Papers about "Algorithm hiding" ?

[John Kelsey]

>From: Ian G <iang at systemics.com>
>Sent: Jun 7, 2005 7:43 AM
>To: John Kelsey <kelsey.j at ix.netcom.com>
>Cc: Steve Furlong <demonfighter at gmail.com>, cryptography at metzdowd.com
>Subject: Re: Papers about "Algorithm hiding" ?

[My comment was that better crypto would never have prevented the
Choicepoint data leakage. --JMK]

>Sure it would.  The reason they are not using the tools is because
>they are too hard to use.  If the tools were so easy to use that it
>was harder to not use them, then they'd be used.  Consider Citigroup
>posted today by Bob.  They didn't encrypt the tapes because the tools
>don't work easily enough for them.

So, this argument might make sense for some small business, but
Citigroup uses a *lot* of advanced technology in lots of areas, right?
I agree crypto programs could be made simpler, but this is really not
rocket science.  Here's my guess: encrypting the data would have
required that someone make a policy decision that the data be
encrypted, and would have required some coordination with the credit
agency that was receiving the tapes.  After that, there would have
been some implementation costs, but not all *that* many costs.
Someone has to think through key management for the tapes, and
that's potentially a pain, but it's not intractible.  Is this really
more complicated than, say, maintaining security on their publically
accessible servers, or on their internal network?  

... 

>The other way of looking at Choicepoint - change the incentives - is
>a disaster.  It will make for a compliance trap.  Compliance *may*
>protect the data or it may have completely the opposite effect, the
>situation with 'unintended consequences' in such a case is likely to
>be completely unpredictable.  The only thing we can guarantee is that
>costs will go up.

Well, Choicepoint is a bit different, right?  I mean, as I understand
it the big disclosure happened because they sold peoples' data to
criminals, but they were in the business of selling peoples' data.
They just intended to sell it only to people of good intention, as far
as I can tell.  (Perhaps they should have demanded X.509 certificates
from the businesses buying the data and checked the "evil" bit.)  I
just can't see how cryptography could have helped prevent that attack,
other than by making the data that Choicepoint depends on harder to
get in the first place.

>It's much cheaper and much more secure to simply
>improve the tools.

But this does no good whatsoever if there's not some reason for the
people holding the data to use those tools.  Everyone with a network
presence and any kind of high profile does, in fact, use moderately
complicated computer security tools like routers, firewalls, VPNs,
virus scanners, and spyware detectors.  Everyone has to deal with
keeping their boxes up to date on patches.  However imperfectly, it
seems like Citigroup and Choicepoint and the rest can actually do
those things.  So when you excuse their failures to secure customer
data with "the tools aren't there," this sounds absolutely implausible
to me.  

I'm not crazy about a HIPAA-style mandate for encryption and shredders
either, but we have this basic problem:

a.  It's basically easy to buy or find some amount of data about many
people.

b.  It's basically easy to use that amount of data to get credit in
their name.

I suspect a better solution than trying to regulate data brokers is to
make it more expensive to give credit to Alice under Bob's name.  The
thing that imposes the cost on me isn't when someone finds my SSN,
it's when someone takes out a bunch of loans which I'm then expected
to pay back.  Then it becomes my problem to resolve the disputes
created by the lender's desire to extend credit at minimal cost.  (The
lender also loses money, of course.  But much of the cost is shifted
to the identity theft victim.)  

>iang

--John Kelsey

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com