Translucent Databases

[John S. Denker]

David Wagner wrote:
>
> It seems to me that a much more privacy-friendly solution would be
> to simply refrain from asking for sensitive personal information like
> SSN and date of birth -- name and a random unique identifier printed
> on the application form ought to suffice.  (If SSN is later needed
> for financial aid purposes, it could be requested after the student
> decides to matriculate.)
> 
> Am I missing anything?

I think the problem is a lot harder than that.

Let me clarify by telling a story:  Once upon a time, Hansel
designed an online-forms system that collected credit-card
info, encrypted it using PGP, and mailed it to Goldylocks
(the secretary) with a backup copy going to Tweedledee.
Despite the fact that Hansel had installed PGP on her
computer and indoctrinated her on how to use it, Goldylocks
was unable to decrypt the info.  So at her request, Tweedledee
decrypted it -- a whole conference's worth of registrations --
and sent it to her in the clear.

In a clear violation of Murphy's law, no harm came of this,
but otherwise it was a worst-case use of cryptology:  just
secure enough to be a nuisance to the authorized users, but
in the long run providing no real protection for the card-
holders.

The sad fact is that most people on this planet cannot get
PGP to work in a way that suits them.  The future of security
depends at least as much on user-interface research as it does
on mathematical cryptology research.

Oh, BTW, a preprinted number on the admissions form doesn't
really do the trick.  Forms are printed on printing presses,
in batches of several thousand, all alike.  After they are
mailed out, the guidance counselor at Podunk South High School
will make copies as needed.  A web-based approach won't work
unless you are making computer-savviness an entrance requirement.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com