[ubuntu-uk] Distributed Backup Proposal

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Sat Jul 24 09:04:00 BST 2010 

On Sat, 2010-07-24 at 08:40 +0100, Dan Fish wrote:
> Hi
> 
> This is a call for help for a project that I've set up after a
> discussion on IRC. The general idea is this - we all have data we'd
> rather like to have backed up off-site, and a number of options exist -
> dropbox, amazon s3 etc. However, most of us have some storage to spare,
> so how about creating a peer to peer, multiple redundancy, off-site
> backup system? In effect, you, as a participant, would offer up a
> certain amount of your own storage and bandwidth (can be during off-peak
> times) and get a certain amount of off-site storage, with redundancy
> (think RAID) for free. 
> 
> Starting a project from scratch would be a tall order and certainly
> *way* beyond any skills I have. Luckily there have been a few attempts
> at this in the past (and there are a few closed source commercial
> implementations out there). I've started a wiki page starting to
> document some of the existing open source projects -
> https://wiki.ubuntu.com/UKTeam/Projects/DistributedBackup
> It would be great if anyone with some time/knowledge/curiosity could
> have a look at some of the existing projects on the page and give an
> opinion as for suitability. Feel free to add any projects that you are
> aware of or come across.

I like the concept, but I have a few questions that would need to be
addressed:

1) How would you ensure that my files cannot be copied or read by anyone
else on the network?

2) Who would be legally responsible for the files that are stored - the
person who uploaded them or the person who's computer they are stored
on?

3) How could I be sure that the materials being stored on my computer
are not something I object to?

The concerns above arise out of a lot of recent work I've done working
closely with Law Enforcement Agencies in the UK.  

The only way to really ensure (1) is to encrypt/decrypt everything using
a unique identifier for the person who uploaded the files to the network
(GPG/PGP springs to mind as a possibility).

The problem with encrypting everything is that if someone uploaded
illegal or malicious content to a network, that person could be done for
distributing the content, however it is entirely likely that unless a
legal agreement is in place that clarifies (2) the person who is storing
the files would be likely to be arrested and charged with possession.
In the case of Child Sexual Abuse Images, this would undoubtedly carry a
prison sentence and registration on the Sex Offenders Register for at
least 5 years.

Point (3) is a moral issue.  If I was against pornography for whatever
reason (and I'd like to point out here that this is the obvious "Daily
Mail" example, not necessarily my own view-point!), I'd want to know
that I was not storing any pornographic content on my computer - how
would I guarantee that the content on my computer was "acceptable" to
me?

Please understand that I'm not trying to piddle on your fireworks here,
I'm just making sure that relevant issues are discussed - especially in
the litigious American-Style legal system that we appear to be heading
for in the UK!

Kind regards,

Matt

More information about the ubuntu-uk mailing list