Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management

    Proposed National Database Raises Privacy Concerns

    By
    Brian Prince
    -
    May 22, 2007
    Share
    Facebook
    Twitter
    Linkedin

      The mammoth database system that would be needed under an immigration bill currently being discussed by Congress has security experts thinking about procedures, privacy and protection.

      The Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 (PDF) is a controversial compromise reached by a bipartisan group of senators. The proposed legislation already has many opponents across party lines, and has been criticized by groups such as the American Civil Liberties Union. Proponents, however, argue that the bill includes vital changes to immigration law in the United States.

      One of the provisions in the sweeping bill has given some IT policy and security analysts pause—the expansion of the EEVS (Employee Eligibility Verification System). Employers would be required to submit identifying information provided by all members of the American work force—roughly 150 million people, the U.S. Department of Labors Bureau of Labor Statistics estimates— to the U.S. Department of Homeland Security. Data from prospective employees would be submitted as well. The data would be checked against database records, and anyone who failed that check would essentially be out of a job.

      The expanded EEVS would also allow employers to compare the photograph of a person on a document, such as a drivers license, presented during the hiring process, against digital photographs stored in databases by whatever body issued the identification.

      Businesses that did not comply with the law would be subject to stiff civil penalties, with fines ranging from $5,000 to $75,000 for each unauthorized employee.

      Currently, participation in the Employee Eligibility Verification Program, formerly known as the Basic Pilot Program and run jointly by the DHS, the SSA (Social Security Administration), and the U.S. Citizenship and Immigration Services Bureau, is voluntary.

      While others focus on different aspects of the legislation, some IT analysts have pointed out that the federal government does not have the best record when it comes to protecting personal data or to minimizing errors in its databases.

      “The government definitely seems to have two consistent problems—one is bad data getting into the database … and the other is getting bad data out of the database,” said John Pescatore, an analyst for Gartner.

      /zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      Jim Harper, director of information policy studies at the Cato Institute in Washington, predicted that under this legislation, Americans would see similar types of problems to those that have occurred with the “no-fly” database, with the obvious difference being that complaints about the no-fly list typically involve people wanting to be taken off, rather than to be added or have their data corrected. Harper predicted trouble from transcription errors, unusual names and other issues.

      “The Social Security Administrations Office of the Inspector General recently estimated that the SSAs Numident file—the data against which Basic Pilot checks worker information—has an error rate of 4.1 percent,” Harper said. “At this rate, one in every 25 new hires would receive a tentative non-confirmation and have to engage with an intransigent federal bureaucracy to seek permission to work.”

      On the privacy front, the draft legislation does have language calling for the use of “appropriate administrative, technical and physical safeguards to prevent unauthorized disclosure of personal information,” including the development of algorithms to detect potential identity theft and the misuse of the EEVS by employers or employees, according to the bill.

      Pescatore said such security measures need to be in place and verified through testing before any such database goes online.

      Khalid Kark, an analyst at Forrester Research, said he agrees that its a good idea to validate identities and conduct background checks for certain jobs. To him, possible technical problems are not the biggest issue; a larger hurdle is the need to ensure that the EEVS is governed by tightly controlled and well-thought-out processes, he said.

      For example, the recent exposure of the Social Security numbers of thousands of people who participated in a U.S. Department of Agriculture grant program was a failure of procedures, not technology, Kark said.

      /zimages/3/28571.gifThe USDA has lowered its estimate of how many people were affected by an online data exposure. Click here to read more.

      “It wasnt the technology that caused the breach; it was the process where they were putting Social Security numbers … on the Web site,” Kark said. “The more people, the more difficult it is to have a unified awareness of the sensitivity of things.”

      The sharing of information contained in Internal Revenue Service databases has also raised concerns. Under the proposed legislation, information on everyone who has filed a tax return after 2005 will be available to both the department and its contractors. The contractors would be required to undergo an audit every three years to make sure that personal data is not being lost, stolen or misused.

      “Of course, there are security risks created by systematized data-sharing,” Harper said. “If someone hasnt already adapted Metcalfes Law, I will. Heres Harpers law: The security and privacy risks increase proportionally to the square of the number of users of the data.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×