Skip to content

Latest commit

 

History

History
34 lines (19 loc) · 3.85 KB

README.md

File metadata and controls

34 lines (19 loc) · 3.85 KB

PEBC

Privacy-Enhanced Background Checks

This repository contains a proof of concept system for performing background checks for firearm purchases in such a way that preserves the privacy of the parties involved via the use of tried and true cryptographic systems, specifically RSA-based encryption and certificate signing via a certificate authority. It is a proposed alternative to "Universal Background Checks", addressing the core concerns of both sides of the argument.

Disclaimer: The majority of this project was written over a single weekend. It is intended as a technological demonstration only, and is not functional as an actual background check system, tho the same cryptographic concepts that it demonstrates could easily be applied in an actual implementation.

Technical Details:

The main page is a simple web form, which requests similar information as is on the ATF Form 4473. Fields can be added or removed trivially, and for the sake of clarity the form has been trimmed substantially. Upon hitting "submit", the first thing that is done is to separate the buyer information, which is required to actually perform the background check, from all other information from the transaction (seller details, firearm type, serial number, etc).

Within the browser, an RSA keypair is generated. The keypair is used to encrypt all information not pertaining to the buyer. The still unencrypted buyer information and the newly encrypted seller and firearm information are then put into a Certificate Signing Request, or CSR. This is normally what you send to Verisign or Norton to receive a trusted certificate for securing your website. Then ONLY the CSR (not the keypair) is sent to the server.

The server uses the buyer's information to perform whatever background checks are required by law. If they all pass, it then signs the CSR with a Certificate Authority it manages and returns a signed certificate back to the browser. No passed check, no certificate. Assming the check passes and the certificate is signed and returned, the browser then downloads the certificate, and saves the private key from the keypair to the seller's hard disk, which they are then required to hold onto, as a sort of "receipt" of their purchase.

For a more thorough walkthrough of each step, and of the implications of each component of this system in preserving privacy which still accomplishing the goals of a background check system, please see the implementation markdown file.

Proposed Legislative Changes:

Software is only half the solution. For the concept behind this project to work, there would need to be changes and additions to current legislation. The gist of the proposed changes in policy is to not actually make the checks mandatory (which would be all but unenforceable), but instead to increase the penalties sharply for opting out of a check if the weapon transferred or sold is later used in the commission of a crime. This change, along with making the system openly available to the public will strongly incentivize sellers of firearms to conduct the checks for all sales, while still allowing them to give a firearm to a family member or close friend that they trust without unnecessary friction.

Software Requirements:
  • Golang >= 1.4
  • Google Chrome (Other browsers untested)

#####Building and Running: Once your go environment is set up, you can get this repository by running the command go get github.com/twrobel3/PEBC.

To build, navigate to the project's location under your GOPATH, and run go build. This creates an executable called PEBC. Run this executable in the code directory with ./PEBC.

Alternatively, to build and run simultaneously, you can run go run server.go

Once the server is running, you should be able to access it at http://localhost:3000.