Security by cross-referencing incomplete data
Those days I were thinking about security models and how people find out security breachs. It usually appear when something is wrong in the system, so people add more measures in the process to prevent it. The problem appears when you have so much prevention measures that the system becomes unusable or so hard to use no one can do it right. Want an example? Our current IR forms: you have to add information about who gave you money and who do you paid.
Why not use incomplete data to secute it? I mean, take a look at PGP: you have part of the data, I have part of the data and nobody has the full part, but things work when I take my part and your part of the data. Same thing with the IR: why I need to point who paid me something if that someone need to point that he/she paid me? Todays computers can manage to cross-reference all data in some time (I think a two month delay isn’t a big problem for the IRS). Also, it would mean that everything you pay, you would get a receipt, even a single cup of coffee. This would mean more taxes being paid but, as we are the final consumers, we pay them already and the companies never paid it back to the government (and what the government does with that money is a matter to another discussion).
