The rising abuse of computers and increasing threat to personal privacy
through data banks have stimulated much interest m the techmcal safeguards for data.
There are four kinds of safeguards, each related to but distract from the others. Access controls
regulate which users may enter the system and subsequently whmh data sets an active user may read or wrote.
Flow controls regulate the dissemination of values among the data sets accessible to a user.
Inference controls protect statistical databases by preventing questioners from deducing confidential
information by posing carefully designed sequences of statistical queries and correlating the responses.
Statlstmal data banks are much less secure than most people beheve. Data encryption attempts to
prevent unauthorized disclosure of confidential information in transit or m storage. This paper describes the
general nature of controls of each type, the kinds of problems they can and cannot solve, and their inherent limitations and weaknesses.
The paper is intended for a general audience with little background in the area.