant steam an envelope open to replace the contents, and it only works once.

I've been toying around with the idea of crowd-sourcing the assertions, but I am far from actually implementing it. The main protocol involves everyone building up a massive acyclic directional graph, similar to git. If you can assert ownership over your nodes in the graph (say via GPG signature), then you can also assert that all of the parent nodes existed before yours did. If you need to assert the validity of the timestamp on one of your nodes you turn to whomever is geographically local who is further down the chain.

Mike Boers 2010-06-25 15:40:11

+5 A:

You could use Trusted timestamping, which is related to digitally signing your document.

In order for the trusted timestamp to be legally valid, the timestamp needs to be signed by a trusted third party (which is pretty much the same as to get it notarized). However, it is not that expensive. Commercial services like this offer trusted timestampig for a price of a few tens of cents per file. As a free alternative, there is the PGP Digital Timestamping Service.

PauliL 2010-06-25 16:21:30

Edited to fix spelling of trusted.

Lawrence Johnston 2010-06-25 16:24:51

Surely major version control system vendors (Team Foundation Server, ClearCase, Subversion, ...) have thought of this problem, I mean...that's all about what they do. If none of the big players cover legal validation of version timestamps yet, I see a big opportunity for somebody...

Ogre Psalm33 2010-06-25 17:13:18

Don't call me Shirley

bta 2010-06-25 17:27:05

Host your code in a version control repository that is hosted by an impartial third party (or have your local repo mirror itself to a third-party service). If there is any question about what existed when, you can use the hosting company's logs and/or historical backups of your repo to reveal the true timeline.

bta 2010-06-25 17:26:41

ansaurus

tags:

views:

answers:

Proving something existed (like code) at a set time.

related questions