[17454] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jun 13 14:48:41 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 10 Jun 2005 18:24:31 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: astiglic@okiok.com
Cc: Adam Shostack <adam@homeport.org>,
	Ken Buchanan <k.buchanan@kastenchase.com>, cryptography@metzdowd.com
In-Reply-To: <19160.207.236.193.195.1118423505.squirrel@mail.okiok.com>

astiglic@okiok.com wrote:
> "Ben Laurie wrote"
> 
>>astiglic@okiok.com wrote:
>>
>>>Example:
>>>   Cash_Ur_check is in the business of cashing checks.  To cash a check,
>>>they ask you for "sensitive information" like SIN, bank account number,
>>>drivers licence number, etc.   They use the information to query
>>>Equifax or the like to see if the person has a good credit rating, if
>>>the rating is o.k. they cash the check.  They keep all the information
>>>in the database, because if the client comes back 2 months later, they
>>>will send the same query to Equifax to see if the credit rating hasn't
>>>changed.
>>>These sensitive information are "indexes" to external databases (but
>>>Cash_Ur_check doesn't directly connect to these other databases).
>>>Cash_Ur_check doesn't need to use these data as indexes.  Cash_Ur_check
>>>can use first/middle/last name of person as an index, or attribute some
>>>random number to the person, or something else, they should not use the
>>>SIN to identify a person.  They should not do searches on SIN to find a
>>>person given his SIN.
>>
>>Sure, but Equifax should.
> 
> 
> No, they shouldn't!  If you think they should, you are missinformed.  At
> least in Canada, the Privacy Act protects the SIN, Equifax cannot demand
> it.

I am just reading what you've written: "To cash a check, they ask you 
for "sensitive information" like SIN, bank account number, drivers 
licence number, etc.   They use the information to query Equifax or the 
like"

-- 
 >>>ApacheCon Europe<<<                   http://www.apachecon.com/

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post