From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Sep 1996 08:22:04 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
In-Reply-To: <9609201825.AA18161@super.mhv.net>
Message-ID: <Pine.LNX.3.95.960920171802.1143A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 20 Sep 1996, Lynne L. Harrison wrote:

>    You can go to their web page (http://www.lexis-nexis.com), click "Just
> In" and request via email that your name be removed from their database by
> filling out the form.
>    Problem, of course, is that one doesn't know if one's name and info is in
> the database unless one is a subscriber and can look it up.  I, personally,
> do not feel comfortable in filling out a form with my personal info and
> sending it along - 1) for the obvious reasons; and 2) what if I'm not even
> in their nefarious database?  If not, then I've just entered my personal
> info and sent it on its merry way to whomever and wherever unnecessarily -
> whether by email, fax, or snail mail.

There is an easy technical solution to this: store a one-way hash of each entry
in a database field, so if one wants to be removed, all one has to do is send
the one-way hash of their personal information.  If there is a database entry
that matches the hash, then it is up to the database maintainer to remove the
entry.  If there isn't a matching entry, then no personal information will have
been given out.  I wonder how many "privacy conscious" database maintainers
will actually implement a scheme like this.

>    I tried just entering my name, email address, and state but, as
> anticipated, received a msg that ALL info has to be supplied, so I'll chk
> with someone I know that has an account to see if my name is there.
>    However, the BIGGEST problem I foresee with this database (and others
> like it) is that someone eventually is going to hack it - and then watch the
> fun and games ensue.

TRW credit databases have been broken into many times, and they have more
information then Lexis-Nexis (credit-card numbers minus the last four digits,
addresses, telephone numbers, and of course, credit histories).  Nothing
really devestating has happened because of these incidents.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkMMxSzIPc7jvyFpAQFoiggAusskPBsG0cvMXYcCmJaJR6Rlbcny+48C
byAs3Bg4E2aMHusyll2+t7GPX897VtVGm1iBaAKZFkfFcyQcHoq+aw+hqJseG/As
Yz3x6702e6y4qOfv+JpyCJk9c19ys4XSkHqsrJl3txFvakrBP4xfstWtDKk2P1EH
4aIDvEaStdabqhMQqayKqU09tLY6A++XZ5zbzK/ovVDQIgCW2cDsmtYTo8ZVktPq
PqTnaHVY7B3oj+XEl7sfS1qKew4KEJiClmlztA7Lk7Kn6Zo6TnBPKOICFHjlnOyy
+gitMH7yYuGVo95jcRzImyDMm6z2mjcHTVlmEnxK2k85PtR9El3ZuQ==
=zaz8
-----END PGP SIGNATURE-----