Protecting your SSN and your reading habits

* How they do things in New Hampshire

It strikes me that any government-held central database of identifying information and other data about citizens always raises the risk of abuse as political winds change. The issue is not whether someone has something to hide; the issue is whether officials in different political circumstances will be able to abuse their access to information to persecute those with whose political views they disagree.

In my last column, I provided comments I had sent to Austrian journalist Erich Möchel about identity theft for one of his German-language articles on the subject. At the end of my responses to him, I also included the following comments, which I have expanded for this article:

It strikes me that any government-held central database of identifying information and other data about citizens always raises the risk of abuse as political winds change. We already have the example of the East German security police (the STASI) to warn us of the perils of a surveillance society.

It bears repeating that the issue is not whether someone has something to hide; the issue is whether officials in different political circumstances will be able to abuse their access to information to persecute those with whose political views they disagree.

For example, collecting information about what people are reading may seem harmless today, but it might not be so harmless if a cultish, fanatical leftwing atheist conspiracy took over the U.S. government and disapproved of reading religious books. [Oh do forgive me: I don’t want to offend anyone – or at least I can try to offend everyone – so you can also imagine that a cultish, fanatical rightwing religious conspiracy controlled the government and disapproved of reading atheistical books if you prefer.]

* * *

My friend and colleague Prof. Don Holden, a Lead Instructor in the MSIA program, has a long and distinguished career in information assurance. He responded to my comments with some thoughts of his own, which I quote below with his kind permission:

In New Hampshire (motto, “Live Free Or Die”) we have taken some steps that show some of us recognize these dangers. When you get or renew a driver's license, you do not have to keep your Social Security number (SSN) in the database and you can opt out of having your picture stored in their database as well. We rejected the Real ID Card, also. 

However, if you don't let them store a picture, you will have problems trying to get an emergency replacement driver's license if you are on a trip and lose it because the Department of Motor Vehicles won’t be able to create a duplicate license for you and express-mail it the way they normally would.

The libraries in New Hampshire must follow a state law protecting the privacy of their patrons regardless of age. Even parents have to get permission of their children or have their child's card to be able to pick up books left on reserve as an example if the child has her own card rather than a family card. Our library in Amherst, N.H., does not store any records of books you have taken out after the books have been returned. If men in gray suits ask to see our patron records under the USAPATRIOT Act, they will see only the list of books patrons currently have checked out. One downside of this is that patrons cannot ask us to locate a book or other material that they once checked out if they have forgotten the name and author (but we do have indexes and search engines).

I think we as individuals also need to refuse to give our SSN as an identifier unless it is required by law usually to ensure the taxing authorities can get their piece of coin. And of course this identifier should never be used an authenticator (i.e., something secret that supposedly only you know - because it isn’t secret).

* * *

Donald B. Holden is a technology executive with Concordant, and specializes in information security. He has more than 20 years of management experience in information systems, security, encryption, business continuity and disaster recovery planning in both industry and government. He is a lieutenant colonel in the U.S. Air Force Reserves and has served as disaster preparedness officer with the Federal Emergency Management Agency, as an auditor with the U.S. Air Force Audit Agency and with the New Hampshire Office of Emergency Management. He also serves as Chairman of the Amherst (N.H.) Library Trustees.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)