Translucency and selective disclosure

One of the delightful things about the blogosphere is the way that it converges on truth. An acquaintance of mine, Bruce Epstein , has for some years been evangelizing something he calls OpenData which envisions a world of user-contributed self-correcting databases.

It strikes me that what Bruce envisioned is now happening. A few weeks, in a posting, I mistakenly relocated the Ontario airport. A number of people immediately corrected me, and I was delighted they did so.

In the same spirit I'll now note a possible misimpression that just came to me by way of Jim McGee's blog . It refers to an O'Reilly Network article by Simson Garfinkel, which I mentioned here a few days ago. The article is about Peter Wayner's book, Translucent Databases, which I also discussed here a few weeks back.

The O'Reilly Network didn't include a picture of Peter's book, but did include a picture of Simson's (and Gene Spafford's) Web Security, Privacy, and Commerce. The formatting of the article is such that picture is clearly of Simson's book, not Peter's. But when the Privacy Digest picked up the story, its formatting blurs that distinction, unintentionally I am sure. For the record, here are the two books:

Peter Wayner's Translucent Databases

Simson Garfinkel and Gene Spafford: Web Security, Privacy, and Commerce

Now that we've cleared that up, let me add that I highly recommend both. The Spafford/Garfinkel book is also excellent. In fact, I have just been reading its second edition on Safari. I found the section on PKI-related policy issues to be thought-provoking, and it relates to Peter's translucency ideas. Write Spafford and Garfinkel:

7.4.5 X.509 v3 Does Not Allow Selective Disclosure

When a student from Stanford University flashes her state-issued California driver's license to gain entrance to a bar on Townsen Street, she is forced to show her true name, her address, and even her Social Security number to the person who is standing guard. The student trusts that the guard will not copy down or memorize any information that is not relevant to the task at hand -- verifying that she is over 21.

As we discussed in Section, Stefan Brands has developed a system of certificates that allow selective disclosure. Although cryptography is promised, because the certificates are not compatible with X.509, the system is not currently being deployed.

And here's the bit from

A woman who wanted to gain access to a web site for a cancer survivors group might use minimal disclosure certificates to prove to the web site that she was a woman over 21 who had breast cancer without revealing her name or address. Minimal disclosure certificates were invented by the mathematician Stefan Brands and exclusively licensed in February 2000 to the Canadian corporation Zero Knowledge Systems.[ 7 ]

This idea of selective disclosure seems really important, and translucency seems like a way to implement it.

Former URL: