David Wagner wrote: > > It seems to me that a much more privacy-friendly solution would be > to simply refrain from asking for sensitive personal information like > SSN and date of birth -- name and a random unique identifier printed > on the application form ought to suffice. (If SSN is later needed > for financial aid purposes, it could be requested after the student > decides to matriculate.) > > Am I missing anything?
I think the problem is a lot harder than that. Let me clarify by telling a story: Once upon a time, Hansel designed an online-forms system that collected credit-card info, encrypted it using PGP, and mailed it to Goldylocks (the secretary) with a backup copy going to Tweedledee. Despite the fact that Hansel had installed PGP on her computer and indoctrinated her on how to use it, Goldylocks was unable to decrypt the info. So at her request, Tweedledee decrypted it -- a whole conference's worth of registrations -- and sent it to her in the clear. In a clear violation of Murphy's law, no harm came of this, but otherwise it was a worst-case use of cryptology: just secure enough to be a nuisance to the authorized users, but in the long run providing no real protection for the card- holders. The sad fact is that most people on this planet cannot get PGP to work in a way that suits them. The future of security depends at least as much on user-interface research as it does on mathematical cryptology research. Oh, BTW, a preprinted number on the admissions form doesn't really do the trick. Forms are printed on printing presses, in batches of several thousand, all alike. After they are mailed out, the guidance counselor at Podunk South High School will make copies as needed. A web-based approach won't work unless you are making computer-savviness an entrance requirement. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
