Protecting your SSN and your reading habits

The long view of security strategies for your network.

In my last column, I provided comments I had sent to Austrian journalist Erich Möchel about identity theft for one of his German-language articles on the subject. At the end of my responses to him, I also included the following comments, which I have expanded for this article:

It strikes me that any government-held central database of identifying information and other data about citizens always raises the risk of abuse as political winds change. We already have the example of the East German security police (the STASI) to warn us of the perils of a surveillance society.

It bears repeating that the issue is not whether someone has something to hide; the issue is whether officials in different political circumstances will be able to abuse their access to information to persecute those with whose political views they disagree.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In my last column, I provided comments I had sent to Austrian journalist Erich Möchel about identity theft for one of his German-language articles on the subject. At the end of my responses to him, I also included the following comments, which I have expanded for this article:

It strikes me that any government-held central database of identifying information and other data about citizens always raises the risk of abuse as political winds change. We already have the example of the East German security police (the STASI) to warn us of the perils of a surveillance society.

It bears repeating that the issue is not whether someone has something to hide; the issue is whether officials in different political circumstances will be able to abuse their access to information to persecute those with whose political views they disagree.

For example, collecting information about what people are reading may seem harmless today, but it might not be so harmless if a cultish, fanatical leftwing atheist conspiracy took over the U.S. government and disapproved of reading religious books. [Oh do forgive me: I don’t want to offend anyone – or at least I can try to offend everyone – so you can also imagine that a cultish, fanatical rightwing religious conspiracy controlled the government and disapproved of reading atheistical books if you prefer.]

* * *

My friend and colleague Prof. Don Holden, a Lead Instructor in the MSIA program, has a long and distinguished career in information assurance. He responded to my comments with some thoughts of his own, which I quote below with his kind permission:

In New Hampshire (motto, “Live Free Or Die”) we have taken some steps that show some of us recognize these dangers. When you get or renew a driver's license, you do not have to keep your Social Security number (SSN) in the database and you can opt out of having your picture stored in their database as well. We rejected the Real ID Card, also. 

However, if you don't let them store a picture, you will have problems trying to get an emergency replacement driver's license if you are on a trip and lose it because the Department of Motor Vehicles won’t be able to create a duplicate license for you and express-mail it the way they normally would.

The libraries in New Hampshire must follow a state law protecting the privacy of their patrons regardless of age. Even parents have to get permission of their children or have their child's card to be able to pick up books left on reserve as an example if the child has her own card rather than a family card. Our library in Amherst, N.H., does not store any records of books you have taken out after the books have been returned. If men in gray suits ask to see our patron records under the USAPATRIOT Act, they will see only the list of books patrons currently have checked out. One downside of this is that patrons cannot ask us to locate a book or other material that they once checked out if they have forgotten the name and author (but we do have indexes and search engines).

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.