>From: Ian G <[EMAIL PROTECTED]> >Sent: Jun 7, 2005 7:43 AM >To: John Kelsey <[EMAIL PROTECTED]> >Cc: Steve Furlong <[EMAIL PROTECTED]>, cryptography@metzdowd.com >Subject: Re: Papers about "Algorithm hiding" ?
[My comment was that better crypto would never have prevented the Choicepoint data leakage. --JMK] >Sure it would. The reason they are not using the tools is because >they are too hard to use. If the tools were so easy to use that it >was harder to not use them, then they'd be used. Consider Citigroup >posted today by Bob. They didn't encrypt the tapes because the tools >don't work easily enough for them. So, this argument might make sense for some small business, but Citigroup uses a *lot* of advanced technology in lots of areas, right? I agree crypto programs could be made simpler, but this is really not rocket science. Here's my guess: encrypting the data would have required that someone make a policy decision that the data be encrypted, and would have required some coordination with the credit agency that was receiving the tapes. After that, there would have been some implementation costs, but not all *that* many costs. Someone has to think through key management for the tapes, and that's potentially a pain, but it's not intractible. Is this really more complicated than, say, maintaining security on their publically accessible servers, or on their internal network? ... >The other way of looking at Choicepoint - change the incentives - is >a disaster. It will make for a compliance trap. Compliance *may* >protect the data or it may have completely the opposite effect, the >situation with 'unintended consequences' in such a case is likely to >be completely unpredictable. The only thing we can guarantee is that >costs will go up. Well, Choicepoint is a bit different, right? I mean, as I understand it the big disclosure happened because they sold peoples' data to criminals, but they were in the business of selling peoples' data. They just intended to sell it only to people of good intention, as far as I can tell. (Perhaps they should have demanded X.509 certificates from the businesses buying the data and checked the "evil" bit.) I just can't see how cryptography could have helped prevent that attack, other than by making the data that Choicepoint depends on harder to get in the first place. >It's much cheaper and much more secure to simply >improve the tools. But this does no good whatsoever if there's not some reason for the people holding the data to use those tools. Everyone with a network presence and any kind of high profile does, in fact, use moderately complicated computer security tools like routers, firewalls, VPNs, virus scanners, and spyware detectors. Everyone has to deal with keeping their boxes up to date on patches. However imperfectly, it seems like Citigroup and Choicepoint and the rest can actually do those things. So when you excuse their failures to secure customer data with "the tools aren't there," this sounds absolutely implausible to me. I'm not crazy about a HIPAA-style mandate for encryption and shredders either, but we have this basic problem: a. It's basically easy to buy or find some amount of data about many people. b. It's basically easy to use that amount of data to get credit in their name. I suspect a better solution than trying to regulate data brokers is to make it more expensive to give credit to Alice under Bob's name. The thing that imposes the cost on me isn't when someone finds my SSN, it's when someone takes out a bunch of loans which I'm then expected to pay back. Then it becomes my problem to resolve the disputes created by the lender's desire to extend credit at minimal cost. (The lender also loses money, of course. But much of the cost is shifted to the identity theft victim.) >iang --John Kelsey --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]