This site describes the basic workings of a medical marijuana ID card system based upon public key cryptography. This document is pretty rudimentary, though the idea is well-founded. I am putting it up in rough draft form because numerous people in Washington state have indicated a desire for, or are moving forward with, a plan for medical marijuana cards in this state. I support such a system, but want it to be as secure as possible. The only way I see to guarantee such security is through mathematics.
Background on Washington State
Washington State law provides for no medical marijuana ID card system. Individual patient co-ops, which are not technically legal in this state, validate patient documentation and often issue their own membership cards. These cards generally work only at that one co-op; a patient can not use a card from Co-Op A to obtain medicine from Co-Op B.
I see patient validation and the maintenance of a medical marijuana ID card system as a service that can be better performed by an organization focused on that as part it's core functionality. It could be self-funding through membership fees and provide ancillary services and activism with little fear of police reprisal, as the whole thing should be legal in any locale.
The system should be as open and secure as possible. This idea relies on OpenPGP. OpenPGP is an open standard, defined in RFC 2440.
Basics of public key cryptography
For a more in depth article on public key cryptography, see Wikipedia. Back in Caesar's day, if the emperor wanted to send a secure message to a general, he'd encrypt the message using a simple method whereby each letter would be increased by a certain amount: HELLO would become IFMMP if the letters were increased by one. Two messages would be sent, one with the encoded message and one with the encryption key -- the number of characters by which the message is offset. With that number -- the cipher -- the reader could easily change IFMMP back into the original HELLO. This is called "shared key" cryptography and has obvious limitations. One must transfer the decryption key to the end reader, and at any point between the key may be stolen by the enemy.
In the 1970's, brilliant mathematicians devised a way around this problem. Public key cryptography uses two keys: a "public" key and a "private" key, which are related mathematically. A user distributes their public key widely, and that public key may be used to encrypt messages that only the associated private key may decrypt. A complete explanation of how this works would not help those who need the basics, so I won't get into it. Suffice it to say it relies on very large prime numbers for which their is no known technique to easily factor.
On top of encryption, public key cryptography can also be used for "digital signatures." Alice may "sign" Bob's public key, which adds a string of mathematically computed numbers to Bob's public key. Now, along comes Carol. She does not know Bob, but she knows and trusts Alice. Carol sees that Alice has signed Bob's public key. Since she trusts Alice to have done her due diligence in verifying identities, Carol trusts that Bob is indeed Bob. This "digital signature" functionality is the heart of my idea.
Purpose
The main purpose of this system is to provide infrastructure for medical marijuana patients, their service providers and law enforcement. Patient cooperatives, patient-only grow stores and other service providers can provide these services to validated patients without passing any personal medical information.
Police may use the system to validate patients on-the-spot, which could potentially reduce the number of patient arrests under our "affirmative defense" law, which allows a patient to raise the medical marijuana defense at trial, but does not protect a patient from arrest. However, police are not the main audience, and we can not, without legislative change, require the police to respect this card. But unnofficial use of this service by police is an ancillary goal.
The idea
The system involves three parties: a registry, a patient, and a service provider. A non-profit organization, Registry M, decides to make this part of their core functionality. Registry M creates a public/private OpenPGP key pair.
A medical marijuana patient, Patient C, creates their own public/private key pair. Patient C sends their application to Registry M. This application includes a medical release form and the patient's public key. Registry M sends the release form to Patient C's medical provider to obtain a copy of their medical marijuana recommendation. After receiving the patient recommendation, Registry M cryptographically signs Patient C's public key for a year (or less, depending on the expiration of the recommendation). Registry M returns the signed public key to Patient C.
Co-Op A, a service provider, has a copy of Registry M's public key. When Patient C visits Co-Op A, Co-Op A looks at their public key and verifies that it was signed by Registry M. Assuming Co-Op A trusts Registry M, Co-Op A will allow Patient C to obtain medicine, perhaps requiring a state-issued ID to verify they are the patient on the mmj ID card.
This is the basic functionality of the system. It is the same thing your web browser does automatically when you visit a secure shopping site. MMJ providers no longer are required to do patient validation, saving time and money. Smaller co-ops without resources to thoroughly validate patients can also rely on this system to ensure they interact only with patients.
I envision this system primarily using OpenPGP smart cards, but any standards-compliant method should work. A patient key can be stored in any number of ways -- on a smart card, on a usb key, printed on paper, written in ink, converted to a barcode, etc.
Please let me know if you see any flaws in this system as I've currently explained it. I can be reached at ben at hemp.net.
Links