Re: HIPAA - Mailing list pgsql-admin

From Christopher Browne
Subject Re: HIPAA
Date
Msg-id m3smginbhf.fsf@wolfe.cbbrowne.com
Whole thread Raw
In response to HIPAA  (Silvana Di Martino <silvanadimartino@tin.it>)
List pgsql-admin
Martha Stewart called it a Good Thing when listsubscriptions@oghma.on.ca (Gorshkov) wrote:
> On March 8, 2004 09:07, Andrew Sullivan wrote:
>> On Mon, Mar 08, 2004 at 12:07:23PM +0000, Silvana Di Martino wrote:
>> > This seems to give to this "db encryption" issue the status of
>> > "global relevance" that would deserve a more systematic
>> > approach. I mean: no homegrown solutions - rather have the
>> > community to develop a specific, standard extension of PostgreSQL
>> > and put it into the distro.
>>
>> Just to throw another wrench into the works, you might want to
>> think about some of the observations on what data you _really_ need
>> that are in Peter Wayner's _Translucent Databases_ (Flyzone Press,
>> 2002.  ISBN 0-9675844-1-8).  Many of the techniques are not
>> particularly novel, but the discussion in the beginning about
>> deciding just which data you _really_ need is, I think, very
>> helpful.  There's a tendency to collect data just because one can,
>> and the new data protection laws are an attempt to find a techno
>> fix to the problem.  (I still like it that someone is spending some
>> time on improving the crypto stuff, though.)
>>
>> A
>
> Many, many moons ago when I was young and stupid, I was in an
> intelligence trade in the Cdn Navy - COMINT/SIGINT.
>
> it never ceases to amaze me at how consistantly people underestimate
> the information that can be taken from a datum - especially when
> aggrigated with data from other sources.

I'd like to think you misspelled "aggravated" there :-)

The US situation of SSN numbers being widely used as personal
identifiers has been quite spectacularly disastrous for personal
security.

My credit union finally "saw the light" a couple of years ago, and
decided to use their own randomly generated account IDs; I gather that
many (most?) US companies have been taking the same strategy with
employee and customer account numbers.

For different organizations to use different keys is not a total
panacea, but the lack of uniqueness has been pretty harmful.

Wayner's book is certainly pretty good on the subject; it may not be a
NIST/FIPS/ISO standard, but it certainly presents the security issues
coherently.

What is pretty clear is that this kind of application requires that
there be a use of data encryption that is controlled _outside_ the
database layer.

There may be attempts made to sell the notion that the Right Solution
requires using some particular product, such as Trusted Oracle; you
can expect that to be pressed by vendors that have products they want
to push.  Unfortunately, this may well worsen security, by putting
trust in a layer that cannot provide security.
--
let name="cbbrowne" and tld="cbbrowne.com" in name ^ "@" ^ tld;;
http://cbbrowne.com/info/rdbms.html
"I think we might have been better off with a slide rule."
-- Zaphod Beeblebrox

pgsql-admin by date:

Previous
From: Amit Kush
Date:
Subject: Re: Help! Regarding Pg for posgreSQL
Next
From: "Frédéric Médery"
Date:
Subject: migration from postgresql-7.2. to 7.4.1 : invalid command \n