Privacy villain of the week: Federal agencies lax with SSNs

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Declan McCullagh <declan () well com>


Date: Fri, 14 Mar 2003 16:57:39 -0500
From: J Plummer <jplummer () consumeralert org>
Subject: NCP: Privacy Villain of the Week: Federal Agencies Lax with
   SSNs

Privacy Villain of the Week:
Federal Agencies Lax with SSNs

A report out this month reveals something shocking but sadly not altogether
unexpected - federal agencies are incredibly lax when it comes to
protecting the integrity of your Social Security
numbers.  <http://govt-aff.senate.gov/031103prescouncilrpt.pdf>

The report was requested by the Senate Governmental Affairs Committee
<http://govt-aff.senate.gov/031103presssc2.htm> and issued by the Social
Security Administration Office of the Inspector General(OIG), after being
compiled by the OIGs of 15 different federal agencies. The findings were
shocking:

·    All but one of the 15 agencies participating in the study lacked
adequate 
security controls over private contractors' access to and use of SSNs.
·    One agency had allowed contractor employees access to its database,
including SSNs, before their background checks were completed.
·    Another didn't ensure contractors couldn't access databases after they
stopped working for the agency.
·    Private contractors keeping personal identification information in
unlocked cabinets, in storage rooms, and on desktops after working hours.
·    One agency didn't even know exactly which contractors had access to
SSNs.
·    Nine agencies had inadequate controls over SSNs stored on computers.
·    Two federal agencies even had poor controls over non-Government and/or
non-contractor access to SSNs.

The lessons to be drawn from this debacle are eveident. Federal agencies
have no financial incentive to respect the privacy of citizens -- their
continued existence and growing budgets are virtually assured. At least
when a business treats sensitive consumer data so shoddily, they face the
prospect of consumer backlash and attendant financial hurt or ruin. Efforts
should be made to bar the federal government from using the SSN as an
identifier for anything but Social Security accounts. (At least one such
effort is underway in the Congress right now.
<http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.00220:";> )

And perhaps even more importantly, efforts such as those by the American
Association of Motor Vehicle Administrators to create mandatory government
databases of fingerprints or other biometric identifiers should be
resisted.  <http://www.nccprivacy.org/handv/011206villain.htm> Such
databases would retain all the problems we see now with loss of privacy and
identity fraud, with the potential for even more ruinous consequences, such
as faked fingerprints planted at a crime scene.

The revealing report of the IG shows that trusting the government to
protect your privacy is a fool's game. And the negligent agencies have
revealed themselves as Privacy Villains.

By James Plummer

The Privacy Villain of the Week and Privacy Hero of the Month are projects
of the National Consumer Coalition's Privacy Group. Privacy Villain audio
features now available from FCF News on Demand. For more information on the
NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at
202-467-5809 or via email.



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/