FC: Privacy villain of the week: Federal agencies lax with SSNs

From: Declan McCullagh (declanat_private)
Date: Sun Mar 16 2003 - 21:35:41 PST

  • Next message: Declan McCullagh: "FC: U.S. spy gear can "read lettering on basketball" 25,000 miles away"

    ---
    
    Date: Fri, 14 Mar 2003 16:57:39 -0500
    From: J Plummer <jplummerat_private>
    Subject: NCP: Privacy Villain of the Week: Federal Agencies Lax with
       SSNs
    
    Privacy Villain of the Week:
    Federal Agencies Lax with SSNs
    
    A report out this month reveals something shocking but sadly not altogether 
    unexpected - federal agencies are incredibly lax when it comes to 
    protecting the integrity of your Social Security 
    numbers.  <http://govt-aff.senate.gov/031103prescouncilrpt.pdf>
    
    The report was requested by the Senate Governmental Affairs Committee 
    <http://govt-aff.senate.gov/031103presssc2.htm> and issued by the Social 
    Security Administration Office of the Inspector General(OIG), after being 
    compiled by the OIGs of 15 different federal agencies. The findings were 
    shocking:
    
    ·	All but one of the 15 agencies participating in the study lacked adequate 
    security controls over private contractors' access to and use of SSNs.
    ·	One agency had allowed contractor employees access to its database, 
    including SSNs, before their background checks were completed.
    ·	Another didn't ensure contractors couldn't access databases after they 
    stopped working for the agency.
    ·	Private contractors keeping personal identification information in 
    unlocked cabinets, in storage rooms, and on desktops after working hours.
    ·	One agency didn't even know exactly which contractors had access to SSNs.
    ·	Nine agencies had inadequate controls over SSNs stored on computers.
    ·	Two federal agencies even had poor controls over non-Government and/or 
    non-contractor access to SSNs.
    
    The lessons to be drawn from this debacle are eveident. Federal agencies 
    have no financial incentive to respect the privacy of citizens -- their 
    continued existence and growing budgets are virtually assured. At least 
    when a business treats sensitive consumer data so shoddily, they face the 
    prospect of consumer backlash and attendant financial hurt or ruin. Efforts 
    should be made to bar the federal government from using the SSN as an 
    identifier for anything but Social Security accounts. (At least one such 
    effort is underway in the Congress right now. 
    <http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.00220:"> )
    
    And perhaps even more importantly, efforts such as those by the American 
    Association of Motor Vehicle Administrators to create mandatory government 
    databases of fingerprints or other biometric identifiers should be 
    resisted.  <http://www.nccprivacy.org/handv/011206villain.htm> Such 
    databases would retain all the problems we see now with loss of privacy and 
    identity fraud, with the potential for even more ruinous consequences, such 
    as faked fingerprints planted at a crime scene.
    
    The revealing report of the IG shows that trusting the government to 
    protect your privacy is a fool's game. And the negligent agencies have 
    revealed themselves as Privacy Villains.
    
    By James Plummer
    
    The Privacy Villain of the Week and Privacy Hero of the Month are projects 
    of the National Consumer Coalition's Privacy Group. Privacy Villain audio 
    features now available from FCF News on Demand. For more information on the 
    NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at 
    202-467-5809 or via email. 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Sun Mar 16 2003 - 23:09:28 PST