Robert Jueneman wrote: [snip]
> Will they be robust enough for 100+ years? > > I hope so, because I believe that certain Personally Identifiable > Information ought to be protected for the duration of a person's life, > and perhaps even longer in the case of genetic predisposition to certain > diseases that might be revealed through DNA testing. Going forward this may well not be long enough. What about birth defects that might be inheritable? Then, too, there is the situation that as genetic studies become more sophisticated, it is not only your own DNA code that need to be protected but that of your parents, grandparents and probably, as we live longer, even your great-great-grandparents. If we suppose that the data needs to be protected from birth until life closes, the current outlier lifespans are 105 to 110. Add to this the generational additions of about 25 years per additional generation and you could easily require 200+ years. The example that sticks in my mind is the study done on the genetic inheritance of an amenses trait in a few families done about 10-12 years ago. In that study they found that it was caused by a zinc loop. To find this out they studied 3, and in one case 4, generations of women. The oldest woman in the study, if I recall correctly was in her 90s and the youngest in her teens. The study took somewhat less than 6 months to complete. If genetic inheritance can be studied in depth and time with the relatively crude tools available then, think what the database implications are for the discovery of a "criminal" trait, something like Schokley's ideas about race, or the Nazi ideas about race "purity" with the tools still in development. While in the end wacky science is discarded it often takes many hundred of years. Look at the flat-earthers as but one example. We have seen time and again where rogue, or even sanctioned, governmental actions interfere with personal freedoms. We have also seen that even though they say such blatantly illegally collected data has been "destroyed," some of it resurfaces later in other's hands. It may be a wise move to estimate even longer time frames for protection and start the process for AES-2048 now. Best to all, Allen -- Allen, there is a trade-off between protecting information forever (best done by simply destroying the media) vs. the need for someone (perhaps one of your descendents or future historians) to be able to read the information. At the recent Data Protection Summit, someone mentioned that the LDS Church was seriously exploring methods for preserving genealogical records for 25,000 years! Other people are beginning to be concerned about providing non-repudiation for 40 to 50 years (for 40 year mortgages plus ten years). DC-3s are still flying in South America that were built in the '30's, and presumably their Airworthiness Certificates are still valid and intact. (Yeah, right!). And student loan records and Social Security information have a very long life, as do census records. At the Data Protection Summit I gave a talk entitled "The 21st Century - the End of Recorded History?" The thrust of that talk was two-fold - to underscore the need for very long term encryption, but also talked about the need for future historians to be able to access this data, which having to track down every key database on the planet. To solve this problem, I proposed the notion of "strong but brittle cryptography" - cryptography that would be designed to break very easily, at a defined time in the future, but be very robust until that time. This would involve say 100 institutions very interested in preserving historical records (museums, universities, religious institutions, newspapers, government archivists, etc.) coming together and generating a set of very strong ECC key pair, using K out of N secret sharing techniques, where the K shares needed to recover the key might be say 70. Those keys would be embedded in certificates with validity periods of 10, 20, 30, ... 100 years. Every ten years, the institutions would come together and reconstitute the key that was due to expire on that particular date, and then publish it to the world. Records intended to be kept secret until that date would be very secure, but after that date would be easily readable by anyone, with no cryptanalysis required. Bob _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
