pgengler.net
now with more cowbell
It's not like we liked our privacy anyway
Posted: 2005-03-13 14:21
No comment(s)
Author: Phil Gengler
Section: Privacy

In Congress, the push for a national ID and for all-encompassing single-database systems continues. In addition to generally being flawed ideas that will do nothing to increase our national security, in the wake of several recent data leaks, these are generally poor ideas that will put more people at the risk of having their identity stolen or their personal information leaked.

Last month, ChoicePoint released information at least 140,000 people to criminals, who posed as small business owners to obtain the data. The data that was released includes names, addresses, Social Security numbers and credit reports.

Lexis-Nexis also leaked information, such as names, addresses, Social Security numbers and driver's license numbers, of nearly 32,000 of its customers.

On top of this are several leaks at colleges and universities. In January, the names and social security numbers of more than 30,000 students and faculty at George Mason University fell into the hands of attackers. Last year, Georgia Institute of Technology and the University of Texas at Austin suffered similar break-ins and information leaks. More recently, a small-scale leak at Stevens put the names and social security numbers of 31 students into the open.

What all these examples show is that personal information is not particularly well-protected, and these are just some of the larger examples. The recent rise in identity theft is largely attributable to the increased storage of personal information, and the poor security (both technically and socially) that surrounds it. Now the federal government wants to combine all this data into a single source.

Any centralized federal database would be a single point of failure. Since it would contain personal information about every U.S. citizen (and likely information about travelers who enter the country, as well), it would be a prime target for cracking, whether just as a proof of concept or with the intent to steal and use the underlying data. The creation of such a massive data repository would require an intense amount of security and control over the use of the data inside, if that data is to be at all protected. What the ChoicePoint and Lexis-Nexis cases show us is that technical security solutions crumble at the feet of social engineering; the George Mason, Georgia Tech, and U of T cases highlight technical weaknesses.

The government database would ostensibly be used to verify identities for people boarding planes and for doing background checks. It seems virtually assured, however, that the information will increasingly be used for more and more routine things, as with Social Security numbers (which initially were only used for Social Security, and have now become a standard identifier). When all the agencies of the federal government, and likely agencies in each of the states, are accessing the information in this database, the risk for leaks increases, simply because of the number of people who have access to the database.

If anyone in any agency in any state can access the information with little or no technical restriction, it is only a matter of time until someone abuses that access and compiles (and possibly releases) lists of information.

It is also likely that the government will share information in the database with companies with which it has contracts (particularly those that require employees to have security clearances). This adds a whole new set of people who have access to the system.

The possibility exists that the government might allow any company to query the database, effectively making it a competitor to companies like ChoicePoint. If this happens, then the same risks that apply to companies like ChoicePoint (and the same problems which came to light with the recent leaks) also apply to the federal database.

The number of people who would have access to the database is a risk in and of itself. Once a certain number of people are given access, and these people are spread across agencies and states, it becomes virtually impossible to control access to the database. For sure, there would be some sort of login and authentication mechanism, and hopefully some sort of logging, but it is easy for someone to either intentionally or inadvertently give away their login information. From there, no amount of logging is going to be able to undo the compromise to the database. Once the information is out in the open, there just is no way to get it "back in the bottle."

Of course, these problems generally apply to a system that would allow real-time access. If the system required the submission of a certain form, with certain signatures, then certainly it would be somewhat easier to regulate access—assuming that the required information is valid, and that it is properly checked before any data is given out. This would just not work for some needs, in particular, checking passengers who have purchased tickets for a flight. There is a certain amount of processing time required for a request, so it would seem natural to batch them; but at what point would the airline have to cut off registration for a flight just so the check could be completed prior to the flight? Given the number of flights and airline passengers, any system like this would likely be overwhelmed and unable to return responses quickly enough in most cases. So it seems the only solution that would work would be a real-time one.

So we have a system which is not going to make us any safer, but will put more of our personal information at risk. It takes up another step closer to an Orwellian-type society, and we're going to stand for this?