My main concern regarding access to this information rests in the fact that this database has always been available to anyone who understood how to get it and use it. Recently I received a letter from some credit card company offering to provide me with my credit report, social security history, and insurance related records on a regular basis (for a fee of course). How about my police, fbi, school, and dating records while we're at it. How much is already available only to those that know the ropes. Well today AP ran another story about the reaction surrounding Aaron's actions. Nice picture of the back of Aaron's head. They didn't print is lisense plate number either. ObCypherpunks: How many people do you know that are working on a day to day basis with medical records systems, the District Attorney's computers, your doctor's computers, state Department of Health, and so on. I'm sure it's come up before but isn't this an obvious of application of encryption and PAK (Public Access to Keys)? Any legislation currently to _require_ that medical records and such be encrypted with access restricted. Something like: Alice (my primary care giver) and I each have the key to the records that Alice stores. Bob (my dentist) has a legitimate need to these records so I issue Alice and Bob a new key. With that key, the software allows Alice to make a replicate (synchonizable at that) of the record and transfer it to Bob who uses his key to access the data. It may even be that _any_ time, any of the replicas are to be accessed _my_ private key must be employed although one may argue that in times of tragedy it would be prudent to get my medical history immediately. I would say there is little in those records that would help an emergency room doctor make life saving desisions. That anything that the ER should know about me to save my life should be on a Medical Emergency Bracelet. I guess it would not matter if you encrypted with a key short enough to mumble from the back of an ambulance. The market for encryption enabled applications is just about to take off. --j At 03:25 PM 8/8/96 -0700, Rich Graves wrote:

-----BEGIN PGP SIGNED MESSAGE-----

I agree that this project needed to be done to educate the public, but I must say I'm glad my name isn't attached to it.

To answer legitimate concerns about abuse, perhaps version 2 could make the relevant http logs publicly available? So in addition to checking the governor's son's driving record, you could check which other IP addresses have been looking at the governor's son's driving record. Spider detection and retaliation would also be nice.

(Of course this would have the side effect of increasing the visibility of the anonymizer/canadianizer/exonizer services, which would not be a bad thing.)

- -rich

-----BEGIN PGP SIGNATURE----- Version: 2.6.2

iQBVAwUBMgppM5NcNyVVy0jxAQFjFwIAyio1QMkAC7/sH3PdVbGXuTImey+1ewg2 Nxl7bZlZe/YvYlk2yomKW24bgZJ5Vjiecc7g35SM+jveLRWA0xgbkg== =yDFP -----END PGP SIGNATURE-----