Another final warning

July 6th, 2007

Another post tipping point post:

Before writing me off as a privacy kook, consider this testimony from 1992 by the group Computer Professionals for Social Responsibility (CPSR) before the Special Joint Subcommittee Studying State and Commercial Use of Social Security Numbers for Transactional Identification. According to testimony, “[until] 1972, each card issued was emblazoned with the phrase ‘Not to be used for ID purposes.'” It cited a report by the U.S. Department of Health, Education, and Welfare that recommended, in unqualified terms, that the SSN not be used as an identifier (bold text in the original document):

We recommend against the adoption of any nationwide, standard, personal identification format, with or without the SSN, that would enhance the likelihood of arbitrary or uncontrolled linkage of records about people, particularly between government or government-supported automated personal data systems.

This advice was not followed, and by 1992 the CPSR reported the dismal facts: “Unfortunately, [the Federal Privacy Act of 1974] has not been effective due to bureaucratic resistance from inside the government, lack of an effective oversight mechanism, and the uncontrolled use of the SSN in the private sector.” When states like California, New York, Virginia and others passed legislation in the mid-1990s requiring the collection of an applicant’s SSN to issue a driver’s license, they effectively flattened 60 years of privacy protection, and they effectively exposed every citizen to a degree of identity risk that was, and remains, unconscionable.

And so what has been the legacy of the government ignoring its own advice and the advice of leading computer experts? Precisely what the CPSR predicted: identity theft is now the most prevalent complaint received by the FTC, and it’s America’s fastest-growing crime. Unlike a video game that just eats your quarter and says “GAME OVER,” a stolen identity can ruin your credit score, drain your bank account, endow you with a lengthy criminal record, or grant you an entry on the no-fly list. More troubling, identity theft can be a one-way ticket to a world in which the bits on some agent’s computer screen matter more than your own testimony, a world in which the term habeas corpus is a lexical artifact rather than a constitutional guarantee, a world in which your physical self can be suborned based on what is believed about your virtual self.

On December 18, 2006, Tom Zeller reported “An Ominous Milestone: 100 Million Data Leaks” in the Technology section of The New York Times. The number of confirmed victims is at least 15 million. The cost is estimated at more than $50 billion a year. In health care terms, we have more than 100 million “exposed,” 15 million “affected,” and a cost of, well, more than $50 billion. How did we get here? And what are we going to do about this virtual epidemic?


The people of this fair isle do not have this problem, because there is no unique identifying number that is issued by the state to every citizen line the american Social Security Number (SSN).

If the NIR is rolled out as planned, then everyone in the UK will be given a unique number which will be printed on their ID card. That number will then be the same as the SSNs that plague the americans, and then the shit will hit the fan for the British.

That ID cards are still being considered is as unsurprising as it is appalling. Gordon Brown and his merry band of murderers do not care a whit about the British people, or how much danger they put them in as a result of their insane policies.

Once again, for the nth time, if you allow yourself to get put into this system, then what is happening to the americans will happen to you You would have to be TOTALLY INSANE to volunteer for this madness.

But you know this…

and finally:

And it gets worse. Individuals who can be victimized by their own data can also become collective victims of those with whom they are associated. As Bruce Schneier wrote for Wired magazine:

Contrary to decades of denials, the U.S. Census Bureau used individual records to round up Japanese-Americans during World War II.

The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear. And while the Second War Powers Act of 1942 temporarily suspended that protection in order to locate Japanese-Americans, the Census Bureau had maintained that it only provided general information about neighborhoods.

New research proves they were lying.

The whole incident serves as a poignant illustration of one of the thorniest problems of the information age: data collected for one purpose and then used for another, or “data reuse.”

It is bad enough that the government might collect data for one (lawful) purpose and then use it for another (nefarious) purpose, but what happens when all data is keyed by a single key, such as a Social Security number (SSN), which itself was never designed for the purpose of personal identification? And what happens when that number is leaked (100 million instances and counting) or stolen (15 million instances and counting)? The opportunities for abuse, both within and outside the system become virtually limitless. (And legislation passed in 2005 has only served to accelerate both the breadth and depth of these opportunities.)

Which is why the iPhone activation mechanism is so troubling, because it compels people in the heat of the moment to do something they should never do if given a moment’s thought. Now, I’m sure that it’s possible to get a phone activated without giving up one’s SSN. I did it with my carrier several years ago by walking the issue up to a VP’s desk and posting a $1,000 bond for two years. So it can be done. But should it be so hard? And how are we going to teach our children the importance of protecting personal information when the laws of the state and mainstream corporate behavior make it virtually impossible to do so?

The only solution I can see is that our family will have to dramatically expand the lesson of “you are responsible for you” beyond the basics of verbal and physical conduct. If you have any good references on how to teach your third-grader the ins and outs of identity management and information security, I’d be happy to receive them now. In the meantime, we’ll let you know whether we find a way to activate Amy’s new iPhone without handing over sensitive personal information to a company that has demonstrated no respect for personal privacy or identifying data.


What is so magical about this great country is that none of this applies here and we still have time to stop it from happening. Britain is still great. It is not to late to pull her back from the brink of the abyss.

Leave a Reply

You must be logged in to post a comment.