How secure is your personal information

 

June 13, 2006

 

Over the course of the last year mainstream media has reported the loss of data from banks, credit card companies, and more recently the Veterans Administration in Washington, DC.  It was three weeks after the theft of a laptop containing the personal information of some 26.5 million veterans before the public was made aware.  Then, over the course of the next two weeks, it slowly came forth that not only were veterans affected but also approximately 2.2 million active duty and reserve personnel whose data was also on the laptop.  What was never reported by the press but was learned through a letter from the Veterans Administration to veterans possibly affected was that the data stolen also contained the personal information of spouses, greatly increasing the number of people affected beyond the 28.7 million veterans, active duty, and reserve personnel originally reported. 

 

On June 21, 2006, it was reported that someone breached computer security measures at the United States Department of Agriculture (USDA), and may have obtained the social security numbers and personal information of some 26,000 employees and Washington-area contractors.  The USDA will, when implemented, oversee the National Animal Identification System or NAIS.

 

On June 23, 2006, it was reported that the Social Security numbers and other personal data for 28,000 sailors and members of their families was found on a civilian web site.  Accompanying this report was a statement that “As many as a half dozen federal agencies have been affected by computer data losses in recent months.”  (Associated Press; Lolita C Baldor; June 23, 2006)

 

How did this data end up in the wrong hands?

 

In the case of the banks, credit card companies, and the USDA computer security systems were breached.  In the case of the Veterans Administration, the information was downloaded from VA computers to a laptop and removed from the Veterans Administration by an employee who did not have authorization to do so.  Subsequently, the employee’s home was burglarized and the computer equipment housing the data was stolen.  In the case of the Navy personnel, it is not known how the information was obtained but obviously was obtained from government computers.

 

What is so very obvious here and so very significant is the ease with which computer security systems — specifically for the purpose of keeping sensitive data safe — can be breached; how easy it is to transfer sensitive data to portable devices and walk out with it; how irresponsibly and carelessly sensitive data is being safeguarded.  It is not inaccurate to say that personal information, held in a database, is not, under any circumstance, secure no matter what the holder of that data contends.  And there is not a security system built that cannot be breached as has been more than adequately demonstrated time and again.

 

People are often told that their information, held in databases, is confidential.  Confidential does not mean secure; nor does it mean anonymous; nor does it mean that the information cannot be used by the agency holding the information in a manner the individual might find inappropriate.  In the case of the VA loss of data, the Department of Defense supplied the Veterans Administration with the addresses of former military personnel (veterans) who might be affected.  Subsequently, an e-mail was sent out to some veterans by the Department of Defense; the e-mail addresses were obtained, at least in part, from a database of “log on” e-mail addresses captured when retired military personnel sought access to benefit information on the DOD website.  In both instances, the use of personal information for other than intended use was done without the consent of those affected which makes it very clear that personal information in the hands of any government agency is not confidential irrespective.

 

With more and more records and personal information being data based, the likelihood of that data falling into the wrong hands greatly increases.  Identity theft is one of the fastest growing types of crime in the United States today.  And there is no easier or faster way to get access to information amenable to identity theft then through breaching security measures employed to protect data.

 

When we talk about data basing information, what kind of information are we talking about?  Everything you can possibly imagine.  The National Center for Education Statistics (NCES), under the auspices of the U.S. Department of Education, has for some years now, published the Student Data Handbook for Early Childhood, Elementary, and Secondary Education.  While one might presume this publication to be rather limited in what it seeks, it isn’t.  It is very extensive in the data it seeks.

 

Who is data basing information?  Everyone.  Every government agency out there, companies, health care professionals, credit card companies, banks, lending institutions, you name it, they database it.  Following is just some of the instruments being used to gather and data base information:

 

o        RFID (radio frequency identification) chips

o        Microchip implants — both human and animal

o        Computers in automobiles

o        OnStar

o        On line purchases

o        Charge cards

o        Debit cards

o        Bank records

o        Loan papers

o        Credit records

o        Mortgage papers

o        Rental contracts

o        Driver’s license

o        Membership cards (grocery chain cards, club cards …)

o        Political party membership lists

o        Utility companies

o        Subscriptions

o        Insurance cards

o        Medical records — dental, health, auditory, mental, hospital, pharmacy

o        Do not call lists

o        Firearms registration

o        Court records

o        Tax records

o        Surveys

o        Polls

o        Cookies on computers

o        Spyware on computers

o        IRS forms

o        Military records

o        Veteran records

o        Welfare records

o        Unemployment records

o        Disability records

o        Census forms

 

— just to name some.

 

Can all this information be compiled in one place?  All that is needed to compile all information on any given individual is the ability to interface computer systems, requiring interface technology.  For example, the data the NCES seeks comes from companies such as Pearson Assessments (formerly National Computer Systems) who scores state assessments and is provided personally identifiable information on students by school districts.  NCES is a government agency.  Pearson Assessments is a privately held company.  The transfer of data is via computer interface technology.  At the same time, the data acquired by NCES is housed by such as Boeing Computers — owned by Boeing, a private company, and the National Institutes of Health — another government agency, both with whom NCES has computer interface capability. 

 

All that is necessary to make that information accessible to any other entity is the capability to interface computers such that the receiving computer can correctly identify and assimilate the data being transferred. 

 

Another example, reported recently by main stream media, concerns access to the telephone records of AT&T, Bellsouth and Verizon by the National Security Agency (NSA).  Such was accomplished through computer interface technology.  On June 23, 2006, the New York Times reported that the U.S. Treasury department has been secretly trawling through the bank records of American citizens just as they have been trawling through the phone records.

 

Is your data, held by a private enterprise secure from the prying eyes of government?  No.  The access to data allowed by AT&T, Bellsouth and Verizon and banking institutions violates the Foreign Intelligence Surveillance Act (FISA) of 1978.  Did that stop it from happening?  Obviously not.  Today it is phone records and bank records under the guise of the fighting terrorism; what will be the excuse tomorrow?

 

As pointed out by Jonathan Schell in his article “The Hidden State Steps Forward”,

 

But if he [the Commander in Chief] can suspend FISA at his whim and in secret, then what law can he not suspend? What need is there, for example, to pass or not pass the Patriot Act if any or all of its provisions can be secretly exceeded by the President?

 

Is your data, held by a private enterprise secure from the prying eyes of government?  Absolutely not when there is no accountability for government officials, elected or otherwise, who violate the law.  And there has been no move to hold President George Bush accountable for violating the law and the privacy of millions of American citizens.

 

Why does the government want all this information?  Systems governance is dependent on data.  The gathering and analyzing of data is essential to keeping systems in balance — assessing whether goals on the road to the “created future” are being achieved and what needs to be done if they are not.  In his book, A Strategy for the Future; the systems approach to world order (copyrighted in 1974), Ervin Laszlo predicted that by the mid-1980’s computers would be sophisticated enough to be able to perform this function in the interests of keeping systems in balance, measuring progress toward futuristic man-made goals, and leveraging systems that were not performing accordingly.  Laszlo was a little off in his time line, the level of sophistication sought being reached in the mid- to late-1990’s.

 

One of the most important aspects of the gathering and data basing of information is that it be personally identifiable.  Now, with illegal aliens becoming an issue that has people across the United States up in arms, the National ID is being pushed as a means of identifying illegal aliens.  To that end, the cause of implementing a National ID card is being taken up by people who should know better.  You cannot logically go from a need to identify illegal aliens to numbering every American citizen to identify illegal aliens.  The logic is simply not there.  This is the same flawed logic that says we should register all guns to keep guns out of the hands of criminals.

 

The gathering of data also has a side to it that people would do well to consider — one of the reasons the National ID card is being sought is so people who tend to throw cogs in the wheel of systems governance (resistors, dissidents) can be identified and remediated (brainwashed, terminated, incarcerated) to the proper (acceptable) ideology.  Systems governance must, by its very nature, be totally inclusive — all really does mean all.  To this end, the National ID card is being pushed by elected officials and government bureaucracies. 

 

This is no different than the identification and extermination of Jews and dissidents in Hitler Germany!  How can we possible ignore a president who thumbs his nose at laws intended to protect the American people from a despot such as Hitler?

 

People ask, “What can we do?”  Systems governance demands data.  The absence of sufficient and reliable data will result in systemic failure.

 

  1. First and foremost, do not give out personal information indiscriminately. 
  2. Provide information on a “need to know” basis. 
  3. If the information is not needed to address the situation, don’t give it. 
  4. Make those requesting the information tell you why they need the information and for what purposes it will be used, now and in the future.
  5. Guard your information zealously and that of your children.
  6. Do not allow your children to participate in surveys, state assessments, and other non-objective assessment tools at school.

 

When anyone tells you that your information is “secure” in their hands, do not for one minute believe it.

 

© 2006 Lynn M Stuter – All Rights Reserved.