Door Alexandra Marks |

De individuen zouden schat hun persoonsgegevens zoals van Sociale Voorzieningen en krediet-kaart aantallen kunnen, maar de identiteitsdieven kunnen hen kopen goedkoop en in bulk online. De krediet-kaart aantallen kunnen nu voor zo weinig gaan zoals 40 centen elk. Een een passende naam, aantal van Sociale Voorzieningen, een adres, en een datum van geboorte kosten enkel $2.00, volgens veiligheidsdeskundigen.

Zelfs aangezien de weerslag van identiteitsdiefstal verslaghoog bereikt, blijven de overheid en de privé instellingen verslaghoeveelheden persoonlijke, privé gegevens verzamelen.

En ondanks alle regels, verordeningen, en softwareinnovaties op zijn plaats om ervoor te zorgen dat de informatie niet in de verkeerde handen valt, het, en regelmatig.

In enkel de afgelopen maand, werden de werknemers van de Afdeling van de Staat gedisciplineerd voor het snooping door dossiers van het presidentiële kandidaten de' paspoort, en de het ziekenhuisarbeiders zijn belast met het verkopen van de persoonlijke informatie van tientallen duizenden patiënten evenals rifling door de geduldige verslagen van hoogste sterren. En in Hollywood wordt een privé detective aan de sterren beschuldigd van het omkopen van politie en van het telefoonbedrijf ambtenaren zodat kon hij hun vertrouwelijke gegevensbestanden schuren.

Dan is er de Dienst van de Fiscus. Een week vóór belastingsdag, zijn inspecteurs algemeen ervoor gewaarschuwd dat de computersystemen die de privé belastingswinst van elke belastingbetaler in Amerika bevatten aan ontevreden werknemers en hakkers kwetsbaar zijn.

Het probleem, zegt veiligheidsdeskundigen, is dat de capaciteit van de wereld om gegevens te verzamelen veel overtroffen zijn capaciteit heeft om het te beschermen.

„Veel organisaties en instellingen, regerings en privé allebei, zijn werkelijk goed bij het verzamelen van gegevens, maar hebben niet de praktijken en de technologieën op zijn plaats ervoor te zorgen en [zij zijn] goed gehuisvest te beveiligen,“ zegt Jim Harper, een veiligheidsdeskundige bij het libertarian Instituut CATO in Washington. „Dat is waarom de mensen in gegevensbestanden kunnen onderdompelen zij niet zouden moeten onderdompelen in.“

Zo wat is een privacy-bewuste persoon om te doen? Besnoeiing omhoog al creditcards en het gebruiks enkel contante geld? Forgo a passport and foreign travel?

“The only real protection the public can have in this arena is to deny the government the information in the first place,” says Tim Sparapani, senior legislative counsel at the American Civil Liberties Union. “Despite all of the bells and whistles, the government has proven itself to be miserably poor at controlling and limiting access to the information that it’s gathered about the public.”

It’s not that the government doesn’t try. There are reams of regulations that people with access to confidential information are sworn to follow. Agencies such as the Department of Homeland Security have their own privacy offices that spawn their own committees which study and address both the regulatory and technological ways of protecting all the information that government has in its databases.

But as history has shown, there are the genuinely malicious among us, and even the most meticulous people can err. The recent dust-up over contract employees peering into the passport files of the presidential contenders was blamed on “imprudent curiosity.”

Still, two workers were fired and another was disciplined. The inspector general of the State Department is investigating the incidents. It includes a thorough “review of the internal control processes and other aspects of managing the passport data,” according to a spokesman for the inspector general. That should be completed by the end of May.

In the meantime, privacy experts like Mr. Harper see a “glimmer” of hope in the incident. First, that it was discovered, since many such incidents go unnoticed, security experts say. Second, that the State Department had digital “flags” on the files of prominent people that alerted superiors when their data were accessed by an unauthorized person.

Harper says such “flags” should be on everyone’s files, not just those of important people, so that the government can keep an accurate record, called an “audit log” on the files. “That’s a very small, but important, protection, and … it will be recognized soon enough as standard operating procedure,” he says. “If you hold personally identifiable data, then you’ll have audit logs so you can have records of who accessed it and when.”

Software experts are coming up with an array of such programs that could help protect the privacy of data. For instance, one allows a person to compare two different files — say a Federal Bureau of Investigation’s list of suspected criminals and a travel agent’s list of its customers. The program will sort the information in each and reveal data that both files have in common. That way either side can only see the information in the other file that matches their own. That’s also the only data that the person or institution comparing the information can see.

Other programs allow people to interact in cyberspace “pseudonomously,” in other words, using a different name. It’s similar to the way eBay and PayPal now work. But in this security-conscious world, there are drawbacks to such systems as well.

“It would be especially hard to get established in the post-9/11 environment where there’s this idea that you have to have control of the financial system in order to control terrorism,” says Harper.

Private security experts say the best protections in place come from companies that have a financial stake in individuals’ private data, like banks and credit-card companies.

“They pay a lot of attention to protecting that information, not because of consumer privacy, but because banks don’t want to lose money: that’s what’s driving it, the big financial incentive,” says Avivah Litan, vice president of Gartner, a technology consulting firm in Stamford, Conn. “But with other information, like my passport file, what’s the incentive to fix my privacy? There isn’t one unless there’s a consumer revolution and that doesn’t look like [it’s] coming.”

That is one of the things prompting the ACLU to continue to fight government efforts to collect even more data on individuals, including the REAL ID Act. That requires states to issue standard driver’s licenses and give the federal government access to information about those licenses. Some government security experts want to combine those state files with the databases that DHS already keeps on Americans’ international travel, the State Department’s passport files, the Social Security’s E-Verify database, and the FBI’s criminal records. They argue that those combined files could then be mined to ferret out terrorists. But many privacy experts object, saying such information remains too vulnerable to attack.

“We believe the better way to ensure security is to do actual physical security checks, like screening all the bags that go in the belly of a plane and being sure weapons don’t get on,” says Mr. Sparapani. “Instead we have all of these data sets that are being created and collected by the government and all of which are vulnerable to hacking and malicious attack and being stolen by identity thieves and terrorists.”

Other security experts note that mining such databases can be very helpful in identifying fraud or other patterns of criminal behavior. But they, too, are wary of the privacy implications.

“There really are good reasons for analysts to look at lots of phone records and call detail if you’re putting it to the right use: You’re not going to find needles in a haystack without a lot of data aggregation and data mining,” says Ms. Litan. “But we’re always going to be behind the eight ball [on privacy], there’s a ton of data on all of us out there and a lot of unauthorized abuse of it. I’m not really sure what the solution is.”

RSS TrackBack URL