On Sun, 4 Jul 2004, Ed Reed wrote:

> I recently had the same trouble with the Centers for Disease Control
> (CDC) - who were calling around to followup on infant influenza
> innoculations given last fall.
> Ultimately, they wanted me to provide authorization to them to receive
> HIPPA protected patient records from my son's pediatrician, and I 
> couldn't figure out how to get them to definitively pursuade me that
> they were really the CDC, who I was willing to be so authorized.

I had the same question about the NSA when some friends were interviewing
there.  Apparently investigators will just show up at your house and want to
know all sorts of things about your friends, who you may or may not know to be
in the process of looking for work there.

As I understand it, the investigators don't even carry NSA badges; they're DSS
or private investigators.  I eventually found a phone number for the DSS, but
AFAICT there's no standard way of authenticating the agents when they show up.

Richard Bizarro had the same problem:

Someone pointed out that the NSA isn't as concerned about other people
(agencies, etc.) compromising your privacy as they are about making sure
/they/ know everything about their employees.

DSS: Sir, I need to ask you some questions about John Doe.

Me: Okay, err, where's that NSA public key... windows registry... you don't 
have a certificate, I take it?

DSS: Well, I have this badge here.

Me: Hm, sorry, no.  I don't suppose you know anything about zero-knowledge

DSS: ...

Me: Right.  Okay, look.  I'm going to randomly generate a 1024-bit -- no, 
better make that a 4096-bit integer.  We'll run it in blocks through SHA512, 
and then you can raise it to your private [mumbling].  Do you have a coin?  
On second thought, better use my own.  Lesse, <flip> heads...

DSS: I have this gun, too.

Me: So, what do you want to know?

This was also amusing:


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to