FWIW, while the goal of the cypherpunks in helping to promote secure private communications by making encryption publicly available on a worldwide scale, definitely helps socially backward countries which have dictators (communist or otherwise), it misses its mark somewhat in the USA. Personally, I think that in the USA, this is treating the symptom, but not the disease. Probably the easiest way of ensuring that personal information isn't wantonly distributed by credit agencies or (anyone else) is to update our Privacy Act - which is ridiculously out-of-date and badly in need of being re-written. It is also hampered by its apparent lack of teeth. My personal recommendation would be a law like Germany's BDSG. The BDSG (BundesDatenSchutzGesetz which translates to: Federal Information/Data Protection Law (aka Privacy Act). Even better would be a law like the one in Austria (which I understand has the world's strictest privacy act. (Hooray for the Austrians). 8^) If the Privacy Act were rewritten to be as strict as the BDSG, businesses would have a (mandatory) legal requirement to: o Ensure that personal data is stored properly (by encrypting it, etc) o Ensure that personal data is not distributed o Ensure that databases are *not* being maintained which describe the characteristics of individuals (buying habits, income, property ownership, etc) wantonly propagated by marketing (direct mail, telemarketing, etc) companies. (Note that credit bureaus still have a function, but they would be (forced to be) responsible for ensuring that compliance with the Privacy Act would be maintained. This could result in better safeguards being implemented by the credit bureaus.) resulting in the following by-products: o the promotion of the use & implementation of encryption - including the possibility of ITAR being reduced or eliminated for the export of encryption products o reduced propagation of personal information o reduced amount of junk mail that winds its way to our mailboxes each day 8^) o reduced amounts of tele-marketing 8^) If pressure were brought to bear on the law-makers to rewrite the Privacy Act to give it qualities like the BDSG, etc, then this would significantly help achieve the cypherpunks' goal of promoting secure private communications. (I realize this isn't the only goal of the c'punks, but its a start). As the changes would be made within "the system" as opposed to outside of it, there would be virtually no hassle from the government. IOW, changing the Privacy Act will probably solve a variety of problems while achieving the c'punks goal of secure personal communications. Food for thought. Best Regards, Frank <standard disclaimer> The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Management & Information Security Consulting Phone: (317) 573-0800 - http://www.fortified.com/fortified Home of the Free Internet Firewall Evaluation Checklist