[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANYONES CREDIT CARD # per your request.


On Fri, 20 Sep 1996, Lynne L. Harrison wrote:

>    You can go to their web page (http://www.lexis-nexis.com), click "Just
> In" and request via email that your name be removed from their database by
> filling out the form.
>    Problem, of course, is that one doesn't know if one's name and info is in
> the database unless one is a subscriber and can look it up.  I, personally,
> do not feel comfortable in filling out a form with my personal info and
> sending it along - 1) for the obvious reasons; and 2) what if I'm not even
> in their nefarious database?  If not, then I've just entered my personal
> info and sent it on its merry way to whomever and wherever unnecessarily -
> whether by email, fax, or snail mail.

There is an easy technical solution to this: store a one-way hash of each entry
in a database field, so if one wants to be removed, all one has to do is send
the one-way hash of their personal information.  If there is a database entry
that matches the hash, then it is up to the database maintainer to remove the
entry.  If there isn't a matching entry, then no personal information will have
been given out.  I wonder how many "privacy conscious" database maintainers
will actually implement a scheme like this.

>    I tried just entering my name, email address, and state but, as
> anticipated, received a msg that ALL info has to be supplied, so I'll chk
> with someone I know that has an account to see if my name is there.
>    However, the BIGGEST problem I foresee with this database (and others
> like it) is that someone eventually is going to hack it - and then watch the
> fun and games ensue.

TRW credit databases have been broken into many times, and they have more
information then Lexis-Nexis (credit-card numbers minus the last four digits,
addresses, telephone numbers, and of course, credit histories).  Nothing
really devestating has happened because of these incidents.

- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348

Version: 2.6.3
Charset: noconv