|
Ongoing discussion of translucency and selective disclosure
Thoughtful responses to my recent items on translucency and selective
disclosure -- here,
here,
and here
-- continue to arrive.
Mark Rice:
Regarding translucency, have you really done Thelma Arnold (AOL user 4417749) by publishing her name and AOL user number and the fact that it has been leaked to the entire world? Why not publish her social security number as well? What are thinking of when you write about translucency? I think you need some opacity.
By the way, the original Social Security Act of 1933 made it illegal
to use SS numbers for anything but Social Security and tax
information. The government and many others have largely ignored this
law. Twenty years ago when I applied for my pilot's license the FAA
asked for my social security number. I told them it was illegal to
ask, and later they changed the form to indicate that answering that
question was "voluntary". However, when I received my pilot's license,
guess what my license number was? You guessed it, it was my social
security number. When I questioned the FAA and the Social Security
Administration about it, they told me they never release that
information, and that it must have been a "coincidence".
Given that the widely-read New York Times story ran Thelma's name and
her "user number" -- which isn't an AOL ID, by the way, but only the
number randomly assigned to her in its data dump -- I didn't see how
reciting those facts in InfoWorld could make any difference one way or
the other.
But Mark was exactly right. Having collected that scrap
of information, it was a reflexive act to use it, even in a context
where the point was to advocate opacity. As Mark's comment nicely
illustrates, it's deceptively hard to retrain that reflex.
Marc Thornsbury:
I couldn't agree more. But the real problem appears in your last
sentence. For all intents and purposes, there *is* no liability for
storing more of a customer's data than is strictly necessary. In fact,
when looking at selling that information elsewhere, the financial
incentive is to get, and keep, as much information as possible.
Before you're going to see any progress on this, there's going to have
to be a definition of what constitutes personal information, what
constitutes permitted use (or how individuals can define permitted use
on a case-by-case basis), and some kind of serious penalty for failing
to meet the requirements. A good successful lawsuit would make folks
want to destroy that data as quickly as possible.
However, the courts or legislature(s) are going to need to apply some
concepts in creative ways. The courts have defined the concept of a
"birth mother" (apart from what I suppose you would call, for lack of
something better, a "regular mother") and there are certain things that
this entails that cannot be changed, even when agreed to by the various
parties involved. For example, if a woman offers her child for adoption
before birth with agreements and even the exchange of monies, she may
still refuse to complete the transaction at any time and is bound to no
terms whatsoever. Her role as the birth mother cannot be "signed away",
as it were.
We need the equivalent in this area. Until personal information is
seen as being owned, in whatever form, by the person and merely
"licensed" (for lack of a better term) to a company to be used within
the rights permitted under the terms of the license issued by the
person, this is not going to get better!
The funny thing about this is that I'm constantly reading about how
data storage needs are out of control and companies are having to
struggle with the need for more and more storage capacity. Here's a
simple answer to both problems (and one as old as computing itself),
it's called purging.
As Tim Sloane also noted,
strong financial incentives compel organizations to hoard and trade
our data. Here are two countervailing forces I'm aware of:
-
Financial liability. I continue to like Bruce
Schneier's ideas about the role of insurance. If lawsuits mean that theft or
spillage of people's data can be a financial catastrophe, and if insurance
emerges as a way to manage that risk, then the cost of that
insurance begins to constrain the amount of personal data held
and traded without explicit consent.
-
Legal protection. Although most commercial transactions don't warrant
such protection, medical transactions do. Health care,
severely constrained by its inability to exchange medical
records, is compelled to invent systems that conduct such
exchanges with explicit consent. Led by John Halamka, the
New England Healthcare EDI Network has done excellent work laying the
foundations for HIPAA-compliant
transactions with per-transaction approval and auditing.
I'd like to grow this list, as well as track the progress of items on it.
Duane Sessums:
It's interesting to note that your discussion revolves around providing, storing, and encryption of the SSAN in such a service situation. Even if they didn't store it, they'd obtain a copy of your credit record in a document that has your SSAN embedded. So, they could assure you all day long they don't store your SSAN that you provide, but they have it anyway. Unless they don't store the file either, which would require them to scrape the credit score and other pertinent data off. And once they do that, you'd have to hope that they have a good enough unique key, including address, for example, to prevent identity theft or error. And even then, with that set of data, and a few bucks, someone can get your SSAN and other personal data about you.
Conundrum continues.
True. Related to this, Scott Weisman wondered why, as a lender, there
would even need to be a credit check requiring the SSN. A Prosper
representative offered this clarification:
While we do use your social security number for Experian, we also need
it for tax reporting purposes. Prosper must record and then report
earnings that lenders make off their investments. This means that we
must record your social security number as it will become necessary
for the duration of your activity on the platform.
I noted that, instead, the tax report could flow through me enroute to the
feds, and that I could attach the SSN as part of my review of that
report. I realize that things
don't work that way now. But I'm trying to raise awareness of the
possibility that they could, and the reasons that they should.
|
NEWS 
