Two days ago I posted en entry regarding the State of Michigan’s Protect MI Child initiative. The following is a response I received yesterday from Protect MI Child:
The security of the registry was a paramount concern when creating the ProtectMIChild service. Once a child’s address is confirmed by a parent to be included in the registry, the address is hashed and the plaintext version of the address is discarded. Only the hashed version of the address is stored; the plaintext version is deleted from temporary storage and overwritten with random data.
Hashing is a process similar to encryption. However, where encryption can be undone if you know a secred password, hashing is one directional. The best analogy is to a fingerprint. While your fingerprint is unique to you, it does not reveal any personal data about you. From your fingerprint alone it is impossible to tell information such as how tall you are, how old you are, or what color your eyes are. Similarly, while the hashes of the e-mail addresses are unique, there is no way to go from the hash back to the original address.
The result of this system is that even in the unlikely event that the database were compromised, the information that would be revealed is nothing but meaningless hashess.
Thank you for your interest in the Michigan Children’s Protection Registry.