I remember wondering this for the MPs expenses stuff - them objecting to
the publication of addresses meaning that you wouldn't have been able to
spot flipping.
Thoughts:
a) Not sure how you'd explain hashing and salting to someone.
b) With only a few tens of millions of addresses, even with a salt, it
could be trivial to brute-force someone's address hash. You'd have to
estimate the current and future cost of the resources involved.
Tim
On 15/01/2011 01:29, 'Dragon' Dave McKee wrote:
(I know this is pie-in-the-sky thinking but...)
The issue with the personally identifying information is that... well,
it identifies a person.
However, we don't necessarily want to identify that person, just
confirm that record A and record B refer to the same person.
Couldn't we take a hash (with appropriate salt etc) of the personally
identifying information to permit these comparisons, without providing
actual identifying information?
Addresses can be normalised to whatever Royal Mail believes it should be.
Names are harder, and more mutable - surname changes mess up most
systems - but could potentially have different hashes (surname /
surname + forename / surname + all names) to allow for partial
matches. (We could salt it with further information - perhaps address?
- to avoid 'SMITH' being the encoding for the most common surname
hash.)
There could even be a system to convert hashes from one system to
hashes in another system, but not necessarily vice-versa.
This doesn't necessarily solve the underlying problem, but might go
some way to finding middle ground.
_______________________________________________
developers-public mailing list
[email protected]
https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public
Unsubscribe:
https://secure.mysociety.org/admin/lists/mailman/options/developers-public/timothy.green%40gmail.com
_______________________________________________
developers-public mailing list
[email protected]
https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public
Unsubscribe:
https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
