Using Negative Databases To Protect Privacy [link via] Linkswarm posted by tantrum
This is an amazing article on how human philosophy can be applied to computing, specifically cryptography and data.
Here is the basic idea of how to set up your DB using “The non-denial of the non-self”:
define “everything” as a finite set, all of whose members can be known—for instance, all phrases containing a fixed maximum number of characters.
A database of names, addresses and Social Security numbers (a common form of identification in America) might require only 200 characters to contain all possible combinations. That would limit the total number of character combinations. A positive database containing all the data in question would be a small subset of those combinations. The negative counterpart of this database would be much larger and contain all possible names and addresses that were not in the positive database plus a lot of gibberish. But it would not be infinite. By looking at the negative database, it would be possible to deduce what was in the positive database it complemented.
That would not guarantee security against a search for the presence or absence of a particular name and address. Indeed, the whole point is that such searches should be possible. But it would prevent fishing expeditions by making it impossible, for example, to look for the Social Security numbers of all the people living on one street.
The article in and of itself is AMAZING. Please read the whole thing. >CLICKY<
Not only does this article have practical uses for computer security, but it discusess that “Carl Hempel[‘s] manipulating the logical statement ‘all ravens are black’, you [can] derive the equivalent ‘all non-black objects are non-ravens'”. The simple idea is so elegant that is borders on the greatness of Rene De Carte’s “I think, therefore I am.” However I have yet to see a security application based on De Carte’s philosophy.
Major credit to tantrum for finding this article and thanks to Linkswarm for being the best site in cyberspace. All intellectual credit for the article itself goes to economist.com and their writers. To be honest I’d never even thought to look there for a great article on computer security. Who knew?