Translucent Databases 2Nd Edition: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy

Author: Peter Wayner
This Month Hacker News 1


by specialist   2022-09-29
This is The Correct Answerâ„¢.

CA issued GUIDs unlocks the Translucent Database technology, enabling all PII to be encrypted AT REST at the field level.

Translucent Databases 2/e: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy Paperback [2009]

PS- Just spotted ftrotter's question for the first time. I also worked in healthcare IT and prototyped a PII protecting schema. Alas, my POC also flew like a lead zepplin. No password recovery. This strategy requires GUIDs, aka RealID in the USA.

"I am building an application with health information inside. This application will be consumer-facing with is new for me. I would like a method to put privacy concerns completely at ease. As I review methods for securing sensitive data in publicly accessible databases I have frequently come across the notion of database translucency. ..."

I could have written that. Oh well. Someone in much the same situation, having the same questions, and then reaching about the same answer is somewhat validating.

10+ years later, I'm sure there's now dozens of us advocating Translucent Databases techniques.

by specialist   2021-05-23
At the field and record level? Sufficient to guarantee privacy?

Never store PII as cleartext, akin to proper password storage.

Translucent Databases

Encrypting databases, file systems, and backups remain necessary, but insufficient.

by specialist   2020-10-31
Data at rest must be encrypted.

Field level encryption. Just like password files. Salt and hash any potentially identifying information.

Translucent Databases shows how.

Source: Created some of the first medical records digital exchanges (NYCLIX, BHIX, etc) in the mid 2000s. Worked very hard to figure out how to protect patient privacy. This breach and subsequent blackmailing was one of our nightmare scenarios. FWIW, nothing (nothing) has improved since.

by specialist   2020-05-27

Just like a password wallet. Store the hash of passwords, not the actual passwords. Then disallow password resets.

Then you effectively "forget" your account if you lose your password.

The book Translucent Databases (2nd ed) [2009] explains clever strategies for applying this technique to protect sensitive data. It's brilliant.

Meta: I remain disappointed by the obscurity of this book and translucent techniques. A long time friend recently asked me about GDPR compliance and so forth, in prep for reworking stuff to allow proper audits. Very tech savvy. The translucent notions just could not compute. So their efforts went down the conventional rabbit hole of actually deleting data. Which I don't consider practical or auditable. How can you be sure an org deleted every record, log, backup, etc? You can't.