encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

astiglic at okiok.com astiglic at okiok.com
Fri Jun 10 13:11:45 EDT 2005


"Ben Laurie wrote"
> astiglic at okiok.com wrote:
>> Example:
>>    Cash_Ur_check is in the business of cashing checks.  To cash a check,
>> they ask you for "sensitive information" like SIN, bank account number,
>> drivers licence number, etc.   They use the information to query
>> Equifax or the like to see if the person has a good credit rating, if
>> the rating is o.k. they cash the check.  They keep all the information
>> in the database, because if the client comes back 2 months later, they
>> will send the same query to Equifax to see if the credit rating hasn't
>> changed.
>> These sensitive information are "indexes" to external databases (but
>> Cash_Ur_check doesn't directly connect to these other databases).
>> Cash_Ur_check doesn't need to use these data as indexes.  Cash_Ur_check
>> can use first/middle/last name of person as an index, or attribute some
>> random number to the person, or something else, they should not use the
>> SIN to identify a person.  They should not do searches on SIN to find a
>> person given his SIN.
>
> Sure, but Equifax should.

No, they shouldn't!  If you think they should, you are missinformed.  At
least in Canada, the Privacy Act protects the SIN, Equifax cannot demand
it.
See for example
http://www.privcom.gc.ca/fs-fi/02_05_d_02_e.asp
and
http://www.guardmycreditfile.org/index.php/content/view/244/139/
which says the following:
"Even credit reporting companies can’t demand a SIN to generate a credit
report. Trans Union Canada and Equifax Canada both have the ability to
generate such reports without a SIN. If you ask these same companies to
generate a credit report in the United States, they both require a Social
Security Number."

And if Equifax Canada can generate reports without a SIN, I don't see why
Equifax in any other country couldn't.  Of course, they like to have the
SIN, since it makes things more convenient, but they don't really need it!
 That is the problem in most cases.

--Anton




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list