Everybodys got it. Most people treasure it. And its in danger. For some its already been compromised. And everyones pretty sure their turn is coming.
Privacy. Politicians have discovered that its not guaranteed, and theyre upset. Theyre not alone. Voters are upset because the big database companies are playing fast and loose with their information: Credit ratings and tax status, property records and employment history. Breaches at two well-known data companies, LexisNexis Seisint division and ChoicePoint, have focused attention on what many tech-savvy citizens have known for a while: Security at many of these companies is lax.
Now, when an industry goofs, it means someone must do to something. So Washington is springing into action.
Wednesday, the Senate Judiciary Committee held hearings on the issue. Earlier in the week Sen. Dianne Feinstein (D-Calif.), using a California law as her model, introduced legislation. Sens. Charles Schumer (D-N.Y.) and Bill Nelson (R-Fla.) also have legislation pending. Over in the House Commerce Committee, Rep. Joe Barton (R-Texas) is talking about finding ways to protect Social Security numbers—a de facto national identification number—from falling into the wrong hands. Sen. Pat Leahy (D-Vt.), the highest-ranking Democrat on the Senate Judiciary, has also hinted that hes working on legislation. And Sen. Arlen Specter (R-Pa.) made his displeasure about the current state of affairs well-known at Wednesdays hearing. This is a powerful alliance. Somethings going to happen.
But what? Solutions to the problem arent centering on getting individuals to be more careful about information or about creating better network security, data management or encryption systems. Nor is anyone seriously talking about reducing the role that private data collection companies play in law enforcement and government investigations. All of which might turn into more permanent fixes.
Instead, two solutions are being offered.
One, Schumer and Nelsons, would put data companies under the control of the Fair Credit Reporting Act. The idea here is to let people see information on file about them and give them a chance to correct errors or mistakes just as theyre able to do with their credit ratings.
Feinsteins suggestion has been to take the notification requirements in California law and apply them nationwide. The breach suffered by ChoicePoint, the Georgia company, became public when it had to comply with the states law and tell residents their information had been passed onto thieves. Requiring national alerts would heighten awareness and create a bigger safety net for consumers, particularly if it were combined with free annual reviews.
But does this really get at the problem? No, it doesnt. The data business has grown up pretty much without regulation. Thats unlikely to change. Consumers—voters and elected officials—like the way it makes their lives easier. ATMs, credit cards, airline reservations, frequent-flyer miles and grocery store discount programs all provide information about where youre going, what youre doing, what you like and what you dont like.
People are also sloppy about how they protect themselves, freely giving away information—including their Social Security number—to enter contests, vote, get a drivers license, do a host of different things. Most people have the numbers memorized; theyre used that often.
And theyre not hard to get a hold of. The best, recent example: Democrat Senator Schumer got Vice President Dick Cheneys Social Security number from a data company. And, yeah, Schumer, who has something of a reputation as a political show-boater, bragged about it too.
That moment of political theater makes Congressman Bartons talk about protecting Social Security numbers a little more intriguing, particularly if youre one of those folks who thinks that a national ID card system is in all of our futures. Social Security numbers have become national ID card numbers, of course. Theyre used to file everything from your college aptitude test scores to your current tax information. Its one reason why information, once collected, is so easily collated between different organizations.
Barton, a Republican, wants to protect the use of the numbers from thieves and others (politically ambitious Democrats, for starters). Hes got an uphill battle, it seems. Getting data companies to rely on different kinds of filing and cross-referencing systems would slow down the time it takes to shift through the massive amounts of information about people thats currently on file. But it would also make some of the apparently seamless transactions we conduct every day a bit slower and slightly more cumbersome.
Thats a change in how consumers and companies conduct themselves; itll be interesting to see how well Bartons concern—which has obvious but no necessarily easily executed technical solutions—is translated into law.
eWEEK.com technology and politics columnist Chris Nolan spent years chronicling the excesses of the dot-com era with incisive analysis leavened with a dash of humor. Before that, she covered politics and technology in D.C. You can read her musings on politics and technology every day in her Politics from Left to Right Weblog.