From: GERSTEIN <GERSTEIN@SCSUD.CTSTATEU.EDU>
Date: Wed, 9 Mar 94 12:20:26 PST
To: cypherpunks@toad.com
Subject: RE: keeping secrets from myself
Message-ID: <940309151935.202248e2@SCSUD.CTSTATEU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 8-MAR-1994, Cortland D. Starrett (cort@ecn.perdue.edu) said...
==========
Here is a practical problem that has me frustrated....

Situation:
Assume that I am the treasurer at my local church.  This implies responsibility 
to record each Sunday's offering (the money collected) in the church financial 
books.  An account is maintained for each member of the church.  Money received 
from members each Sunday is credited to their respective accounts. Each 
January, a report is prepared for each parishioner showing a summary of the 
charitable contributions for the previous year. This information is used for 
tax purposes.

Currently, the treasurer knows EVERYTHING about EVERYONE (regarding charitable 
giving).  As a privacy advocate, this is indeed uncomfortable (for giver and 
treasurer).

Problem:
I want to know as little as possible about church member giving.

Give and Take:
It will be difficult/impossible to prevent the treasurer from seeing each 
weeks' checks.  However, a privacy improvement may be achieved if the running 
totals are kept hidden.

How can I provide a comprehensive year-end statement to each parishioner while 
maintaining maximum privacy?

Does cryptography have anything to offer to this situation?

What procedures/protocols could be implemented?

What privacy enhancements could be included with the church
accounting software?

Cort.
===========

	I would think that the easiest way to take care of this would be to 
assign each member a randomly generated id (probably alphanumeric, and you can 
keep it around 6 characters), and then just use that number from then on. When 
a new member joins, create a new id and once they have a copy of it, put the id 
in a file that is stored out of your hands (but accessable if need be) in case 
you need to add someone else or if someone forgets their id.
	I know that this isn't as secure as some of the other methods 
suggested, but this (the method above) would seem to make the most sense simply 
because once it's started, there's not that much upkeep:
	1- Member gets an id.
	2- Member makes a deposit using just their id and only looking at the 
check amounts. For this, you would have to trust yourself or get some envelopes 
that only show the amount through a window. When you are done doing all the 
checks on the computer, dump them all into a bag or something and then start 
endorsing them.
	3- At the end of the year, all you have to do is print a list of the 
id's and how much they have in their "account".
	At no time does anyone but the member know their id (unless they happen 
to share with someone, and it's up to them).
	As treasurer, you only know the account numbers. If you really didn't 
want to take the chance that you might learn some of the numbers (doubtful, as 
there would probably be 100's [maybe 1000's] of members), you could get someone 
else in the church (that you trust) to assign the id's and just have them let 
you know the new id's as they come along.

	Just my 0.02 worth.

Adam Gerstein
-=-=-=-=-=-=-=-=-
Have _you_ said no to Clipper yet?

To sign on to the letter, send a message to:
	Clipper.petition@cpsr.org

with the message "I oppose Clipper" (no quotes)
You will receive a return message confirming your vote.