Proposed National Database Raises Privacy ConcernsBy Brian Prince | Posted 2007-05-22 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
News Analysis: Experts point out the security risks of the nationwide database of workers' personal information that would be required under an immigration bill expanding the Employee Eligibility Verification System.The mammoth database system that would be needed under an immigration bill currently being discussed by Congress has security experts thinking about procedures, privacy and protection.
The Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 (PDF) is a controversial compromise reached by a bipartisan group of senators. The proposed legislation already has many opponents across party lines, and has been criticized by groups such as the American Civil Liberties Union. Proponents, however, argue that the bill includes vital changes to immigration law in the United States.
One of the provisions in the sweeping bill has given some IT policy and security analysts pausethe expansion of the EEVS (Employee Eligibility Verification System). Employers would be required to submit identifying information provided by all members of the American work forceroughly 150 million people, the U.S. Department of Labor's Bureau of Labor Statistics estimates to the U.S. Department of Homeland Security. Data from prospective employees would be submitted as well. The data would be checked against database records, and anyone who failed that check would essentially be out of a job.
The expanded EEVS would also allow employers to compare the photograph of a person on a document, such as a driver's license, presented during the hiring process, against digital photographs stored in databases by whatever body issued the identification.
Businesses that did not comply with the law would be subject to stiff civil penalties, with fines ranging from $5,000 to $75,000 for each unauthorized employee.
Currently, participation in the Employee Eligibility Verification Program, formerly known as the Basic Pilot Program and run jointly by the DHS, the SSA (Social Security Administration), and the U.S. Citizenship and Immigration Services Bureau, is voluntary.
While others focus on different aspects of the legislation, some IT analysts have pointed out that the federal government does not have the best record when it comes to protecting personal data or to minimizing errors in its databases.
"The government definitely seems to have two consistent problemsone is bad data getting into the database ... and the other is getting bad data out of the database," said John Pescatore, an analyst for Gartner.
Jim Harper, director of information policy studies at the Cato Institute in Washington, predicted that under this legislation, Americans would see similar types of problems to those that have occurred with the "no-fly" database, with the obvious difference being that complaints about the no-fly list typically involve people wanting to be taken off, rather than to be added or have their data corrected. Harper predicted trouble from transcription errors, unusual names and other issues.
"The Social Security Administration's Office of the Inspector General recently estimated that the SSA's 'Numident' filethe data against which Basic Pilot checks worker informationhas an error rate of 4.1 percent," Harper said. "At this rate, one in every 25 new hires would receive a 'tentative non-confirmation' and have to engage with an intransigent federal bureaucracy to seek permission to work."
On the privacy front, the draft legislation does have language calling for the use of "appropriate administrative, technical and physical safeguards to prevent unauthorized disclosure of personal information," including the development of algorithms to detect potential identity theft and the misuse of the EEVS by employers or employees, according to the bill.
Pescatore said such security measures need to be in place and verified through testing before any such database goes online.
Khalid Kark, an analyst at Forrester Research, said he agrees that it's a good idea to validate identities and conduct background checks for certain jobs. To him, possible technical problems are not the biggest issue; a larger hurdle is the need to ensure that the EEVS is governed by tightly controlled and well-thought-out processes, he said.
For example, the recent exposure of the Social Security numbers of thousands of people who participated in a U.S. Department of Agriculture grant program was a failure of procedures, not technology, Kark said.
"It wasn't the technology that caused the breach; it was the process where they were putting Social Security numbers ... on the Web site," Kark said. "The more people, the more difficult it is to have a unified awareness of the sensitivity of things."
The sharing of information contained in Internal Revenue Service databases has also raised concerns. Under the proposed legislation, information on everyone who has filed a tax return after 2005 will be available to both the department and its contractors. The contractors would be required to undergo an audit every three years to make sure that personal data is not being lost, stolen or misused.
"Of course, there are security risks created by systematized data-sharing," Harper said. "If someone hasn't already adapted Metcalfe's Law, I will. Here's Harper's law: The security and privacy risks increase proportionally to the square of the number of users of the data."